Arbor Networks, the security division of NETSCOUT, warned multi-stage attack campaign targeting Asian Governments and NGOs.
According to Arbor’s Security Engineering & Response Team (ASERT)’s Threat Intelligence Report, this threat campaign involves a newly-discovered Remote Access Trojan (RAT) named “Trochilus.”
Believed to be driven by East Asian threat actors, Trochilus is part of a seven-piece malware cluster that offers threat actors a variety of capabilities, including espionage and the means to move laterally within target networks in order to achieve more strategic access, the report explained.
This is the first instance of the Trochilus RAT observed by ASERT on the global Internet. ASERT is unaware of any public reference to this malware being used in targeted threat campaigns.
In 2015, Arbor Networks and other research organizations discovered the PlugX and EvilGrab malware targeting government websites in Asia.
After delivering initial findings to the regional Computer Emergency Response Teams (CERTs), additional malware was subsequently discovered and removed from related sites.
The presence of new malware after the initial notification process from Arbor indicates an ongoing campaign and suggests persistent, resourceful actors are involved.