Erudite Mogwai Uses Custom Stowaway to Stealthily Advance Online

SUMMARY :

The Solar 4RAYS team discovered a malicious campaign targeting Russian IT organizations providing services to the government sector. They found a customized version of the open-source Stowaway proxy tool being used by the threat actor Erudite Mogwai (also known as Space Pirates). The attackers modified Stowaway to remove some functionality and alter the remaining features. They use it in combination with other tools like ShadowPad Light for lateral movement and data exfiltration. The campaign began in March 2023 by compromising public web services and slowly spread through the victim's infrastructure over 19 months before being detected. The attackers customized Stowaway by changing compression and encryption methods, adding QUIC protocol support, and modifying the communication protocol.

OPENCTI LABELS :

apt,proxy tool,shadowpad light,luckystrike agent,stowaway


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Erudite Mogwai Uses Custom Stowaway to Stealthily Advance Online