Rainbow Hyena strikes again: new backdoor and shift in tactics
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A new phishing campaign targeting healthcare and IT organizations in Russia has been attributed to the Rainbow Hyena cluster. The attackers used compromised email addresses to distribute malicious attachments, including polyglot files and LNK files mimicking legitimate documents. A new custom-built backdoor called PhantomRemote was identified, capable of system information gathering and command execution. The campaign demonstrates a shift in tactics, with threat actors abandoning traditional malicious documents in favor of alternative formats. The sophistication of the tools and techniques suggests a move towards more conventional illicit activities such as espionage and financial gain.
OPENCTI LABELS :
backdoor,phishing,lnk files,phantomremote,rainbow hyena
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Rainbow Hyena strikes again: new backdoor and shift in tactics