A report by Proofpoint identifies the new Trojan as undocumented and possessing information-stealing capabilities.
The operation appears to gather intelligence from satellite, defense, and pharmaceutical industries.
Attackers can abuse YAML configuration files to execute malicious commands in Windows hosts.
Microsoft flagged the now-patched vulnerabilities as important, and they serve as a reminder to implement proper XSS defenses.
The DB#JAMMER group also deploys a Cobalt Strike command-and-control agent.
The fast response to mitigation attempts shows a high level of sophistication to extend what is likely a cyberespionage campaign.
Researchers have chained two medium severity vulnerabilities to execute "world ending" remote code execution, and a real-world exploit has been found.
The internet backbone structure was among the targets of the campaign enabled by the new remote access trojans.
Sponsored Links