Babylon RAT Unleashed: Malaysian Politicians Under Cyber Siege - #Babylon
Cyble Research and Intelligence Lab (CRIL) has uncovered a sophisticated cyber-attack campaign that has been targeting Malaysian political figures and government officials since July 2023 using malicious ISO files to deploy the Babylon Remote Access Trojan (RAT). This campaign involves three distinct ISO files containing a shortcut (LNK) file, a hidden PowerShell script, a malicious executable, and a decoy PDF file to deliver the RAT. The Babylon RAT allows attackers to execute commands remotely, control systems, and exfiltrate sensitive data, ensuring persistence through registry modifications. The campaign has used various lure documents related to political concerns in Malaysia and the Majlis Amanah Rakyat (MARA). CRIL suggests implementing advanced email filtering, updating endpoint security solutions, continuous network monitoring, and security awareness training to mitigate such attacks. Recommendations also include keeping systems updated with security patches.