The Intricate Babylon RAT Campaign Targets Malaysian Politicians, Government
Cyble Research and Intelligence Lab (CRIL) has uncovered a sophisticated cyber-attack campaign targeting Malaysian political figures and government officials using malicious ISO files. The campaign, active since July, employs at least three distinct ISO files containing a shortcut (LNK) file, a hidden PowerShell script, a malicious executable, and a decoy PDF file to deliver Babylon RAT as the final payload. Babylon RAT is an open-source Remote Access Trojan that allows threat actors to execute commands remotely, control the system, and exfiltrate sensitive data. The campaign has used various lure documents to target a broader audience, including those related to political concerns in Malaysia and the Majlis Amanah Rakyat (MARA). The attack begins with the execution of a PowerShell script that copies the malicious executable to the %appdata% directory and ensures its execution at system startup. The RAT maintains persistence on infected systems through registry modifications and includes a sophisticated control panel for managing compromised systems. The campaign also involves command-and-control servers for further instructions and data exfiltration. Recommendations for defense include implementing advanced email filtering, updating endpoint security solutions, continuous network monitoring, security awareness training, and keeping systems up to date with security patches. The article also lists MITRE ATT&CK techniques used in the campaign and provides indicators of compromise for detection. Malware: BabyLonRAT [View Article](https://buaq.net/go-260154.html)