Europol Shuts Down 'Imminent Monitor' RAT Operations With 13 Arrests


Europol Shuts Down 'Imminent Monitor' RAT Operations With 13 Arrests (Nov 29, 2019)

Europol have announced that the cybercrime network and its operations involving the Imminent Monitor Remote Access Trojan (IM-RAT) have ceased. The IM-RAT was demonstrated as being a remote administration framework that allowed threat actors to take remote control of a user's system. IM-RAT was capable of disabling anti-virus/anti-malware software, download/execute files, record keystrokes, spy through webcams, steal data and passwords from browsers, and terminate running processes, amongst others. The operation carried by international law enforcement agencies enabled them to seize the framework of the RAT which resulted in it becoming inoperative to its 14,000+ users around the world. Europol were also able to make arrests on high-level customers of IM-RAT and its developers from Australia, Colombia, Czech Republic, Holland, Poland, Spain, Sweden and the United Kingdom.

Recommendation: Whilst IM-RAT has been taken down by law enforcement, there are still many RATs active In The Wild (ITW) exploiting users, therefore, it is important that necessary precautions are taken.It is important for organisations and the public to be constantly aware of new techniques being used since threat actors are adapting their campaigns to the ever-changing security environment. Education is the best defence, teach your employees what a phishing and spearphishing email may look like, and whom to report it to should such an email be identified.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.