New Adwind Campaign Targets US Petroleum Industry (Oct 1, 2019)
Threat actors utilizing the “Adwind” Remote Access Trojan (RAT) are targeting organizations in the US petroleum industry, according to Netskope researchers. Adwind was found in the wild being hosted on a serving domain for this campaign. The malware is capable of conducting process injection, stealing data, terminating security services (firewall, anti-virus), and achieving persistence by manipulating the registry. New capabilities observed in Adwind for this campaign is the obfuscation technique “wherein multiple embedded JAR archives are used before unpacking the actual payload.”
Recommendation: With malicious actors developing new obfuscation techniques to lower antivirus and signature detection rates of malware, always practice Defense in Depth (do not rely on single security mechanisms - security measures should be layered, redundant, and failsafe).
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.