Horns and Hooves Campaign Targets Businesses with Advanced RAT Malware

The Horns and Hooves campaign, active since March 2023, has targeted over 1,000 victims with phishing emails containing JavaScript payloads that deploy sophisticated RAT malware like NetSupport RAT and BurnsRAT. This attack primarily targets private users, retailers, and service businesses in Russia, leveraging remote access tools for data theft, ransomware, and malware deployment.

  • Horns&Hooves Campaign: A sophisticated malware campaign targeting users, retailers, and service businesses, primarily in Russia.
  • Delivery Methods: Utilizes phishing emails with ZIP attachments containing malicious JavaScript scripts disguised as business requests or bids.
  • RAT Deployment: Delivers NetSupport RAT and BurnsRAT to establish remote control over infected devices.
  • Stealer Malware: Leverages trojans to install data stealers like Rhadamanthys and Meduza.
  • Evolving Techniques: Campaign evolves rapidly, incorporating HTA files, NSIS installers, and embedded RATs in JavaScript.
  • Threat Actor Identified: Attributed to TA569 (aka Gold Prelude), known for distributing SocGholish and enabling ransomware attacks.
  • Potential Impact: Victims face risks ranging from data theft to ransomware attacks, leading to significant financial and reputational damage.
  • Remote Manipulator System (RMS): Enables full remote control over infected systems, heightening security risks.
  • Ransomware Connection: Linked to follow-on ransomware like WastedLocker, amplifying threat severity.
  • Proactive Defense Needed: Highlights the importance of robust email filtering, user awareness, and endpoint security.

The Horns and Hooves campaign exemplifies the evolving sophistication of phishing attacks targeting businesses and individuals. By exploiting JavaScript payloads and advanced malware like NetSupport RAT, attackers gain unauthorized access to sensitive systems, posing significant financial and operational risks. Organizations must prioritize email security, user education, and robust endpoint protection to mitigate these advanced threats.

Net Protector Cyber Security recommends using proactive defenses, including advanced anti-malware tools and network monitoring solutions, to safeguard against such targeted campaigns.