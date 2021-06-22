



DENVER, June 22, 2021 / PRNewswire / – Black Lotus Labs, the threat intelligence arm of Lumen Technologies (NYSE: LUMINOUS), today published a detailed reportabout a suspected Pakistani threat actor who executed a custom-developed framework to compromise multiple targets in South Asia, including an electricity company in India. The threat is notable for the measures it takes to avoid detection and the critical nature of the targets. Tweet this

In the report, Black Lotus Labs details how it detected a new Remote Access Trojan (RAT) it calls ReverseRat that was deployed in parallel with an open source RAT called Allakore to infect machines and ensure the persistence. Based on the team’s global telemetry and analysis, he determined that the actor was targeting southern government and energy organizations and Central Asia regions, and it has an operational infrastructure hosted in Pakistan. Threat Assessment The ReverseRat chain of infection is notable for the steps it takes to avoid detection and the critical nature of the targeted entities.

While the targets of this threatening actor have so far remained in the regions of South Asia and Central Asia, they have proven to be effective in accessing networks of interest.

Black Lotus Labs believes that as this player continues to develop its capabilities and refine its multi-stage infection processes, it could pose a real threat to organizations in and beyond these regions. Black Lotus Labs Response To combat this campaign, Black Lotus Labs redirected the actor’s infrastructure to Lumen’s global IP network and notified the organizations involved.

Black Lotus Labs continues to track this group of threats to detect and disrupt similar compromises, and it encourages other organizations to monitor and address this and similar campaigns in their environments.

Black Lotus Labs is committed to tracking opponent groups like this and documenting their craft to proactively help defenders. Recommendations

Given the nature of the critical areas targeted by the actor and the low detection rate, Black Lotus Labs advises security practitioners to learn the actor’s current tactics, tools, and procedures (TTPs) in order to better defend their organizations from potential attacks. For additional IOCs such as file hashes associated with this campaign, and for the larger business cluster of this threat actor, please visit the Black Lotus Labs Blog. Anyone interested in collaborating on similar research can contact Black Lotus Labs on Twitter.@BlackLotusLabs. About Lumen Technologies:

Lumen is guided by our belief that humanity is at its best when technology advances the way we live and work. With approximately 450,000 miles of fiber optic and serving customers in more than 60 countries, we offer the fastest and most secure platform for applications and data to help businesses, governments and communities to deliver incredible experiences.







