Middle East Governments Hit by Sneaky CR4T Backdoor Hackers

April 20, 2024
1 min read


TLDR:

Key Points:

  • Government entities in the Middle East targeted by CR4T backdoor campaign
  • Dropper extracts C2 server address using novel techniques to evade detection

In a recent discovery by Russian cybersecurity company Kaspersky, government entities in the Middle East have been targeted in a sophisticated campaign deploying a new backdoor known as CR4T. The campaign, codenamed DuneQuixote, employs evasion techniques to prevent detection, with a dropper extracting a hidden C2 server address using a novel method involving Spanish poem strings.

The CR4T backdoor, available in both C/C++ and Golang versions, allows attackers to execute commands, upload and download files, and establish persistent communication with the C2 server using unique tactics like COM object hijacking and the Telegram API. This indicates that threat actors behind DuneQuixote are continuously refining their tools and tradecraft to target entities in the Middle East.

The sophistication of the CR4T campaign highlights the need for advanced cybersecurity measures to protect against such stealthy and persistent threats, especially in critical government sectors.


Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and