Published on 09/08/2016

GovRAT 2.0 Attacking US Military and Government

In November 2015, InfoArmor identified the GovRAT malware that possessed advanced cyberespionage functionalities and documented these findings in the GovRAT Intelligence Report. Research indicated that GovRAT and the bad actors involved were targeting government and military assets. InfoArmor alerted the identified agencies and targets in order to prevent data exfiltration and to collect actual and current IOCs.

In mid-May 2016, the primary actor changed his nickname to “popopret” after being profiled by InfoArmor. During this time, his activities were combined with targeted attacks on US government resources, along with active data exfiltration from hacked Web resources with a sizeable number of federal employee contacts.

Based on operatively-sourced information and data breach intelligence, the threat actor is working with a highly sophisticated group of cybercriminals that are selling stolen and fake digital certificates for mobile and PC-based malware code-signing, used to bypass modern AV solutions for other possible APT campaigns.

Click here to download the Intelligence Report – GovRAT 2.0 Attacking US Military and Government.

At InfoArmor, we believe everyone deserves the right to privacy, security, and above all else, peace of mind. This is why we’re proud to offer industry-leading solutions for employee identity protection and advanced threat intelligence. From enterprise to employee, InfoArmor redefines how organizations combat an ever-changing cyber threat landscape. If you’d like more information on how we can help your organization protect its most valuable assets, reach out. We’d love to hear from you.