Track Common Adversary Tasks Performed Using Agent.btz

 




To know more about it, you can go through my detailed document by clicking here




Overview

Agent.BTZ or Autorun is a worm that generally spreads through USBs. Although, it was initially thought to be related with China but, it's still not clear if it is really related to China or Russia. This worm has attacked a US military base at Middle-East via an infected USB attached to a laptop linked with the United States Central Command which took nearly 14 months to clear from the military networks. 

Tactics

Whenever the operators of Agent.BTZ recognize their targets, such as, military networks, they quickly take action by gaining remote control and installing other malicious tools to steal important documents.

Characteristics

Some of its main characteristics are:
  • It is used to steal or exfiltrate sensitive information or documents.

  • It is deployed with the help of access methods like PowerStallion, PowerShell backdoor, etc. 

  • It can perform so many actions on a compromised computer, like, executing additional programs, stealing files, etc.

Prevention

In order to protect against this kind of cyberthreat you can follow the steps given below:
  • Security Training- Security awareness training of the employees is the most inevitable part to secure your network's environment from these type of cyberthreats which makes the employees vigilant so that, they won't compromise the network's security unintentionally.

  • Strict Access Control Procedures- It allows you to restrict the fallouts from the compromised credentials.

  • Secure Remote Access Solutions- Organizations must use either secure connections via Virtual Private Networks (VPNs) for remote access or tightly secured gateways to restrict the attack surface.

  • Zero-Trust Security Technologies- This approach allows granular over lateral movements, which is vital as many RAT attacks uses lateral movements to infect a system.








To know more about it, you can go through my detailed document by clicking here















Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Project Resourcing (Part 2)