Most infections that malware experts deal with on a daily basis are infections targeted at the general public, and they can affect users regardless of their location or job title. However, infections that have specific targets do exist as well, and Rising Sun backdoor is one of those threats. Malware researchers inform that this infection was specifically designed to attack defense, energy, financial, and nuclear companies. Most victims of this malware were found in the United States; however, it has impacted organizations in South America, Europe, Africa, Asia, and Australia too. The threat functions as a surveillance tool, and its primary task is to collect information and then transfer it to remote servers. Of course, it can do more than just that, and so companies all around the world need to take security measures to keep this malware away. Without a doubt, if it has invaded, it is important to remove Rising Sun first.
Just like any infection, Rising Sun has to find its way into the targeted operating system, and it appears to do that using spam emails. According to malware experts who first discovered this threat, it is distributed using a campaign known by the name “Operation Sharpshooter.” The campaigns’ modus operandi is to trick targets into believing that they are facing a job recruitment opportunity. That means that the email’s subject line and message are likely to have something to do with a job offer or something similar to that. Once the target clicks the file attachment – which should look like a .DOC file – they are asked to enable macros, and that is a red flag that should not be overlooked. If macros is enabled, a fake document file is created in the %LOCALAPPDATA%\Strategic Planning folder. At the same time, Rising Sun is downloaded without any warning. If up-to-date and reliable security software is not installed to stop and remove malware before it is executed, Rising Sun begins its malicious processes immediately.
It appears that the attack of Rising Sun is a two-part affair. First and foremost, this infection is set up to gather data from the infected operating system. The threat can record the computer’s and user’s names, IP address, OS product name, as well as gather information regarding network adapter and native system. Once data is recorded, it must be transmitted to a remote server where attackers can analyze it. The data is encrypted using the RC4 algorithm and then encoded with Base64. Using the gathered data, the attackers can blackmail companies, leak highly sensitive information, and even expose serious security issues that other cyber criminals could exploit for their own gain. Furthermore, the attackers could drop other malicious programs – such as keyloggers and Trojans – to gather more information or perform other actions. At the end of the day, Rising Sun is pretty powerful, considering that it can execute commands, launch and terminate processes, read files, clear the memory, as well as create and delete files.
Considering that Rising Sun was mainly spreading at the end of 2018, it is possible that this threat will no longer be able to penetrate the security defenses of big companies across the globe. Unfortunately, this malware could easily be adapted to attack less prominent companies and businesses, which is why it is important to remember this infection and secure operating systems and networks against it. It is notable that the code of Rising Sun is very similar to the code used by Duuzer Trojan, another malicious backdoor infection that was rampant back in 2015. That means that we might face a new coming of the infection in a new form. Due to this, it is crucial to secure operating system and be prepared to face anything and everything.
Needless to say, opening spam emails is incredibly risky, and Rising Sun proves that. Therefore, companies need to educate their employees about email security, and security teams need to stay on top of all updates, security patches, and vulnerabilities. While acting cautiously can be very beneficial when it comes to cyber security, it is most important that all systems are protected using anti-malware software, firewalls, and network monitoring tools that could warn about cyber attacks early on. Ultimately, only protected systems run by knowledgeable and cautious users can evade successful malware attacks.
0 Comments.