What is RunningRAT?
RunningRAT (S0253) is a Remote Access Tool (RAT) identified in cyber operations targeting the 2018 PyeongChang Winter Olympics. This malware was used to gain remote access to systems, often alongside other malware like Gold Dragon and Brave Prince. Once installed, RunningRAT provides its operators with the ability to control the infected machine, exfiltrate data, and conduct espionage.
How to Defend Against RunningRAT?
Defending against RATs like RunningRAT requires a focus on preventing the initial infection and detecting its C2 communications.
- Be vigilant about phishing attempts, especially those themed around major global events.
- Keep all systems and software patched to limit the vulnerabilities that can be exploited for initial access.
- Deploy endpoint detection and antivirus solutions to identify and block the execution of known RATs and their associated behaviors.
- Use network detection (NDR) with integrated threat intelligence to spot and block C2 communications from targeted malware campaigns.
