What makes this cyber caper even more interesting is that the hackers are relying on a remote access trojan (RAT) to grab info and pull off commands on the compromised devices. The payload has its own bag of tricks, including a UAC bypass and encrypted communication with a C2 server, giving the cyber crooks the green light for some privileged commands.
The document being passed around isn’t innocent either—it’s apparently an article in Russian, chatting about “Western assessments of the progress of the Special Military Operation.” A clever disguise for their not-so-friendly activities.
