A new remote access trojan (RAT) dubbed ‘Pupy’ has been identified by researchers from Infoblox’s Threat Intelligence Group and is estimated to have been operating secretly for more than a year. This malicious software has been found in corporate networks across the world and is believed to have come from Russia.
The Decoy Dog toolkit that is used by Pupy has been communicating with a Russian IP and it appears this RAT is targeting organizations across many sectors, such as technology, healthcare, energy, financial, and more. The researchers comment that this is not your typical consumer device threat and it is easy to go undetected due to the small amount of data queries that the malware typically utilizes.
Infoblox suggests that organizations can protect themselves by blocking the relevant C2 domains, while further investigations are underway. Moreover, they believe the malware is state-sponsored and have some indications that this is indeed the case.
Infoblox is a worldwide leader in DNS, DHCP and IPAM solutions, as well as a recognised technical authority in the areas of security, IT and network management. The organisation has been able to uncover this cyberattack by utilizing the decades of experience and knowledge it has acquired over the years.
Leading the research from Infoblox is Ashley Stephenson, the CEO of Infoblox. He has made strides in both cybersecurity and DNS and his team of researchers have been able to uncover this sophisticated cyberattack.
