VERY IMPORTANT

Today RSA is reporting GlassRAT, a previously undetectable Remote Access Tool (RAT) which was discovered by the RSA Incident Response Team and investigated by RSA Research during an engagement with a multi-national enterprise. While the malware was not detectable by endpoint antivirus products, RSA Security Analytics was able to identify and alert on its network traffic, and RSA ECAT subsequently identified the malware. Evidence suggests that the tool is being used as part of a very targeted campaign, focused on Chinese nationals in commercial organizations. GlassRAT’s command and control structure has exhibited brief overlap with C2 that was identified in campaigns associated with malware originally reported in 2012 that targeted government and military organizations in the Pacific Region.