VERY IMPORTANT

ASERT recently identified a campaign targeting commercial manufacturing in the US and potentially Europe in late 2017. The threat actors used phishing and downloader(s) to install a Remote Access Trojan (RAT) ASERT calls InnaputRAT on the target’s machine. The RAT contained a series of commands that includes machine profiling and the ability to exfiltrate documents from the victims’ machines. We believe this activity ties to a specific set of actors with defined campaign goals. We’ve also observed similarities in binaries dating back to 2016, a clear indication that these threat actors have operated for nearly two years.