Summary: Kaspersky ICS CERT has identified a new malware campaign named “Operation SalmonSlalom” targeting industrial organizations in the Asia-Pacific region. The attackers utilize a sophisticated multi-stage payload delivery system that leverages legitimate Chinese cloud services to evade detection and compromise critical infrastructure. The campaign focuses on various industries, employing tactics such as phishing and DLL sideloading to execute the FatalRAT remote access trojan (RAT).
Affected: Industrial organizations in Asia-Pacific (e.g., manufacturing, healthcare, telecommunications)
Keypoints :
- The attack uses phishing messages containing disguised zip archives to initiate the infection chain.
- Malware employs legitimate services like Youdao Cloud Notes to obscure its activity and evade detection.
- Targeted countries include Taiwan, Malaysia, China, Japan, Thailand, South Korea, Singapore, the Philippines, Vietnam, and Hong Kong.
Views: 15
简体中文
Nederlands
Français
Bahasa Indonesia
日本語
Português