VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

EtherRAT: GitHub Fronts and Blockchain C2 — Threat to Administrators

EtherRAT: GitHub‑витрины и блокчейн‑C2, угроза для администраторов

Colleagues, please note: Atos TRC has observed an EtherRAT campaign distributing MSI installers via SEO and GitHub storefronts, masquerading as administrative utilities.

Mechanics: SEO → clean README façade → hidden repository hosting MSI.
C2: address is stored in an Ethereum contract; the RAT retrieves it via public ETH RPC.
Target: privileged administrators/DevOps — exposing "keys to the infrastructure".

Mitigation: block public ETH RPC endpoints, centralize distribution of administrative tools, audit logs and hunt for suspicious behavior (node.exe, conhost --headless, frequent beacons).

Why it matters: enables prolonged covert access to critical infrastructure.

How do you verify the provenance of admin tools in your organization?
#cybersecurity #ThreatIntel #EtherRAT #DevOps

Latest comments

No comments yet.