"The use of the Rust programming language represents a notable evolution in SloppyLemming's tooling, as prior reporting documented the actor using only traditional compiled languages and borrowed adversary simulation frameworks such as Cobalt Strike, Havoc, and the custom NekroWire RAT."
"The PDF decoys contain URLs designed to lead victims to ClickOnce application manifests, which then deploy a legitimate Microsoft .NET runtime executable ("NGenTask.exe") and a malicious loader ("mscorsvc.dll"). The loader is launched using DLL side-loading to decrypt and execute a custom x64 shellcode implant codenamed BurrowShell."
"SloppyLemming is the moniker assigned to a threat actor that's known to target government, law enforcement, energy, telecommunications, and technology entities in Pakistan, Sri Lanka, Bangladesh, and China since at least 2022. It's also tracked under the names Outrider Tiger and Fishing Elephant."
SloppyLemming, also known as Outrider Tiger and Fishing Elephant, executed targeted attacks against government entities and critical infrastructure in Pakistan and Bangladesh from January 2025 to January 2026. The campaign employed two distinct attack chains delivering BurrowShell malware and a Rust-based keylogger, marking an evolution in the threat actor's tooling capabilities. Spear-phishing emails containing PDF lures and macro-enabled Excel documents initiated infections. The attack chain leveraged ClickOnce application manifests to deploy legitimate Microsoft .NET runtime executables alongside malicious loaders, using DLL side-loading to execute custom shellcode. BurrowShell functions as a full-featured backdoor providing file system manipulation and screenshot capture capabilities. This represents the actor's first documented use of Rust programming language, departing from traditional compiled languages and borrowed frameworks like Cobalt Strike and Havoc.
#sloppylemming #burrowshell-malware #spear-phishing-attacks #pakistan-bangladesh-threats #rust-based-keylogger
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]