Nuclear, energy, defense, and financial institutions have been hit by Rising Sun, clandestine backdoor malware that was created to slither into a vulnerable system and drain off sensitive and confidential information. The infection was first discovered in October of 2018, but it is impossible to say if it could be stopped. The good news is that with more information emerging about this malware, companies have better chances of protecting their systems against it. Unfortunately, it is hard to say how the malicious code of this threat could be updated, and even what form the threat could show up in next. It is believed that the backdoor was created using the malware code of Trojan.Duuzer, which was active in 2015. All in all, it is important to delete Rising Sun in whichever form it appears in, and it is also important to secure the operating system. If the right security steps are not taken, another backdoor could be employed for cyber criminals to exploit in no time.
It is all about emails when it comes to the distribution of Rising Sun. The infection can be executed successfully only if the victim is tricked into opening a spam email message and clicking the document attachment file, which is the first step in the attack. According to malware experts, a false job recruitment campaign is used to trick people into interacting with the malicious email and the file attachment. This is why talking about safety when handling emails is important. Depending on the position of the employee, they might be dealing with internal emails only or emails coming from the outside. In the first case, receiving a suspicious message from an unknown sender should be strange already. Of course, those dealing with heavy loads of emails could be in the habit of opening just about anything that comes their way, but that does not mean that they can be careless. All emails and all attachments must be assessed carefully and seriously.
If the victim opens the file attachment delivered using the Operation Sharpshooter campaign carelessly, they are faced with the request to enable macros. When such a request shows up, the person receiving the message MUST be on high alert. If there’s ever any suspicion that the email could be malicious, discussing that with the security team should be the protocol. Unfortunately, if the target enables macros, Rising Sun is downloaded silently. A bogus document file might be dropped to the “Strategic Planning” folder in the %LOCALAPPDATA% directory to confuse the target. If the malicious backdoor is not removed right away, the threat can record, encrypt, and transfer data. When Rising Sun records data – which might span from user name to native system information – it encrypts and encodes it (using RC4 encryptor and Base64) before transferring it. The threat can create, terminate, read, and delete processes and files, which makes it quite powerful and unpredictable, and that makes it even more important to remove it as soon as possible.
Rising Sun is extremely malicious, and if it invades the operating system, it can cause permanent damage. It can leak highly sensitive information and put attacked companies at risk. Prevention is key in such a situation, and it is most important to prevent the malicious threat from being executed in the first place. Since it is spread using spam emails, it is most important to stay away from corrupted messages with malicious attachments sent via them. It should not be hard to unveil misleading emails because they should not make much sense. To ensure that less experienced employees do not unleash Rising Sun by accident, it is important to educate them about virtual security in general. It is also important to emphasize that operating systems must be secured with active antivirus tools and that all security updates must be installed quickly. Finally, security loopholes that could be exploited by cyber attackers must be discussed, so that everyone in the company – regardless of their position – would not be fooled.