CastleRAT

Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor. Researchers at cyber-deception threat intelligence firm MalBeacon observed the hackers’ actions in an emulated organization environment over a period of 12 days. Velvet Tempest, also tracked as DEV-0504, is a […]