BlackToad Uses Remcos RAT and Network Blackout in Phishing Attack

RECENT cybersecurity investigations have uncovered a dangerous phishing campaign using Remcos RAT (Remote Access Trojan) targeting corporate networks. The attackers initiate contact via urgent emails, tricking users into downloading compressed archives disguised as business documents. These files employ deceptive file extensions to mislead victims and utilize a unique 'network blackout' technique to disrupt internet connectivity during payload execution, thus evading detection.

Researchers attribute the operations to a group named BlackToad, linked to West African financial crime syndicates. This campaign features robust infrastructure redundancy for command and control, complicating countermeasures. Organizations are advised to implement stringent monitoring and application controls to mitigate these advanced threats.