Cowboys

The threat actor group known as "Cowboys" has emerged as a significant cybersecurity concern. Identified as the individuals behind the malicious software, KimJongRAT and PCRat, Cowboys have been implicated in a series of cyber attacks. Their modus operandi involves using these malware as encoded secondary payloads in BabyShark attacks. In our comprehensive analysis, we discovered that the Cowboys were exploiting the KimJongRAT and PCRat in BabyShark attacks. This sophisticated approach allows them to deliver their payload while remaining undetected, further complicating cybersecurity efforts. The use of this dual-layer attack strategy highlights the increasing complexity and sophistication of the threats posed by this group. The impact of the Cowboys' activities extends beyond individual targets, posing a risk to large-scale infrastructures such as city systems. For instance, they have demonstrated their disruptive potential through their reckless actions in London, an important global city. It is clear that the Cowboys’ unregulated actions present a significant threat that requires immediate attention and robust countermeasures from cybersecurity professionals.