Khrat

KHRAT, also known as DDKONG, PLAINTEE, and RANCOR, is a threat actor that has been conducting highly targeted cyberattacks in South East Asia. The cybersecurity industry began tracking this malicious entity throughout 2017 and 2018, with the focus of their research being on the KHRAT Trojan, a previously unknown malware family. This threat actor's actions have been consistent and persistent, suggesting a single group or individual is behind these attacks. In February 2018, there was a significant development when several domains associated with KHRAT began resolving to the IP address 89.46.222[.]97. This finding allowed for a more comprehensive understanding of the threat actor's infrastructure and operations, enabling cybersecurity professionals to better track and counteract its activities. This shift in IP resolution marked a critical point in the ongoing efforts to monitor and combat KHRAT's malicious activities. The continuous monitoring of KHRAT's command and control domains has played an essential role in building upon previous research into the KHRAT Trojan. By understanding the patterns and techniques of this threat actor, cybersecurity experts can develop more effective defense strategies. AutoFocus customers are advised to remain vigilant and keep track of this threat through the designated tags. Despite the complex and evolving nature of KHRAT's tactics, continued research and observation will be crucial in mitigating future attacks.