Iran Hacking Group Used Open Source Multi-platform PupyRAT to Attack Energy Sector Organization

From gbhackers.com

PupyRAT

PupyRAT is a cross-platform (Windows, Linux, OSX, Android) is a remote administration and post-exploitation tool.

It was written in python, acts as a backdoor, allows an attacker to create remote command shells, steal password credentials, log keystrokes, steal files, and to record webcams.

The tool is intended for using red-team purposes, but the Iranian hacking groups APT33 (Elfin, Magic Hound, HOLMIUM) and COBALT GYPSY (which overlaps with APT34/OilRig), made heavy use of the tool.

Read more…