A group of hackers has been caught running a large-scale cyber spying operation, now called REF7707. The attack was first noticed in November 2024 when strange activity was detected in the Foreign Ministry of a South American country. As experts looked deeper, they found that the same hackers had also targeted several other organizations in Southeast Asia.
The attackers used advanced hacking tools to break into computer systems, steal information, and stay hidden for a long time. However, even though they were highly skilled, they made serious mistakes that exposed their operation.
The Malicious Software Used in the Attack
The hackers used three main types of malware (harmful programs) to infect computers and control them remotely:
FINALDRAFT: A Hidden Control System
One of the key tools in this attack was FINALDRAFT, a type of software that allowed hackers to secretly take control of a computer. Once installed, they could:
- Run commands: Hackers could make the infected computer perform actions, like downloading more malware or collecting sensitive files.
- Hide in normal programs: They inserted their malicious code into everyday programs like MS Paint, making it harder for security software to detect.
- This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents