BalkanDoor and BalkanRAT are a long-term campaign operated by financially motivated threat actors. The malware cocktail is dropped on the victims’ computers via malspam emails linking to malicious files. The campaign has been active since at least 2016 based on internal telemetry data, says ESET. The attackers have the choice of controlling multiple compromised computers at once using INI files containing the list of machines supposed to run a specific set of commands. The hackers behind this campaign have been observed while attacking entities from Croatia, Serbia, Montenegro, and Bosnia and Herzegovina.
Source: https://www.bleepingcomputer.com/news/security/attackers-use-backdoor-and-rat-cocktail-to-target-the-balkans/