A series of cyberattacks on a telecom company in the Middle East has signaled the return of the OilRig APT. The attacks also revealed a revised backdoor tool in the group s arsenal, called RDAT. Palo Alto Networks’ Unit 42 says RDAT uses a unique command-and-control (C2) channel, using steganography to hide commands and data within bitmap images attached to emails. RDAT first debuted as a proprietary tool in 2017 and has gone through several updates since then, researchers say.
Source: https://threatpost.com/oilrig-apt-unique-backdoor/157646/