New XorDdos-Linked Linux RAT Krasue Targeting Telecom Firms

Cybersecurity company, Group-IB, has discovered a complex Linux Remote Access Trojan (RAT) called “Krasue”, which targets mainly telecommunication firms in Thailand by exploiting vulnerabilities and using deceptive downloads. The RAT uses its rootkit capabilities to persist, ensure stealthy access and evade detection. This sophisticated malware employs an unusual tactic of using Real Time Streaming Protocol for communication with its C2 server. Group-IB, after identifying Krasue, alerted their Threat Intelligence customers and the Thai authorities.