The Electronic Security Service (National CERT) has successfully investigated and thwarted a cyberattack attempt targeting Azerbaijan's state and banking sectors that utilized sophisticated steganography techniques. According to information provided by the Operative Information Center-OMM, technical analysis revealed that malicious components were concealed within files that appeared legitimate to bypass security protocols.
The service reported that attackers employed steganography to present malicious code as ordinary files. If a user opens these files, the "Remcos RAT" (Remote Access Trojan) is installed on the system, granting attackers full remote control over the infected computer. This pose a significant risk of data theft and unauthorized system manipulation. Technical Indicators of Compromise (IOCs) related to the detected threat have been integrated into the National CERT's misp.cert.az platform for broader protection.
The Electronic Security Service is the primary body in Azerbaijan responsible for coordinating the activities of information infrastructure subjects and responding to cyber threats. Steganography, the method used in this latest incident, is an advanced technique where data is hidden within other non-secret data, such as images or documents, to avoid detection by traditional antivirus software. National CERT recommends that organizations and institutions maintain active cooperation and engage in operative information exchange regarding suspicious activities and cyber incidents to strengthen the country's collective digital defense.
