Accenture Cybersecurity revealed that the extortion group World Leaks has deployed a novel Rust-based malware called RustyRocket that provides stealthy persistence, encrypted multi-layer exfiltration tunnels, and proxying across Windows and Linux environments. The tool’s pre-encrypted runtime configuration and heavy obfuscation make detection difficult, and Accenture recommends monitoring anomalous outbound transfers and applying network segmentation to limit attacker movement. #RustyRocket #WorldLeaks
Keypoints
- Accenture uncovered RustyRocket, a Rust-written malware enabling stealthy persistence and data exfiltration.
- RustyRocket targets both Windows and Linux and uses heavily obfuscated, multi-layer encrypted tunnels to blend with legitimate traffic.
- The malware requires a pre-encrypted configuration at runtime, making it difficult to detect and monitor.
- World Leaks uses RustyRocket to maintain persistence, proxy networks, and harvest data for extortion, claiming victims such as Nike.
- Accenture advises monitoring anomalous outbound transfers, enforcing network segmentation, and conducting continuous threat exposure management and red teaming.
Read More: https://www.infosecurity-magazine.com/news/world-leaks-ransomware-rustyrocket/