Havex RAT
Havex is a Remote Access Trojan (RAT) used by the Russian Advanced Persistent Threat (APT) group known as Energetic Bear or Dragonfly. The malware was first spotted in 2013, but it has undergone several significant updates since then. Surprisingly, the Havex RAT continues to be a part of the group's arsenal despite its old age. The goal of the Havex RAT is to grant the attackers control over an infected network and enable them to plant additional malware, spy on operations, manage configuration or collect data.
The truly special thing about the Havex RAT is that it has been tailored to work on Industrial Control Systems (ICS) – other high-profile malware compatible with ICS are Stuxnet and BlackEnergy. The Havex RAT has been used in attacks against high-profile targets operating in the defense, aviation, energy, and pharmaceutical sectors of Europe and the United States. The malware is often delivered via spear-phishing emails and exploit kits, but some campaigns relied on the so-called 'watering-hole' attacks. The latter attacks were executed by compromising websites that the victim is known to rely on – by doing so, the Energetic Bear hackers would be able to disguise the Havex RAT payload as a legitimate download.
The industrial espionage campaign involving the Havex RAT has enabled the operators of the malware to gain access to information and documents. The Energetic Bear group continues to be one of the most popular hacking organizations to operate from Russia and their attacks are a nuisance to this very day.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.