Operation Jacana
Description
(ESET) In February 2023, ESET researchers detected a spearphishing campaign targeting a governmental entity in Guyana. While we haven’t been able to link the campaign, which we named Operation Jacana, to any specific APT group, we believe with medium confidence that a China-aligned threat group is behind this incident.
In the attack, the operators used a previously undocumented C++ backdoor that can exfiltrate files, manipulate Windows registry keys, execute CMD commands, and more. We named the backdoor DinodasRAT based on the victim identifier it sends to its C&C: the string always begins with Din, which reminded us of the hobbit Dinodas from the Lord of the Rings.
Names
| Name | Name-Giver |
|---|---|
| Operation Jacana | ESET |
Country
Motivation
- Information theft and espionage
First Seen
2023
Observed Countries
Tools
Information
Other Information
Uuid
321affd1-6d46-4886-9edd-9d2fe9705ff0
Last Card Change
2023-10-13