Russian UAT-11795 Threat Actor Spreads Starland RAT via Fake Webex
Russian threat actor UAT-11795 spreads Starland RAT via fake Webex and Zoom installers. Prioritize patch management and anti-virus software to defend.

UAT-11795, a Russian-speaking threat actor, is spreading trojanized Zoom, Webex, and MobaXterm installers to deliver the Starland RAT and WLDR memory-only implant, according to a report by Cisco Talos.
Attack Vector and Vulnerability Mechanics
The campaign involves social engineering tactics to trick users into downloading malicious installers disguised as legitimate software. Once installed, the Starland RAT and WLDR implant provide the threat actor with remote access to the compromised systems, allowing for data theft and other malicious activities.
MITRE ATT&CK Techniques and Similar Incidents
This campaign employs MITRE ATT&CK techniques such as T1190 (Spearphishing Attachment) and T1204 (User Execution), which are commonly used by threat actors to gain initial access to target systems. Similar incidents include the GBHackers report on Lua-based loaders being used to deploy commodity malware.
Who Is Affected
According to the sources, users in the United States and Europe are being targeted, with a focus on financially motivated campaigns. The threat actor is using trojanized installers for popular software such as Zoom, Webex, and MobaXterm to reach a wider audience.
What the Sceptics Say
Some may argue that this campaign is not particularly sophisticated, as it relies on social engineering tactics and known vulnerabilities. However, the fact that the threat actor is able to successfully deploy malware and maintain access to compromised systems suggests that the campaign is still effective.
How to Defend
- Implement robust patch management to ensure that software is up-to-date and vulnerable to known exploits.
- Use anti-virus software to detect and prevent malware infections.
- Conduct regular security audits to identify and address potential vulnerabilities.
- Educate users on the dangers of social engineering tactics and the importance of verifying the authenticity of software installers.
Key Takeaways
- Security Teams: Prioritize patch management and anti-virus software to prevent malware infections.
- CISOs: Conduct regular security audits to identify and address potential vulnerabilities.
- Developers: Ensure that software is securely developed and tested to prevent vulnerabilities.
- End Users: Be cautious when downloading software and verify the authenticity of installers to prevent malware infections.
Related Security Coverage
Sources
- Security Affairs: New Russian Campaign Uses Fake Webex and Zoom Installers to Deploy Starland RAT
- GBHackers: Hackers Hide Lua Loaders in Fake TTF Files to Deploy Remcos, XWorm, and Agent Tesla
- Cisco Talos: UAT-11795 deploys novel Starland RAT and bespoke WLDR C2 implant in financially motivated campaign
This article is published by AnalyticsGlobe for informational purposes only. It does not constitute financial, legal, investment, or professional advice of any kind. Always conduct your own research and consult qualified professionals before making any decisions.
Ananya Rao
Published under the research and editorial standards of AnalyticsGlobe. All research is independently produced and subject to our editorial guidelines.