This will introduce you it
Poison Ivy is also the name of a notorious Remote Access Trojan (RAT) first identified in 2005. [1, 2]
- Targeting Human Rights: The malware has been a popular tool in targeted cyberespionage campaigns—such as the “Nitro” attacks—aimed at spying on human rights groups, international non-profits, and pro-democracy organisations. It facilitates unauthorised remote operations such as keylogging, password theft, and screen capture.
- Defence: Organisations can consult Huntress guidelines to understand how to detect and neutralise these types of targeted threats. [1, 2, 3, 4]
Technical Mitigation
If you are analysing a system for this threat, standard cybersecurity protocols include:
- Network Monitoring: Look for anomalous outbound traffic connecting to unrecognised Command and Control (C2) servers.
- Endpoint Detection: Deploy Endpoint Detection and Response (EDR) tools to flag unauthorised registry modifications or memory injections.
- Patching: Ensure all operating systems and office software are updated to close the historical exploits the Trojan relies on. [1]
lillianisley.com 
Leave a comment