Operation Covert Access: Weaponized LNK-Based Spear-Phishing Targeting Argentina's Judicial Sector to Deploy a Covert RAT
Essential information
- Published
- 20/01/2026 08:48
- Modified
- 20/01/2026 09:09
- Tags
- 2026-01-20 anti-analysis argentina judicial-sector lnk multi-stage rat remote access trojan rust spear-phishing
- Related entities
- 6 observables, 9 techniques (mitre), 1 malware, 2 others
Description
A sophisticated spear-phishing campaign targeting Argentina's judicial sector has been uncovered. The operation uses a multi-stage infection chain to deploy a stealthy Remote Access Trojan (RAT). Attackers exploit trust in court communications by using authentic-looking judicial decoy documents. The campaign employs a weaponized LNK file, a BAT-based loader script, and a covert Rust-based RAT to establish persistent access within judicial environments. The malware performs extensive anti-VM and anti-debug checks, collects system information, and establishes resilient C2 connections. It supports various malicious activities including persistence, file transfer, data harvesting, encryption, and privilege escalation. The campaign demonstrates high operational sophistication and aims to gain long-term access to sensitive legal and institutional data.