Operation Covert Access: Weaponized LNK-Based Spear-Phishing Targeting Argentina’s Judicial Sector to Deploy a Covert RAT

Seqrite Labs reports a targeted spear-phishing campaign against Argentina’s judicial sector that uses realistic court-themed decoy PDFs delivered in ZIP archives containing a malicious LNK that launches a BAT/PowerShell loader to fetch a Rust-based modular RAT (msedge_proxy.exe). The RAT performs extensive anti-VM/anti-debug checks, collects system data, supports persistence (registry, scheduled tasks, WMI), file exfiltration, credential harvesting, dynamic C2 (IPv4/IPv6) with Base64-encoded commands, and can load ransomware/stealer modules; the report provides IOCs, technique mappings to MITRE ATT&CK, and recommended detections.