A newly observed campaign tracked as StrikeShark is delivering the previously undocumented SharkLoader malware to deploy Cobalt Strike Beacon on compromised systems. The activity targets organizations across multiple countries and uses public exploit chains, malicious droppers, and DLL side-loading to gain access and maintain control. #StrikeShark #SharkLoader #CobaltStrikeBeacon #ProxyLogon #Openfire #GeoServer
Keypoints
- StrikeShark uses SharkLoader to deploy Cobalt Strike Beacon on victim hosts.
- The campaign has targeted diplomatic, government, and software development organizations across several countries.
- Initial access is gained by exploiting flaws in Exchange Server, Openfire, and GeoServer.
- Attackers use web shells, DLL side-loading, and fake installers to deliver the loader.
- Post-compromise activity includes Active Directory enumeration, credential theft, and open-source reconnaissance tools.
Read More: https://thehackernews.com/2026/06/new-sharkloader-malware-deploys-cobalt.html