November 14, 2024 at 01:33AM A newly patched Windows NT LAN Manager (NTLM) vulnerability (CVE-2024-43451) was exploited by a Russia-linked actor in attacks on Ukraine, enabling the theft of user hashes via infected documents. The attack involves phishing emails linking to malicious files, leading to potential financial theft within an hour of compromise. ### Meeting … Read more
August 21, 2024 at 12:36PM A new remote access trojan called MoonPeak is being used by a state-sponsored North Korean threat activity cluster in a new campaign. This variant of Xeno RAT malware is developed to access and set up new infrastructure to support the campaign, with constant evolution and obfuscation techniques to prevent analysis. … Read more
February 26, 2024 at 03:08PM UAC-0184 utilizes steganography to distribute the Remcos RAT via the IDAT Loader. The campaign initially targeted Ukrainian entities but shifted focus after encountering defenses. The goal was cyber espionage, with the RAT granting unauthorized system access, data theft, and remote control. This represents a trend of advanced defense evasion techniques … Read more
February 6, 2024 at 01:55PM A Chinese cyber-espionage group breached the Dutch Ministry of Defence, deploying malware on compromised devices. Despite backdooring the hacked systems, the breach’s impact was limited due to network segmentation. A remote access trojan named Coathanger was found, designed to infect Fortigate network security appliances. The attack was attributed to a … Read more