Sophisticated Tuoni C2 Attack on U.S. Real Estate Firm Thwarted

Nov. 19, 2025, 9:48 a.m.

Description

In October 2025, a major U.S. real estate company was targeted by a highly advanced cyberattack using the emerging Tuoni C2 framework. The attack, which showed signs of AI assistance in code generation, was neutralized by Morphisec's Automated Moving Target Defense (AMTD) technology. The campaign likely began with social engineering via Microsoft Teams impersonation, followed by a malicious PowerShell script. The attack chain involved steganography to hide payloads in images and in-memory execution techniques to evade detection. The Tuoni C2 framework, a sophisticated command-and-control tool, was used as the core implant. Morphisec's prevention-first approach successfully blocked the attack before execution, highlighting the effectiveness of AMTD against unknown threats without relying on signatures or behavioral heuristics.

External References

https://www.morphisec.com/blog/morphisec-thwarts-sophisticated-tuoni-c2-attack-on-us-real-estate-firm/
https://otx.alienvault.com/pulse/691d85353673c34fb2746158
Tags
powershell
steganography
in-memory execution
ai-assisted
real estate
2025-11-19
tuoni c2
prevention
amtd
tuoni

Date

  • Created: Nov. 19, 2025, 8:52 a.m.
  • Published: Nov. 19, 2025, 8:52 a.m.
  • Modified: Nov. 19, 2025, 9:48 a.m.

Indicators

  • http://kupaoquan.com/files/update-web-kupaoquan.com.ps1.
  • http://kupaoquan.com
  • udefined30.domainofhonour40.xyz
  • kupaoquan.com
Download all indicators here!

Attack Patterns

  • Tuoni

Additional Informations

  • Real Estate
  • United States of America