Tag: cobalt strike beacon

9 Attack Reports | 0 Vulnerabilities

Attack reports

Notepad++ supply chain attack breakdown

The article details a sophisticated supply chain attack on Notepad++ that occurred from July to October 2025. Attackers compromised the update infrastructure, deploying various malicious payloads through three distinct infection chains. The attack targeted individuals and organizations in Vietnam, …
supply-chain
cobalt strike
cobalt strike beacon
dll sideloading
shellcode
nsis
mgbot
metasploit
2026-02-03
notepad++
chrysalis backdoor
Published: February 3, 2026
Downloadable IOCs: 36

APT Attacks Target Indian Government Using GOGITTER, GITSHELLPAD, and GOSHELL | Part 1

A Pakistan-linked APT group conducted two campaigns targeting Indian government entities. The Gopher Strike campaign used PDFs with malicious links to deliver an ISO file containing GOGITTER, a Golang downloader that fetches payloads from private GitHub repositories. GITSHELLPAD, a Golang backdoor,…
apt
cobalt strike
pakistan
cobalt strike beacon
india
government
golang
github
2026-01-26
gitshellpad
gogitter
goshell
Published: January 26, 2026
Downloadable IOCs: 33

APT24 Pivot to Multi-Vector Attacks

APT24, a Chinese threat actor, has conducted a three-year cyber espionage campaign using BADAUDIO, a highly obfuscated first-stage downloader. The group has evolved from broad strategic web compromises to more sophisticated tactics, including supply chain attacks and targeted phishing. They comprom…
obfuscation
phishing
supply chain
cobalt strike
china
cobalt strike beacon
cyber espionage
2025-11-20
badaudio
strategic web compromise
Published: November 20, 2025
Downloadable IOCs: 0

Targeted attacks leverage accounts on popular online platforms as C2 servers

A sophisticated cyberattack campaign targeted the Russian IT industry and other entities globally in late 2024. The attackers used social media profiles and popular websites to deliver payload information, bypassing detection methods. They employed spear phishing emails with malicious RAR archives,…
cobalt strike
cobalt strike beacon
shellcode
targeted attacks
social media
c2 communication
spear phishing
dll hijacking
2025-07-30
api obfuscation
Published: July 30, 2025
Downloadable IOCs: 2

New Wave of SquidLoader Malware Targeting Financial Institutions

A sophisticated malware campaign is targeting financial services in Hong Kong with SquidLoader, a highly evasive malware that deploys Cobalt Strike Beacon for remote access. The malware exhibits advanced anti-analysis, anti-sandbox, and anti-debugging techniques, achieving near-zero detection rates…
cobalt strike
cobalt strike beacon
2025-07-21
squidloader
Published: July 21, 2025
Downloadable IOCs: 18

Malware Identified in Attacks Exploiting Ivanti Connect Secure Vulnerabilities

The article details malware and tactics used in attacks targeting Ivanti Connect Secure vulnerabilities from December 2024 to July 2025. It describes MDifyLoader, a loader based on libPeConv, which deploys Cobalt Strike Beacon through DLL side-loading. The attackers also utilized vshell, a multi-pl…
cobalt strike
cobalt strike beacon
fscan
vshell
ivanti connect secure
2025-07-18
mdifyloader
Published: July 18, 2025
Downloadable IOCs: 0

Recent Cases of Watering Hole Attacks, Part 1

This analysis focuses on a watering hole attack targeting a Japanese university research laboratory website in 2023. The attack used social engineering to trick users into downloading and executing malware disguised as an Adobe Flash Player update. The malware, identified as a modified Cobalt Strik…
social engineering
cobalt strike
cobalt strike beacon
anti-analysis
cloudflare workers
watering hole
japan
2024-12-20
tips.exe
malware injection
system32.dll
flashupdateinstall.exe
university
Published: December 20, 2024
Linked vulnerabilities : CVE-2022-1388
Downloadable IOCs: 10

Sharp Dragon Expands Towards Africa and The Caribbean

Check Point Research has observed a significant shift in the activities and lures of Sharp Dragon, a Chinese threat actor, now targeting governmental organizations in Africa and the Caribbean. This expansion aligns with Sharp Dragon's known tactics of compromising email accounts to spread weaponize…
espionage
cobalt strike beacon
government
cyber
2024-05-23
CVE-2023-0669
expansion
caribbean
targeting
africa
Published: May 23, 2024
Linked vulnerabilities : CVE-2023-0669
Downloadable IOCs: 38

Uncorking Old Wine: Zero-Day from 2017 + Loader in Unholy Alliance

An analysis uncovered a suspected malicious campaign targeting entities in Ukraine. The attack employed an old vulnerability from 2017, CVE-2017-8570, as the initial entry vector. The operation utilized a customized loader to deliver the Cobalt Strike Beacon payload. While the specific threat actor…
apt
cobalt strike
ukraine
malicious document
cobalt strike beacon
zero-day
CVE-2017-8570
Published: April 29, 2024
Downloadable IOCs: 6
Click here to see more Attack Reports