Tag: meshagent

A sophisticated phishing campaign targeting Indian organizations has been uncovered, utilizing spear-phishing techniques reminiscent of Operation Sindoor. The campaign employs a Linux-focused infection method using weaponized .desktop files, a tactic previously associated with APT36. When executed,…

In early November 2024, a threat actor gained initial access to a network via brute-forcing a public-facing RD-Web instance. Using PsExec, they executed batch files across multiple machines to enable RDP connections and install a malicious MeshAgent. The actor renamed the MeshAgent to mimic a virtu…

A new campaign by the Awaken Likho APT group targeting Russian government agencies and industrial enterprises was discovered in June 2024. The group has significantly changed its attack methods, now preferring the MeshCentral platform agent instead of UltraVNC for remote access. The implant is deli…

This report examines an advanced cyber-attack targeting an Israeli enterprise, where a sophisticated threat actor compromised a Check Point firewall by deploying a malicious ELF implant known as MeshAgent. The implant, disguised as a legitimate process, enabled encrypted communication with the atta…