Tag: multi-stage attack

5 Attack Reports | 0 Vulnerabilities

Attack reports

Malvertising campaign leads to info stealers hosted on GitHub

A large-scale malvertising campaign impacting nearly one million devices globally was detected in December 2024. The attack originated from illegal streaming websites with embedded malvertising redirectors, leading users through multiple redirections to malware hosted on GitHub and other platforms.…
malvertising
lumma stealer
github
lumma
netsupport rat
information stealer
multi-stage attack
doenerium
2025-03-06
living-off-the-land
Published: March 6, 2025
Downloadable IOCs: 3

Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking tools

Cisco Talos uncovered multiple cyber espionage campaigns attributed to the Lotus Blossom group, targeting government, manufacturing, telecommunications, and media sectors. The operations utilize various versions of the Sagerunex backdoor and other hacking tools. Lotus Blossom has been active since …
backdoor
apt
espionage
persistence
multi-stage attack
cloud services
vmprotect
2025-02-27
sagerunex
evora
Published: February 27, 2025
Downloadable IOCs: 68

Unauthorized RDP Connections For Cyberespionage Operations

Cyble Research and Intelligence Labs uncovered an ongoing cyberattack campaign utilizing malicious LNK files to gain unauthorized Remote Desktop access on compromised systems. The sophisticated multi-stage attack chain employs PowerShell and BAT scripts to evade detection, create administrative acc…
powershell
persistence
credential theft
cyberespionage
rdp
multi-stage attack
uac bypass
2024-10-26
bat scripts
chromepass
Published: October 26, 2024
Downloadable IOCs: 0

DarkVision RAT

DarkVision RAT is a customizable remote access trojan that first appeared in 2020, offered on Hack Forums for $60. Written in C/C++ and assembly, it offers features like keylogging, screenshots, file manipulation, process injection, remote code execution, and password theft. The analysis reveals a …
purecrypter
c2 communication
multi-stage attack
2024-10-10
remote access trojan
darkvision rat
Published: October 10, 2024
Downloadable IOCs: 0

North Korea Still Attacking Developers via npm

Recent weeks have seen a resurgence of North Korean-aligned groups targeting developers through npm packages. The campaign, which began on August 12, 2024, involves multiple groups using various publication patterns and attack types. The malicious packages contain obfuscated JavaScript that downloa…
malware
obfuscation
python
cryptocurrency
exfiltration
persistence
javascript
moonstone sleet
npm
2024-09-30
contagious interview
multi-stage attack
Published: September 30, 2024
Downloadable IOCs: 12
Click here to see more Attack Reports