Tag: cobalt strike
12 articles

SharkLoader Malware Targets Global Entities in StrikeShark Cyberattacks
Kaspersky has uncovered a massive global cyberattack campaign, dubbed StrikeShark, that uses SharkLoader malware to target a wide range of organizations across multiple countries and industries. The attacks have hit diplomatic and government bodies, software development companies, and other entities in over a dozen countries.

SharkLoader Targets Global Entities with Cobalt Strike Deployment
Kaspersky researchers have uncovered a sophisticated campaign, dubbed StrikeShark, where hackers exploited vulnerabilities like ProxyLogon to deploy SharkLoader malware and gain access to high-stakes targets worldwide. The attackers used multiple publicly disclosed flaws to compromise internet-facing services, hitting diplomatic entities, software vendors, and more.

AI-Built Ransomware Toolkit Evades EDR Solutions with Automated Attacks
Sophos researchers uncovered a sophisticated AI-built ransomware toolkit that cleverly evades detection by automated security solutions, triggering alerts only after it had already compromised a customer system. The toolkit's sinister purpose was revealed through investigation, which found references to a ransom note and a list of targeted organizations on a dark web leak site.

Cyberattacks Surge Across Middle East Infrastructure Providers
The Middle East's infrastructure providers are under siege, with a staggering 1,350 command-and-control servers detected across 98 providers in just three months - and a single carrier, Saudi Telecom Company, accounting for a whopping 72% of the malicious traffic.

State-Sponsored Actors: Stunning Dangerous Backdoor Malware
Think of it as digital housekeeping: state-backed groups are slipping backdoor malware through everyday misconfigurations and tiny telemetry leaks, turning simple routers and appliances into long-term spy gear. The hard question for defenders is whether to lock every open door now—or risk attackers turning small oversights into lasting access.

Chinese-Linked Hackers Stunning Windows Spy Damages Envoys
Chinese-linked UNC6384 is exploiting a Windows vulnerability to plant stealthy spyware in diplomatic and commercial networks—an unsettling upgrade in tradecraft that challenges whether governments, companies, and users can patch porous defenses before quiet probes turn into loud alarms.

Beijing hacks: Stunning Risky Espionage Exposed
When attackers treat exposed routers and firewalls like unlocked doors, small misconfigurations become gateways for state-backed espionage — RedNovember used buggy appliances and a portable Go backdoor to stealthily steal intelligence worldwide. The fix is simple (and doable): inventory and patch your edge devices, segment networks, and lock down exposed management interfaces before the next intruder walks in.

CountLoader: Stunning Risky Loader Threat
CountLoader — a flexible, multi‑version loader now favored by Russian ransomware affiliates and initial access brokers — is being used to deliver dangerous toolsets like Cobalt Strike, AdaptixC2 and PureHVNC. Stay vigilant: layered defenses, behavioral detection, and rapid containment are essential to stop these faster, harder‑to‑detect intrusions.

Villager penetration-testing tool: Dangerous Must-Have
Villager — an AI-driven penetration tool dubbed “Cobalt Strike’s successor” — has already been downloaded about 10,000 times, sparking both fascination and real alarm as automation lowers the bar for attackers. If defenders don’t sharpen detection, patching, and identity controls fast, that promise of convenience could quickly become a turnkey threat.

UNG0002 cyber espionage Exclusive Critical Threat
UNG0002 is a stealthy cyber-espionage campaign using CV-themed phishing, LNK/VBScript exploits, and post-exploitation tools to target organizations in China, Hong Kong, and Pakistan—putting strategic data and finances at risk. Stay vigilant: harden email defenses, enforce MFA, patch systems, and train staff to spot realistic résumé and job-offer lures.

Ivanti Zero-Days: Risky Threat — Must-Have Fixes
Ivanti Connect Secure appliances were recently abused via two zero-days to install MDifyLoader and unleash Cobalt Strike, turning trusted VPN gateways into powerful footholds for attackers. Act now: patch immediately, enforce MFA and segmentation, and ramp up monitoring and threat hunting to stop this fast-moving threat.

Ivanti zero-day exploits: Stunning Urgent Alert
If you use Ivanti Connect Secure, the string of zero-day attacks exploiting CVE-2025-0282 and CVE-2025-22457 — amplified by the new MDifyLoader and Cobalt Strike — shows how quickly unpatched gear can become an attacker’s beachhead. Act fast: patch, tighten access, and boost monitoring to stop these stealthy, two-stage intrusions before they escalate.