Tag: Cyber Threats

Nov 19, 2025Ravie LakshmananVulnerability / Threat Intelligence

A newly discovered campaign has compromised tens of thousands of outdated or end-of-life (EoL) ASUS routers worldwide, predominantly in Taiwan, the U.S., and Russia, to rope them into a massive network.

The router hijacking activity has been codenamed Operation WrtHug by SecurityScorecard’s STRIKE team. Southeast Asia and European countries are some of the other regions where infections have been recorded.

The attacks likely involve the exploitation of six known security flaws in end-of-life ASUS WRT routers to take control of susceptible devices. All the infected routers have been found to share a unique self-signed TLS certificate with an expiration date set for 100 years from April 2022.

SecurityScorecard said 99% of the services presenting the certificate are ASUS AiCloud, a proprietary service designed to enable access to local storage via the internet.

“It leverages the proprietary AiCloud service with n-day vulnerabilities in order to gain high privileges on End-Of-Life ASUS WRT routers,” the company said in a report shared with The Hacker News, adding the campaign, while not exactly an Operational Relay Box (ORB), bears similarities with other China-linked ORBs and botnet networks.

The attacks likely exploit vulnerabilities tracked as CVE-2023-41345, CVE-2023-41346, CVE-2023-41347, CVE-2023-41348, CVE-2024-12912, and CVE-2025-2492 for proliferation. Interestingly, the exploitation of CVE-2023-39780 has also been linked to another Chinese-origin botnet dubbed AyySSHush (aka ViciousTrap). Two other ORBs that have targeted routers in recent months are LapDogs and PolarEdge.

Out of all the infected devices, seven IP addresses have been flagged for exhibiting signs of compromise associated with both WrtHug and AyySSHush, potentially raising the possibility that the two clusters could be related. That being said, there is no evidence to back this hypothesis beyond the shared vulnerability.

The list of router models targeted in the attacks is below –

• ASUS Wireless Router 4G-AC55U
• ASUS Wireless Router 4G-AC860U
• ASUS Wireless Router DSL-AC68U
• ASUS Wireless Router GT-AC5300
• ASUS Wireless Router GT-AX11000
• ASUS Wireless Router RT-AC1200HP
• ASUS Wireless Router RT-AC1300GPLUS
• ASUS Wireless Router RT-AC1300UHP

It’s currently not clear who is behind the operation, but the extensive targeting of Taiwan and overlaps with previous tactics observed in ORB campaigns from Chinese hacking groups suggest it could be the work of an unknown China-affiliated actor.

“This research highlights the growing trend of malicious threat actors targeting routers and other network devices in mass infection operations,” SecurityScorecard said. “These are commonly (but not exclusively) linked to China Nexus actors, who execute their campaigns in a careful and calculated manner to expand and deepen their global reach.”

“By chaining command injections and authentication bypasses, threat actors have managed to deploy persistent backdoors via SSH, often abusing legitimate router features to ensure their presence survives reboots or firmware updates.”

The challenge facing security leaders is monumental: Securing environments where failure is not an option. Reliance on traditional security postures, such as Endpoint Detection and Response (EDR) to chase threats after they have already entered the network, is fundamentally risky and contributes significantly to the half-trillion-dollar annual cost of cybercrime.

Zero Trust fundamentally shifts this approach, transitioning from reacting to symptoms to proactively solving the underlying problem. Application Control, the ability to rigorously define what software is allowed to execute, is the foundation of this strategy. However, even once an application is trusted, it can be misused. This is where ThreatLocker Ringfencing™, or granular application containment, becomes indispensable, enforcing the ultimate standard of least privilege on all authorized applications.

Defining Ringfencing: Security Beyond Allowlisting

Ringfencing is an advanced containment strategy applied to applications that have already been approved to run. While allowlisting ensures a fundamental deny-by-default posture for all unknown software, Ringfencing further restricts the capabilities of the permitted software. It operates by dictating precisely what an application can access, including files, registry keys, network resources, and other applications or processes.

This granular control is vital because threat actors frequently bypass security controls by misusing legitimate, approved software, a technique commonly referred to as “living off the land.” Uncontained applications, such as productivity suites or scripting tools, can be weaponized to spawn risky child processes (like PowerShell or Command Prompt) or communicate with unauthorized external servers.

The Security Imperative: Stopping Overreach

Without effective containment, security teams leave wide open attack vectors that lead directly to high-impact incidents.

• Mitigating Lateral Movement: Ringfencing isolates application behaviors, hindering the ability of compromised processes to move across the network. Policies can be set to restrict outbound network traffic, a measure that would have foiled major attacks that relied on servers reaching out to malicious endpoints for instructions.
• Containing High-Risk Applications: A critical use case is reducing the risk associated with legacy files or scripts, such as Office macros. By applying containment, applications like Word or Excel, even if required by departments like Finance, are restricted from launching high-risk script engines like PowerShell or accessing high-risk directories.
• Preventing Data Exfiltration and Encryption: Containment policies can limit an application’s ability to read or write to sensitive monitored paths (such as document folders or backup directories), effectively blocking mass data exfiltration attempts and preventing ransomware from encrypting files outside its designated scope.

Ringfencing inherently supports compliance goals by ensuring that all applications operate strictly with the permissions they truly require, aligning security efforts with best-practice standards such as CIS Controls.

A policy dictates whether an application can access certain files and folders or make changes to the system registry. Most importantly, it governs Inter-Process Communication (IPC), ensuring an approved application cannot interact with or spawn unauthorized child processes. For instance, Ringfencing blocks Word from launching PowerShell or other unauthorized child processes.

Implementing Application Containment

Adopting Ringfencing requires a disciplined, phased implementation focused on avoiding operational disruption and political fallout.

Establishing the Baseline

Implementation starts by deploying a monitoring agent to establish visibility. The agent should be deployed first to a small test group or isolated test organization—often affectionately called the guinea pigs—to monitor activity. In this initial Learning Mode, the system logs all executions, elevations, and network activity without blocking anything.

Simulation and Enforcement

Before any policy is secured, the team should utilize the Unified Audit to run simulations (simulated denies). This preemptive auditing shows precisely what actions would be blocked if the new policy was enforced, allowing security professionals to make necessary exceptions upfront and prevent tanking the IT department’s approval rating.

Ringfencing policies are then typically created and enforced first on applications recognized as high-risk, such as PowerShell, Command Prompt, Registry Editor, and 7-Zip, due to their high potential for weaponization. Teams should ensure that they have been properly tested before moving to a secure, enforcing state.

Scaling and Refinement

Once policies are validated in the test environment, deployment is scaled gradually across the organization, typically starting with easy wins and moving slowly towards the hardest groups. Policies should be continuously reviewed and refined, including regularly removing unused policies to reduce administrative clutter.

Strategic Deployment and Best Practices

To maximize the benefits of application containment while minimizing user friction, leaders should adhere to proven strategies:

• Start Small and Phased: Always apply new Ringfencing policies to a non-critical test group first. Avoid solving all business problems at once; tackle highly dangerous software first (like Russian remote access tools), and delay political decisions (like blocking games) until later phases.
• Continuous Monitoring: Regularly review the Unified Audit and check for simulated denies before securing any policy to ensure legitimate functions are not broken.
• Combine Controls: Ringfencing is most effective when paired with Application Allowlisting (deny-by-default). It should also be combined with Storage Control to protect critical data to prevent mass data loss or exfiltration.
• Prioritize Configuration Checks: Utilize automated tools, like Defense Against Configurations (DAC), to verify that Ringfencing and other security measures are properly configured across all endpoints, highlighting where settings might have lapsed into monitor-only mode.

Outcomes and Organizational Gains

By implementing Ringfencing, organizations transition from a reactive model—where highly paid cybersecurity professionals spend time chasing alerts—to a proactive, hardened architecture.

This approach offers significant value beyond just security:

• Operational Efficiency: Application control significantly reduces Security Operations Center (SOC) alerts—in some cases by up to 90%—resulting in less alert fatigue and substantial savings in time and resources.
• Enhanced Security: It stops the abuse of trusted programs, contains threats, and makes the cybercriminal’s life as difficult as possible.
• Business Value: It minimizes application overreach without breaking business-critical workflows, such as those required by the finance department for legacy macros.

Ultimately, Ringfencing strengthens the Zero Trust mindset, ensuring that every application, user, and device operates strictly within the boundaries of its necessary function, making detection and response truly a backup plan, rather than the primary defense.

Nov 19, 2025Ravie LakshmananAI Security / SaaS Security

Malicious actors can exploit default configurations in ServiceNow’s Now Assist generative artificial intelligence (AI) platform and leverage its agentic capabilities to conduct prompt injection attacks.

The second-order prompt injection, according to AppOmni, makes use of Now Assist’s agent-to-agent discovery to execute unauthorized actions, enabling attackers to copy and exfiltrate sensitive corporate data, modify records, and escalate privileges.

“This discovery is alarming because it isn’t a bug in the AI; it’s expected behavior as defined by certain default configuration options,” said Aaron Costello, chief of SaaS Security Research at AppOmni.

“When agents can discover and recruit each other, a harmless request can quietly turn into an attack, with criminals stealing sensitive data or gaining more access to internal company systems. These settings are easy to overlook.”

The attack is made possible because of agent discovery and agent-to-agent collaboration capabilities within ServiceNow’s Now Assist. With Now Assist offering the ability to automate functions such as help-desk operations, the scenario opens the door to possible security risks.

For instance, a benign agent can parse specially crafted prompts embedded into content it’s allowed access to and recruit a more potent agent to read or change records, copy sensitive data, or send emails, even when built-in prompt injection protections are enabled.

The most significant aspect of this attack is that the actions unfold behind the scenes, unbeknownst to the victim organization. At its core, the cross-agent communication is enabled by controllable configuration settings, including the default LLM to use, tool setup options, and channel-specific defaults where the agents are deployed –

• The underlying large language model (LLM) must support agent discovery (both Azure OpenAI LLM and Now LLM, which is the default choice, support the feature)
• Now Assist agents are automatically grouped into the same team by default to invoke each other
• An agent is marked as being discoverable by default when published

While these defaults can be useful to facilitate communication between agents, the architecture can be susceptible to prompt injections when an agent whose main task is to read data that’s not inserted by the user invoking the agent.

“Through second-order prompt injection, an attacker can redirect a benign task assigned to an innocuous agent into something far more harmful by employing the utility and functionality of other agents on its team,” AppOmni said.

“Critically, Now Assist agents run with the privilege of the user who started the interaction unless otherwise configured, and not the privilege of the user who created the malicious prompt and inserted it into a field.”

Following responsible disclosure, ServiceNow said the behavior is intended to be this way, but the company has since updated its documentation to provide more clarity on the matter. The findings demonstrate the need for strengthening AI agent protection, as enterprises increasingly incorporate AI capabilities into their workflows.

To mitigate such prompt injection threats, it’s advised to configure supervised execution mode for privileged agents, disable the autonomous override property (“sn_aia.enable_usecase_tool_execution_mode_override”), segment agent duties by team, and monitor AI agents for suspicious behavior.

“If organizations using Now Assist’s AI agents aren’t closely examining their configurations, they’re likely already at risk,” Costello added.

Nov 19, 2025Ravie LakshmananCyber Espionage / Malware

The threat actor known as PlushDaemon has been observed using a previously undocumented Go-based network backdoor codenamed EdgeStepper to facilitate adversary-in-the-middle (AitM) attacks.

EdgeStepper “redirects all DNS queries to an external, malicious hijacking node, effectively rerouting the traffic from legitimate infrastructure used for software updates to attacker-controlled infrastructure,” ESET security researcher Facundo Muñoz said in a report shared with The Hacker News.

Known to be active since at least 2018, PlushDaemon is assessed to be a China-aligned group that has attacked entities in the U.S., New Zealand, Cambodia, Hong Kong, Taiwan, South Korea, and mainland China.

It was first documented by the Slovak cybersecurity company earlier this January, detailing a supply chain attack aimed at a South Korean virtual private network (VPN) provider named IPany to target a semiconductor company and an unidentified software development company in South Korea with a feature-rich implant dubbed SlowStepper.

Among the adversary’s victims include a university in Beijing, a Taiwanese company that manufactures electronics, a company in the automotive sector, and a branch of a Japanese company in the manufacturing sector. Earlier this month, ESET also said it observed PlushDaemon targeting two entities in Cambodia this year, a company in the automotive sector and a branch of a Japanese company in the manufacturing sector, with SlowStepper.

The primary initial access mechanism for the threat actor is to leverage AitM poisoning, a technique that has been embraced by an “ever increasing” number of China-affiliated advanced persistent threat (APT) clusters in the last two years, such as LuoYu, Evasive

Panda, BlackTech, TheWizards APT, Blackwood, and FontGoblin. ESET said it’s tracking ten active China-aligned groups that have hijacked software update mechanisms for initial access and lateral movement.

The attack essentially commences with the threat actor compromising an edge network device (e.g., a router) that its target is likely to connect to. This is accomplished by either exploiting a security flaw in the software or through weak credentials, allowing them to deploy caEdgeStepper.

“Then, EdgeStepper begins redirecting DNS queries to a malicious DNS node that verifies whether the domain in the DNS query message is related to software updates, and if so, it replies with the IP address of the hijacking node,” Muñoz explained. “Alternatively, we have also observed that some servers are both the DNS node and the hijacking node; in those cases, the DNS node replies to DNS queries with its own IP address.”

Internally, the malware consists of two moving parts: a Distributor module that resolves the IP address associated with the DNS node domain (“test.dsc.wcsset[.]com”) and invokes the Ruler component responsible for configuring IP packet filter rules using iptables.

The attack specifically checks for several Chinese software, including Sogou Pinyin, to have their update channels hijacked by means of EdgeStepper to deliver a malicious DLL (“popup_4.2.0.2246.dll” aka LittleDaemon) from a threat actor-controlled server. A first-stage deployed through hijacked updates, LittleDaemon is designed to communicate with the attacker node to fetch a downloader referred to as DaemonicLogistics if SlowStepper is not running on the infected system.

The main purpose of DaemonicLogistics is to download the SlowStepper backdoor from the server and execute it. SlowStepper supports an extensive set of features to gather system information, files, browser credentials, extract data from a number of messaging apps, and even uninstall itself.

“These implants give PlushDaemon the capability to compromise targets anywhere in the world,” Muñoz said.

Nov 19, 2025Ravie LakshmananVulnerability / Network Security

Fortinet has warned of a new security flaw in FortiWeb that it said has been exploited in the wild.

The medium-severity vulnerability, tracked as CVE-2025-58034, carries a CVSS score of 6.7 out of a maximum of 10.0.

“An Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability [CWE-78] in FortiWeb may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands,” the company said in a Tuesday advisory.

In other words, successful attacks require an attacker to first authenticate themselves through some other means and chain it with CVE-2025-58034 to execute arbitrary operating system commands.

It has been addressed in the following versions –

• FortiWeb 8.0.0 through 8.0.1 (Upgrade to 8.0.2 or above)
• FortiWeb 7.6.0 through 7.6.5 (Upgrade to 7.6.6 or above)
• FortiWeb 7.4.0 through 7.4.10 (Upgrade to 7.4.11 or above)
• FortiWeb 7.2.0 through 7.2.11 (Upgrade to 7.2.12 or above)
• FortiWeb 7.0.0 through 7.0.11 (Upgrade to 7.0.12 or above)

The company credited Trend Micro researcher Jason McFadyen for reporting the flaw under its responsible disclosure policy.

Interestingly, the development comes days after Fortinet confirmed that it silently patched another critical FortiWeb vulnerability (CVE-2025-64446, CVSS score: 9.1) in version 8.0.2.

“We activated our PSIRT response and remediation efforts as soon as we learned of this matter, and those efforts remain ongoing,” a Fortinet spokesperson told The Hacker News. “Fortinet diligently balances our commitment to the security of our customers and our culture of responsible transparency.”

It’s currently not clear why Fortinet opted to patch the flaws without releasing an advisory. But the move has left defenders at a disadvantage, effectively preventing them from mounting an adequate response.

“When popular technology vendors fail to communicate new security issues, they are issuing an invitation to attackers while choosing to keep that same information from defenders,” VulnCheck noted last week.

The malware authors associated with a Phishing-as-a-Service (PhaaS) kit known as Sneaky 2FA have incorporated Browser-in-the-Browser (BitB) functionality into their arsenal, underscoring the continued evolution of such offerings and further making it easier for less-skilled threat actors to mount attacks at scale.

Push Security, in a report shared with The Hacker News, said it observed the use of the technique in phishing attacks designed to steal victims’ Microsoft account credentials.

BitB was first documented by security researcher mr.d0x in March 2022, detailing how it’s possible to leverage a combination of HTML and CSS code to create fake browser windows that can masquerade as login pages for legitimate services in order to facilitate credential theft.

“BitB is principally designed to mask suspicious phishing URLs by simulating a pretty normal function of in-browser authentication – a pop-up login form,” Push Security said. “BitB phishing pages replicate the design of a pop-up window with an iframe pointing to a malicious server.”

To complete the deception, the pop-up browser window shows a legitimate Microsoft login URL, giving the victim the impression that they are entering the credentials on a legitimate page, when, in reality, it’s a phishing page.

In one attack chain observed by the company, users who land on a suspicious URL (“previewdoc[.]us”) are served a Cloudflare Turnstile check. Only after the user passes the bot protection check does the attack progress to the next stage, which involves displaying a page with a “Sign in with Microsoft” button in order to view a PDF document.

Once the button is clicked, a phishing page masquerading as a Microsoft login form is loaded in an embedded browser using the BitB technique, ultimately exfiltrating the entered information and session details to the attacker, who can then use them to take over the victim’s account.

Besides using bot protection technologies like CAPTCHA and Cloudflare Turnstile to prevent security tools from accessing the phishing pages, the attackers leverage conditional loading techniques to ensure that only the intended targets can access them, while filtering out the rest or redirecting them to benign sites instead.

Sneaky 2FA, first highlighted by Sekoia earlier this year, is known to adopt various methods to resist analysis, including using obfuscation and disabling browser developer tools to prevent attempts to inspect the web pages. In addition, the phishing domains are quickly rotated to minimize detection.

“Attackers are continuously innovating their phishing techniques, particularly in the context of an increasingly professionalized PhaaS ecosystem,” Push Security said. “With identity-based attacks continuing to be the leading cause of breaches, attackers are incentivized to refine and enhance their phishing infrastructure.”

The disclosure comes against the backdrop of research that found that it’s possible to employ a malicious browser extension to fake passkey registration and logins, thereby allowing threat actors to access enterprise apps without the user’s device or biometrics.

The Passkey Pwned Attack, as it’s called, takes advantage of the fact that there is no secure communication channel between a device and the service and that the browser, which serves as the intermediary, can be manipulated by means of a rogue script or extension, effectively hijacking the authentication process.

When registering or authenticating on websites using passkeys, the website communicates via the web browser by invoking WebAuthn APIs such as navigator.credentials.create() and navigator.credentials.get(). The attack manipulates these flows through JavaScript injection.

“The malicious extension intercepts the call before it reaches the authenticator and generates its own attacker-controlled key pair, which includes a private key and a public key,” SquareX said. “The malicious extension stores the attacker-controlled private key locally so it can reuse it to sign future authentication challenges on the victim’s device without generating a new key.”

A copy of the private key is also transmitted to the attacker to permit them to access enterprise apps on their own device. Similarly, during the login phase, the call to “navigator.credentials.get()” is intercepted by the extension to sign the challenge with the attacker’s private key created during registration.

That’s not all. Threat actors have also found a way to sidestep phishing-resistant authentication methods like passkeys by means of what’s known as a downgrade attack, where adversary-in-the-middle (AitM) phishing kits like Tycoon can ask the victim to choose between a less secure option that’s phishable instead of allowing them to use a passkey.

“So, you have a situation where even if a phishing-resistant login method exists, the presence of a less secure backup method means the account is still vulnerable to phishing attacks,” Push Security noted back in July 2025.

As attackers continue to hone their tactics, it’s essential that users exercise vigilance before opening suspicious messages or installing extensions on the browser. Organizations can also adopt conditional access policies to prevent account takeover attacks by restricting logins that don’t meet certain criteria.

Nov 18, 2025Ravie LakshmananBug Bounty / Data Privacy

Meta on Tuesday said it has made available a tool called WhatsApp Research Proxy to some of its long-time bug bounty researchers to help improve the program and more effectively research the messaging platform’s network protocol.

The idea is to make it easier to delve into WhatsApp-specific technologies as the application continues to be a lucrative attack surface for state-sponsored actors and commercial spyware vendors.

The company also noted that it’s setting up a pilot initiative where it’s inviting research teams to focus on platform abuse with support for internal engineering and tooling. “Our goal is to lower the barrier of entry for academics and other researchers who might not be as familiar with bug bounties to join our program,” it added.

The development comes as the social media giant said it has awarded more than $25 million in bug bounties to over 1,400 researchers from 88 countries in the last 15 years, out of which more than $4 million were paid out this year alone for almost 800 valid reports. In all, Meta said it received around 13,000 submissions.

Some of the notable bug discoveries included an incomplete validation bug in WhatsApp prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 that could have enabled a user to trigger processing of content retrieved from an arbitrary URL on another user’s device. There is no evidence that the issue was exploited in the wild.

Also patched by Meta is a vulnerability tracked as CVE-2025-59489 (CVSS score: 8.4) that could have allowed malicious applications installed on Quest devices to manipulate Unity applications to achieve arbitrary code execution. Flatt Security researcher RyotaK has been acknowledged for discovering and reporting the flaw.

Simple WhatsApp Security Flaw Exposes 3.5 Billion Phone Numbers

Lastly, Meta said it added anti-scraping protections to WhatsApp following a report that detailed a novel method to enumerate WhatsApp accounts at scale across 245 countries and build a dataset containing every user, bypassing the service’s rate-limiting restrictions. WhatsApp has about 3.5 billion active users.

The attack takes advantage of a legitimate WhatsApp contact discovery feature that requires users to first determine whether their contacts are registered on the platform. It essentially allows an attacker to compile basic publicly accessible information, along with their profile photos, About text, and timestamps associated with key updates related to the two attributes. Meta said it found no indications that this vector was ever abused in a malicious context.

Interestingly, the study found millions of phone numbers registered to WhatsApp in countries where it’s officially banned, including 2.3 million in China and 1.6 million in Myanmar.

“Normally, a system shouldn’t respond to such a high number of requests in such a short time – particularly when originating from a single source,” Gabriel Gegenhuber, University of Vienna researcher and lead author of the study, said. “This behavior exposed the underlying flaw, which allowed us to issue an effectively unlimited requests to the server and, in doing so, map user data worldwide.”

Earlier this year, Gegenhuber et al also demonstrated another research titled Careless Whisper that showed how delivery receipts can pose significant privacy risks to users, thereby allowing an attacker to send specifically crafted messages that can trigger delivery receipts without their knowledge or consent and extract their activity status.

“By using this technique at high frequency, we demonstrate how an attacker could extract private information, such as following a user across different companion devices, inferring their daily schedule, or deducing current activities,” the researchers noted.

“Moreover, we can infer the number of currently active user sessions (i.e., main and companion devices) and their operating system, as well as launch resource exhaustion attacks, such as draining a user’s battery or data allowance, all without generating any notification on the target side.”

Nov 18, 2025Ravie LakshmananCyber Espionage / Malware

Suspected espionage-driven threat actors from Iran have been observed deploying backdoors like TWOSTROKE and DEEPROOT as part of continued attacks aimed at aerospace, aviation, and defense industries in the Middle East.

The activity has been attributed by Google-owned Mandiant to a threat cluster tracked as UNC1549 (aka Nimbus Manticore or Subtle Snail), which was first documented by the threat intelligence firm early last year.

“Operating in late 2023 through 2025, UNC1549 employed sophisticated initial access vectors, including abuse of third-party relationships to gain entry (pivoting from service providers to their customers), VDI breakouts from third-parties, and highly targeted, role-relevant phishing,” researchers Mohamed El-Banna, Daniel Lee, Mike Stokkel, and Josh Goddard said.

The disclosure comes about two months after Swiss cybersecurity company PRODAFT tied the hacking group to a campaign targeting European telecommunications companies, successfully breaching 11 organizations in the process as part of a recruitment-themed social engineering attack via LinkedIn.

The infection chains, per Google, involve a combination of phishing campaigns designed to steal credentials or distribute malware and leveraging trusted relationships with third-party suppliers and partners. The second approach signals a particularly clever strategy when striking defense contractors.

While these organizations tend to have robust defenses, that may not be the case with third-party partners – a weak link in the supply chain that UNC1549 weaponizes to its advantage by first gaining access to a connected entity in order to infiltrate its main targets.

Often, this entails abusing credentials associated with services like Citrix, VMWare, and Azure Virtual Desktop and Application (VDA) harvested from these external entities to establish an initial foothold and subsequently break out of the confines of the virtualized sessions to gain access to the underlying host system and initiate lateral movement activities within the target network.

Another initial access pathway concerns the use of spear-phishing emails claiming to be related to job opportunities to lure recipients into clicking on bogus links and downloading malware to their machines. UNC1549 has also been observed targeting IT staff and administrators in these attacks to obtain credentials with elevated privileges that would grant them deeper access to the network.

Once the attackers have found a way inside, the post-exploitation activity spans reconnaissance, credential harvesting, lateral movement, defense evasion, and information theft, systematically gathering network/IT documentation, intellectual property, and emails.

Some of the custom tools put to use by the threat actor as part of this effort are listed below –

• MINIBIKE (aka SlugResin), a known C++ backdoor that gathers system information and fetches additional payloads to conduct reconnaissance, log keystrokes and clipboard content, steal Microsoft Outlook credentials, collect web browser data from Google Chrome, Brave, and Microsoft Edge, and take screenshots
• TWOSTROKE, a C++ backdoor that allows for system information collection, DLL loading, file manipulation, and persistence
• DEEPROOT, a Golang-based Linux backdoor that supports shell command execution, system information enumeration, and file operations
• LIGHTRAIL, a custom tunneler that’s likely based on Lastenzug, an open-source Socks4a proxy that communicates using Azure cloud infrastructure
• GHOSTLINE, a Golang-based Windows tunneler that uses a hard-coded domain for its communication
• POLLBLEND, a C++ Windows tunneler that uses hard-coded command-and-control (C2) servers to register itself and download tunneler configuration
• DCSYNCER.SLICK, a Windows utility based on DCSyncer to conduct DCSync attacks for privilege escalation
• CRASHPAD, a C++ Windows utility to extract credentials saved within web browsers
• SIGHTGRAB, a C Windows utility, selectively deployed to capture screenshots at regular intervals and save them to disk
• TRUSTTRAP, a malware that serves a Windows prompt to trick the user into entering their Microsoft account credentials

Also utilized by the adversary are publicly available programs like AD Explorer to query Active Directory; Atelier Web Remote Commander (AWRC) to establish remote connections, perform reconnaissance, credential theft, and malware deployment; and SCCMVNC for remote control. Furthermore, the threat actor is said to have taken steps to stymie investigation by deleting RDP connection history registry keys.

“UNC1549’s campaign is distinguished by its focus on anticipating investigators and ensuring long-term persistence after detection,” Mandiant said. “They plant backdoors that beacon silently for months, only activating them to regain access after the victim has attempted eradication.”

“They maintain stealth and command-and-control (C2) using extensive reverse SSH shells (which limit forensic evidence) and domains strategically mimicking the victim’s industry.”

Nov 18, 2025Ravie LakshmananMalware / Social Engineering

Cybersecurity researchers have disclosed details of a cyber attack targeting a major U.S.-based real-estate company that involved the use of a nascent command-and-control (C2) and red teaming framework known as Tuoni.

“The campaign leveraged the emerging Tuoni C2 framework, a relatively new, command-and-control (C2) tool (with a free license) that delivers stealthy, in-memory payloads,” Morphisec researcher Shmuel Uzan said in a report shared with The Hacker News.

Tuoni is advertised as an advanced C2 framework designed for security professionals, facilitating penetration testing operations, red team engagements, and security assessments. A “Community Edition” of the software is freely available for download from GitHub. It was first released in early 2024.

The attack, per Morphisec, unfolded in mid-October 2025, with the unknown threat actor likely leveraging social engineering via Microsoft Teams impersonation for initial access. It’s suspected that the attackers likely posed as trusted vendors or colleagues to deceive an employee at the company into running a PowerShell command.

The command, for its part, downloads a second PowerShell script from an external server (“kupaoquan[.]com”), which, in turn, employs steganographic tricks to conceal the next-stage payload within a bitmap image (BMP). The primary goal of the embedded payload is to extract shellcode and execute it directly in memory.

This results in the execution of “TuoniAgent.dll,” which corresponds to an agent that operates within the targeted machine and connects to a C2 server (in this case, “kupaoquan[.]com”), allowing for remote control.

“While Tuoni itself is a sophisticated but traditional C2 framework, the delivery mechanism showed signs of AI assistance in code generation, evident from the scripted comments and modular structure of the initial loader,” Morphisec added.

The attack, although ultimately unsuccessful, demonstrates continued abuse of red teaming tools for malicious purposes. In September 2025, Check Point detailed the use of an artificial intelligence (AI)-powered tool called HexStrike AI to rapidly accelerate and simplify vulnerability exploitation.

Nov 18, 2025Ravie LakshmananMalware / Web Security

Cybersecurity researchers have discovered a set of seven npm packages published by a single threat actor that leverages a cloaking service called Adspect to differentiate between real victims and security researchers to ultimately redirect them to sketchy crypto-themed sites.

The malicious npm packages, published by a threat actor named “dino_reborn” between September and November 2025, are listed below. The npm account no longer exists on npm as of writing.

• signals-embed (342 downloads)
• dsidospsodlks (184 downloads)
• applicationooks21 (340 downloads)
• application-phskck (199 downloads)
• integrator-filescrypt2025 (199 downloads)
• integrator-2829 (276 downloads)
• integrator-2830 (290 downloads)

“Upon visiting a fake website constructed by one of the packages, the threat actor determines if the visitor is a victim or a security researcher,” Socket security researcher Olivia Brown said.

“If the visitor is a victim, they see a fake CAPTCHA, eventually bringing them to a malicious site. If they are a security researcher, only a few tells on the fake website would tip them off that something nefarious may be occurring.”

Of these packages, six of them contain a 39kB malware that incorporates the cloaking mechanism and captures a fingerprint of the system, while simultaneously taking steps to sidestep analysis by blocking developer actions in a web browser, effectively preventing researchers from viewing the source code or launching developer tools.

The packages take advantage of a JavaScript feature called Immediately Invoked Function Expression (IIFE), which allows the malicious code to be executed immediately upon loading it in the web browser. In contrast, “signals-embed” does not harbor any malicious functionality outright and is designed to construct a decoy white page.

The captured information is sent to a proxy (“association-google[.]xyz/adspect-proxy[.]php”) to determine if the traffic source is from a victim or a researcher, and then serve a fake CAPTCHA. Once a victim clicks on the CAPTCHA checkbox, they are taken to a bogus cryptocurrency-related page impersonating services like StandX with the likely goal of stealing digital assets.

However, if the visitors are flagged as potential researchers, a white decoy page is displayed to the users. It also features HTML code related to the display privacy policy associated with a fake company named Offlido.

Adspect, according to its website, advertises a cloud-based service that’s designed to protect ad campaigns from unwanted traffic, such as click fraud and bots from antivirus companies. It also claims to offer “bulletproof cloaking” and that it “reliably cloaks each and every advertising platform.”

It offers three plans: Ant-fraud, Personal, and Professional that cost $299, $499, and $999 per month. The company also claims users can advertise “anything you want,” adding it follows a no-questions-asked policy: we do not care what you run and do not enforce any content rules.”

“The use of Adspect cloaking within npm supply-chain packages is rare,” Socket said. “This is an attempt to merge traffic cloaking, anti-research controls, and open source distribution. By embedding Adspect logic in npm packages, the threat actor can distribute a self-contained traffic-gating toolkit that automatically decides which visitors to expose to real payloads.”