Topic: infection chain
-
APT37 Breaches Air-Gapped Networks with New Malware
North Korean state-sponsored hackers (APT37) are using a novel toolkit called Ruby Jumper to breach sensitive air-gapped networks by exploiting removable USB drives as a covert bridge. The multi-stage infection begins with a malicious shortcut file and deploys a chain of tools, including the REST...
Read More » -
North Korean Lazarus Hackers Target European Defense Firms
North Korea's Lazarus hacking group targeted European UAV defense firms through a deceptive recruitment campaign called Operation DreamJob, aiming to steal military drone technology. The attackers used trojanized applications and DLL sideloading to deploy the ScoringMathTea RAT, granting extensiv...
Read More » -
XWorm Malware Returns with Ransomware & 35+ Plugins
XWorm malware has evolved with ransomware capabilities and over 35 plugins, distributed by multiple threat actors through phishing campaigns after the original developer's departure. Initially a versatile remote access trojan, it steals sensitive data, enables DDoS attacks, and has been widely ad...
Read More » -
Unmasking FileFix: Steganography & Multistage Payloads Exposed
A cyberattack campaign called FileFix uses steganography to hide malicious code in JPG images, delivered via a phishing site that mimics Meta's support portal. The attack employs advanced techniques like multilingual phishing pages, obfuscated PowerShell scripts, and RC4 decryption to deploy the ...
Read More »