A new malware, DslogdRAT, was deployed via a zero-day vulnerability in Ivanti Connect Secure during targeted attacks in Japan. The malware was installed using a Perl-based CGI web shell and exhibits advanced command-and-control capabilities.

Initially, the targets of MirrorFace were media, political organizations, think tanks, and universities, but by 2023, the focus shifted to manufacturers and research institutions.

The targeted attack group DangerousPassword has been continuously attacking cryptocurrency exchange developers since June 2019, using malware that infects Windows, macOS, and Linux environments with Python and Node.js installed.

Recently, the malware used by Lazarus, VSingle, has been updated to retrieve C2 server information from GitHub. VSingle has two versions, one targeting Windows OS and the other targeting Linux OS.