hunt

Cobalt Strike Operators Leverage PowerShell Loaders Across Chinese, Russian, and Global Infrastructure

A newly discovered PowerShell-based shellcode loader, y1.ps1, leverages advanced in-memory execution and evasion techniques to bypass traditional disk-based detection. The y1.ps1 script was found hosted on an open directory on a Chinese server.

Paste.ee Abuse Uncovered: XWorm & AsyncRAT Infrastructure

Cybercriminals are exploiting the trusted text-sharing platform Paste.ee to deliver sophisticated malware strains, including XWorm and AsyncRAT. These campaigns leverage phishing emails and social engineering to distribute malicious payloads.

In Plain Sight: Uncovering SuperShell & Cobalt Strike from an Open Directory

Hunt researchers uncovered a malicious server, revealing SuperShell C2 payloads and a Linux ELF Cobalt Strike beacon. The server also hosted reconnaissance tools, highlighting the sophistication and layered nature of modern cyber threats.

JSPSpy Combined With Custom File Management Tool in Webshell Infrastructure

Hunt researchers recently identified a cluster of JSPSpy web shell servers with an unexpected addition: Filebroser, a rebranded version of the open-source File Browser file management project.

Russian EFF Impersonators Leverage Stealc Malware and Pyramid C2 Infrastructure to Hit Albion Online Players

The threat actors behind this campaign sought to exploit the player-driven economy of Albion Online, where in-game assets are exchanged for real money through third-party markets.

Malicious Signal, Line, and Gmail Installers Target Chinese-Speaking Users with Backdoors

The attackers rely on search engine optimization (SEO) poisoning to direct users to fraudulent download pages for apps like Signal, Line, and Gmail, which deliver ZIP files containing executable malware.

LummApp Campaign Abuses OBS Software to Execute Infostealer via DLL Sideloading

Disguised as a benign application, LummApp deploys malicious browser extensions capable of exfiltrating data, capturing screen activity, manipulating clipboard contents, and tracking user browsing behavior.

MoqHao Leverages iCloud and VK in Campaign Targeting Apple IDs and Android Device

MoqHao, also known as Wroba and XLoader, is a mobile malware family linked to Roaming Mantis, a cybercrime group believed to be operating out of China. Malicious payloads are usually delivered through SMS phishing attacks targeting mobile devices.

Threat Actors Behind VEILDrive Campaign Exploit Microsoft Services for C2

The ongoing threat campaign known as VEILDrive is utilizing Microsoft services such as Teams, SharePoint, Quick Assist, and OneDrive in its operations to distribute spear-phishing attacks and store malware.

OceanLotus APT Group Targeting Vietnamese Human Rights Defenders

The attackers use spear-phishing lures and watering hole campaigns to infiltrate networks and collect sensitive data. Huntress identified four compromised hosts in recent attacks, linking them to Cobalt Strike Beacons and encrypted DLL payloads.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags