Alerts
Events
DCR
Explore Cyware Products
Alerts
Events
DCR
Go to listing page
Cobalt Strike Operators Leverage PowerShell Loaders Across Chinese, Russian, and Global Infrastructure
Malware and Vulnerabilities
June 23, 2025
hunt
A newly discovered PowerShell-based shellcode loader, y1.ps1, leverages advanced in-memory execution and evasion techniques to bypass traditional disk-based detection. The y1.ps1 script was found hosted on an open directory on a Chinese server.
Read More
Cobalt Strike
PowerShell loader
y1.ps1
Publisher
Previous
BitoPro exchange links Lazarus hackers to $11 million c ...
Breaches and Incidents
Next
IBM QRadar SIEM Bug Lets Attackers Run Arbitrary Comman ...
Malware and Vulnerabilities
/https://cyware-ent.s3.amazonaws.com/image_bank/fc19_Cy_Blog_Lazarus-APT_v06.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/26a0_shutterstock_1398645020.jpg)
