Tag: DLL Sideloading
-
Iranian Seedworm Group Infiltrates South Korean Tech Titan in Global Espionage Surge
The Iranian threat collective Seedworm maintained a clandestine presence within the infrastructure of a prominent South Korean electronics manufacturer for nearly a week. During this tenure, the adversaries systematically harvested telemetry, purloined credentials, and exfiltrated sensitive files via a ubiquitous document-sharing platform utilized by millions globally. The campaign afflicted at least nine organizations across nine…
-
Hardware Warning: How CPU-Z and HWMonitor Official Downloads Became Trojan Traps
The routine acquisition of CPU-Z or HWMonitor has abruptly transformed into a vector for trojan distribution. Researchers from Cyderes, Breakglass, and Kaspersky report that adversaries compromised the official links on the CPUID website, diverting visitors toward infected archives and installers. According to Kaspersky, this substitution occurred between 15:00 UTC on April 9 and 10:00 UTC…
-
The “GitHub-io” Trap: How BoryptGrab Uses SEO Lures and SSH Tunnels to Hijack Your PC
A nascent strain of malicious software is proliferating beneath the guise of game enhancements and illicitly cracked iterations of ubiquitous applications, disseminated across hundreds of counterfeit repositories on GitHub. At a superficial glance, the stratagem appears pedestrian: the victim is presented with a ZIP archive bearing a tantalizing moniker, such as an FPS accelerator, a…
-
The Silent Signal: How China’s “UAT-9244” is Dismantling South American Telecom with a New Malware Triad
A Chinese hacker collective has unleashed a nascent wave of cyber offensives against telecommunications conglomerates across South America. Cybersecurity sentinels at Cisco Talos have unearthed a triad of novel, malignant instruments utilized by these malefactors to breach the architectures of telecommunications operators, subjugate their hardware, and transmute these devices into operational nodes for subsequent incursions.…
-
The Serpent’s Shadow: Unmasking “AnonDoor,” the Confucius Syndicate’s New Python-Powered Spyware
The Confucius syndicate persists in its cyberespionage operations targeting South Asian nations. A nascent campaign is meticulously aimed at organizations within Pakistan. Forensic analysis has illuminated the deployment of an instrument hitherto unseen within the group’s arsenal: a Python-based backdoor christened AnonDoor. This operation masterfully orchestrates a multi-stage payload delivery sequence, co-opting legitimate software to…
-
Phantom in the Machine: How “Dust Specter” Uses AI-Forged Malware to Infiltrate Iraqi Ministry Offices
Hackers allegedly linked to Iran have orchestrated a novel campaign targeting Iraqi officials, deploying an arsenal of previously undocumented malicious software. During this operation, the assailants masqueraded as the Iraqi Ministry of Foreign Affairs, disseminating infected files meticulously disguised as official administrative documents. In January 2026, cybersecurity sentinels at Zscaler unearthed this clandestine activity. The…
-
The Google Drive Shadow: Unmasking Silver Dragon’s “GearDoor” Backdoor and the Silent Return of APT41
For several years, the Silver Dragon syndicate has orchestrated a clandestine cyber offensive against state apparatuses and prominent enterprises across Europe and Southeast Asia. These malefactors systematically breach public-facing servers, disseminate meticulously crafted phishing missives, and implant malicious armaments ingeniously masquerading as benign Windows processes. A recent campaign was rigorously dissected by the vanguard at…
-
The Evoxt Labyrinth: Unmasking the New Subterranean Infrastructure of China’s PlugX Syndicates
While the majority of the corporate world remains preoccupied with the latest vulnerabilities, a cadre of Chinese threat actors has been stealthily architecting a subterranean infrastructure for cyberespionage. A meticulous forensic analysis of nascent PlugX malware specimens has laid bare an intricate labyrinth of domains and servers orchestrated by Mustang Panda, UNC6384, and RedDelta. Notably,…
-
Under the Radar: How the SloppyLemming Syndicate Infiltrated South Asia’s Nuclear and Energy Sectors
Over the past year, South Asia has witnessed a marked proliferation of cyberespionage offensives targeting state apparatuses and critical infrastructure operators. The vanguard at Arctic Wolf has chronicled a sophisticated campaign, attributing it with moderate confidence to the threat syndicate SloppyLemming, alternatively recognized by the monikers Outrider Tiger and Fishing Elephant. The crosshairs of this…
-
The Trust Trap: How Hackers Weaponize Legitimate Google and Microsoft Login Pages via OAuth Redirection
An electronic missive imploring the recipient to “sign a document” or “authenticate an account” may not invariably lead to a fabricated domain, but rather to an entirely legitimate Microsoft or Google address. It is precisely this profound trust that malefactors have ruthlessly exploited, having mastered the manipulation of the OAuth protocol’s redirection mechanisms to orchestrate…
-
Shadows in the Browser: The UNC6384 Syndicate Unmasks a New PlugX Variant “Arp”
In January 2026, cybersecurity experts at the Japanese firm IIJ intercepted a novel iteration of the PlugX malware, a formidable instrument frequently deployed in targeted cyber offensives. Subsequent analysis illuminated a potential nexus between this campaign and the UNC6384 syndicate, an entity widely associated with Chinese cyberespionage operations. UNC6384 is believed to operate in close…
-
Encrypted Deception: Cisco Talos Unmasks “Dohdoor” and the Stealthy UAT-10027 Campaign Targeting Healthcare
Since the twilight of 2025, Cisco Talos has been vigilantly tracking a malicious campaign directed against educational and healthcare institutions within the United States. Researchers attribute this coordinated activity to the threat actor UAT-10027 and have delineated a novel backdoor christened “Dohdoor.” Its defining characteristic is its reliance on DNS over HTTPS (DoH) for command…
-
Evasion in Rust: Automate Your Stealth with the LazyDLLSideload Proxy Generator
LazyDLLSideload A Rust-based tool for generating DLL proxy/sideload projects for red team engagements. Automatically parses PE export tables and generates ready-to-compile Rust projects with your payload embedded. LazyDLLSideload automates the process of creating DLL proxying and sideloading implants. Uses windows_sys Ecosystem. Parses any Windows DLL to extract exported functions Generates complete Rust projects Strings obfuscation.…
-
Virtual Sabotage: How Attackers Weaponized SolarWinds Help Desks to Hide Malware Inside QEMU
The Microsoft Defender threat intelligence team has documented a series of substantiated offensives targeting internet-facing SolarWinds Web Help Desk instances. Adversaries weaponized these vulnerable help desk servers as a primary point of ingress, subsequently intensifying their penetration into the internal infrastructure in a concerted bid to seize dominion over critical domain nodes. According to Microsoft…
-
Poisoned Plugins: Evelyn Stealer Hits Developers via VS Code Marketplace
Software developers remain a paramount objective for cyber-adversaries, as burgeoning malicious campaigns increasingly exploit the very instruments and environments foundational to the software development lifecycle. A poignant illustration of this trend is the emergence of the Evelyn Stealer malware, disseminated through compromised extensions within Visual Studio Code. According to findings from Trend Micro, Evelyn Stealer…
-
The Ghost in the Machine: Resecurity Unmasks PDFSider Malware
A novel strain of deleterious software, designated as PDFSider, was recently unearthed within the network of a Fortune 100 financial institution. The discovery transpired during a rigorous incident response effort linked to a nascent ransomware incursion. Investigative findings by the Resecurity team reveal that this malicious instrument is engineered to establish clandestine persistence within compromised…