Advertisement
GopherWhisper APT Abuses Outlook and Slack for Stealthy C2
Newly discovered GopherWhisper APT group uses a Go-based toolkit and legitimate SaaS platforms like Slack and Outlook to conduct espionage against governments.
SystemBC C2 Analysis: 1,570 Victims of The Gentlemen Ransomware
Analysis of a SystemBC C2 server linked to The Gentlemen ransomware reveals over 1,570 victims and the use of SOCKS5 tunnels for persistent access.
Emoji-Based C2: Threat Actors Adopt Covert Communication Tactics
Threat actors are increasingly using emojis for covert Command and Control communications to evade security filters. Learn how to detect these obfuscated TTPs.
SnappyClient C2 Implant Targets Crypto Wallets for Data Theft
A new C2 implant, SnappyClient, is actively targeting crypto wallets, facilitating remote access, extensive data theft, and persistent spying on victims.
Tag Poisoning Compromises Xygeni GitHub Action, C2 Implant Active
Attackers compromised the `xygeni/xygeni-action` GitHub Action using tag poisoning, deploying a C2 implant for up to a week. Users must verify integrity and review logs.
North Korean Malicious npm Packages: Detecting Contagious Interview
North Korean actors published 26 malicious npm packages using Pastebin as a C2 dead drop resolver in a new Contagious Interview campaign iteration.
GRIDTIDE Espionage: PRC-Nexus UNC2814 Targets Telecoms Globally
Google disrupts GRIDTIDE, a novel backdoor used by PRC-nexus UNC2814 for global cyber espionage against telecommunications and government entities.
Kimwolf Botnet Integration Impairs I2P Network Infrastructure
The Kimwolf IoT botnet has weaponized the Invisible Internet Project (I2P) to harden its C2 infrastructure, leading to widespread peer instability and network-wide latency.