Tag: RECONNAISSANCE

North Korean Hackers Use ZIP Files to Deploy Malicious PowerShell Scripts
Summary: North Korean hackers known as APT37 or ScarCruft are utilizing advanced phishing techniques to deploy the RokRat remote access Trojan (RAT) by delivering malicious ZIP files containing disguised LNK files. These attacks exploit real information to enhance credibility and execute a multi-stage infection process that gathers system details and exfiltrates data using legitimate cloud services.…
Read More
Stopping Sobolan Malware with Aqua Runtime Protection
Aqua Nautilus researchers have uncovered a new multi-stage attack campaign focused on interactive computing environments like Jupyter Notebooks. The attackers exploit unauthenticated instances to deploy malicious tools, hijack system resources, and maintain persistence, posing significant risks to cloud-native environments. Enhanced security measures are crucial to defend against such threats.…
Read More
Dark Web Profile: APT35
APT35, also known as Charming Kitten, is an Iranian state-sponsored cyber-espionage group targeting various sectors through sophisticated cyber campaigns. Since its emergence in 2014, APT35 has been involved in high-profile incidents such as the HBO data breach and attempted compromises of U.S. governmental and campaign-related accounts.…
Read More
RST TI Report Digest: 10 Mar 2025
This week’s threat intelligence report reveals a range of sophisticated cyber threats, including targeted multistage malware attacks, ransomware groups adopting new backconnect malware, and social engineering tactics employed in recruitment scams. Notable threats included a campaign targeting aviation and transport in the UAE, while other malware leveraged social media for distribution.…
Read More
Stealthy Attacks Exploiting PHP-CGI Vulnerability Target Japanese Organizations
Summary: Cisco Talos has uncovered a sophisticated cyberattack campaign targeting various Japanese industries, actively exploiting a vulnerability in PHP-CGI for remote code execution. The attacks include credential theft, privilege escalation, and deployment of persistent backdoors facilitated by the Cobalt Strike toolkit. Despite similarities to previous hacker group tactics, the attackers’ identities remain unconfirmed.…
Read More
🚨Cyber Attack Chronicles🚨
The SolarWinds hack, a significant supply chain attack discovered in December 2020, compromised numerous Fortune 500 companies and government agencies, resulting in extensive cybersecurity repercussions. Attackers embedded malicious code into SolarWinds’ Orion software updates, infiltrating thousands of networks and highlighting the vulnerabilities in vendor trust. Affected: Fortune 500 companies, US Government agencies, SolarWinds

Keypoints :

The hack was discovered in December 2020, but the infiltration began as early as March 2020.…
Read More
Chemistry Walkthrough – HackTheBox
In this article, the author details an easy Linux machine exploitation process that begins with gaining foothold through a CVE vulnerability and escalates to root access via another exploit. The author notes the machine’s slow performance and encourages patience during the tests. The walkthrough includes reconnaissance, exploitation of vulnerabilities in the Pymatgen library and Python aiohttp framework, and obtaining root access.…
Read More
GZR Observer Daily, Mar 7, 2025
The U.S. has introduced tariffs on Canadian goods, leading to retaliatory actions that may increase costs for 1.5 million customers in border states. This situation mirrors past global economic crises and highlights growing geopolitical tensions, trade wars, and implications for domestic industries. Affected: U.S. customers in border states, Canadian goods

Keypoints :

The U.S.…
Read More
Security Implications of Low-Code/No-Code Platforms: The Unseen Cyberwar
This article provides a thorough analysis of the security vulnerabilities associated with low-code/no-code (LCNC) platforms, exposing architectural flaws and real-world breaches. It outlines case studies involving significant breaches such as Microsoft Power Apps and Airtable, highlighting the negligence of platform providers. A call to action for stronger security practices and vendor accountability concludes the report.…
Read More
PHP-CGI RCE Flaw Exploited in Attacks on Japan’s Tech, Telecom, and E-Commerce Sectors
Summary: A malicious campaign targeting various sectors in Japan has been attributed to unknown threat actors exploiting the CVE-2024-4577 vulnerability in PHP. The attackers utilize Cobalt Strike plugins for post-exploitation, establishing persistent access and conducting reconnaissance to steal credentials and sensitive data. Their operations utilizing tools hosted on Alibaba cloud servers suggest that their motives may extend beyond credential harvesting, indicating potential future threats.…
Read More
Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole .5 Billion in Bybit Heist
Summary: Safe{Wallet} disclosed details about a sophisticated cyberattack on Bybit, attributed to state-sponsored North Korean hackers. The attackers employed advanced social engineering techniques to compromise a developer’s machine and hijack AWS session tokens, enabling them to conduct covert operations. The incident highlights serious security vulnerabilities in the cryptocurrency industry, which faces record losses from hacks in 2025.…
Read More
Summary: Microsoft Threat Intelligence reports that the Chinese state-backed cyber-espionage group, Silk Typhoon, has shifted tactics to exploit IT supply chains by targeting remote management tools and cloud applications. Their focus on infiltrating IT service providers and infrastructure companies allows them to indirectly access downstream networks, posing significant risks to various sectors.…
Read More
Emulating the Relentless RansomHub Ransomware
RansomHub is a newly emerged Ransomware-as-a-Service (RaaS) operation targeting organizations globally, implementing a double-extortion model that encrypts and steals sensitive data. The encryptor, encoded in C++ or Go, presents challenges for security analysis due to its password requirement for execution. Potential links to previous ransomware groups like Knight and BlackCat/ALPHV are noted.…
Read More
Unmasking the new persistent attacks on Japan
Cisco Talos discovered a malicious campaign attributed to an unknown attacker targeting organizations in Japan since January 2025, primarily exploiting the CVE-2024-4577 vulnerability to gain initial access and deploy advanced adversarial tools via Cobalt Strike. The attacker’s activities entail credential theft, system compromise, and potential lateral movement which could impact various industries.…
Read More
Sendai Vulnlab – ESC4 & ReadGMSAPassword for AD Domination
In the latest round of Active Directory exploitation, Maverick dives into the Sendai machine, showcasing vulnerabilities in Active Directory Certificate Services, password management, and SMB enumeration. Through strategic techniques such as password spraying and privilege escalation, an impressive path to Domain Admin is laid out, emphasizing the importance of enumeration and awareness of misconfigurations in AD environments.…
Read More
Silk Typhoon Shifts Tactics to Exploit Common IT Solutions
A new tactic shift by the Chinese espionage group Silk Typhoon has been identified, showcasing their increasing exploitation of common IT solutions to gain access. Their operations have affected numerous sectors including IT services, healthcare, government, and education, primarily in the US. Their methods include credential abuse, exploiting zero-day vulnerabilities, and lateral movement.…
Read More