Posts on Security, Cloud, DevOps, Citrix, VMware and others.
Words and views are my own and do not reflect on my companies views.
Disclaimer: some of the links on this site are affiliate links, if you click on them and make a purchase, I make a commission.
Over the next few weeks, we’re breaking down the most critical sections of our 2024 Year in Review.
This week, we examine the most frequently targeted vulnerabilities—particularly those affecting network infrastructure. We also detail a noticeable shift in adversary behavior, as threat actors move away from time-sensitive lures in phishing campaigns. Finally, we highlight the tools most commonly leveraged by attackers last year and provide guidance on how to detect their presence in your environment.
Download thefull reportfor a deeper understanding of these trends and actionable steps to strengthen your defenses.
Security Operations Centers (SOCs) today face unprecedented alert volumes and increasingly sophisticated threats. Triaging and investigating these alerts are costly, cumbersome, and increases analyst fatigue, burnout, and attrition. While artificial intelligence has emerged as a go-to solution, the term "AI" often blurs crucial distinctions. Not all AI is built equal, especially in the SOC. Many existing solutions are assistant-based, requiring constant human input, while a new wave of autonomous, Agentic AI has the potential to fundamentally transform security operations.
This article examines Agentic AI (sometimes also known as Agentic Security), contrasts it with traditional assistant-based AI (commonly known as Copilots), and explains its operational and economic impacts on modern SOCs. We'll also explore practical considerations for security leaders evaluating Agentic AI solutions.
Agentic AI vs. Assistant AI (aka Copilots): Clarifying the Difference
Agentic AI is defined by autonomy. Unlike traditional AI tools—which function as powerful assistants—Agentic AI systems independently perceive, plan, investigate, and conclude. In the context of SOC operations, Agentic AI acts much like a skilled Tier-1 analyst, autonomously triaging alerts using industry best practices, thoroughly investigating incidents, and providing actionable outcomes with minimal human oversight.
Assistant AI solutions, by contrast, are essentially smart tools waiting for human guidance. A security copilot, for example, can suggest insights or answer analyst questions about an alert, but it won't proactively investigate without explicit instruction. Every decision, action, or conclusion must first pass through a human analyst.
Consider a scenario involving potential malware:
Assistant AI waits for the analyst's prompt, then responds to specific queries, leaving investigation decisions to the human.
Agentic AI, conversely, proactively initiates and completes a full investigation—analyzing logs, correlating events, and possibly containing threats, then delivers a detailed report ready for human review.
The crucial distinction here is initiative and autonomy. Agentic AI isn't just another SOC automation tool like SOARs, it's an autonomous member of your security team. Unlike traditional SOAR or Hyperautomation tools, it doesn't need playbooks or scripted workflows. It adapts in real time, triaging and investigating alerts without you having to map out every move.
How Agentic AI Transforms SecOps and Improves SOC Economics
Also known as AI SOC Analysts, Agentic AI transforms the core of security operations by automating triage and investigation which is often the most time-consuming, high-volume tasks in the SOC. It doesn't just accelerate existing workflows, it makes them scalable, consistent, and cost-effective.
Instant triage at scale
Agentic AI evaluates every alert as it arrives, around the clock. It triages based on real indicators of risk, not just severity labels, reducing dwell time and surfacing the right threats faster than any human team could.
Deep, consistent investigations
Unlike basic enrichment or playbook automation, Agentic AI conducts structured investigations that follow lines of questioning an experienced analyst would pursue. Every alert gets the same level of scrutiny, regardless of priority, removing the need to choose between speed and depth.
Fewer gaps, better prioritization
Traditional SOCs often ignore low- and medium-priority alerts due to time constraints. Agentic AI closes those gaps by investigating everything and ranking results based on actual risk. The result is better prioritization and fewer missed threats.
Operational consistency, even under pressure
With no fatigue or bandwidth limits, Agentic AI maintains quality during alert storms and high-pressure moments. It eliminates triage shortcuts and helps avoid costly oversights, regardless of volume.
More focus, less burnout
By offloading repetitive triage and initial investigations (specially around removing the flood of benign alerts from human analyst queue), Agentic AI frees analysts to focus on high-value work like complex investigations and threat hunting. This reduces burnout and improves team retention, a critical factor in a competitive market with persistent skills shortage.
Lower costs, higher capacity
Agentic AI boosts alert coverage and investigative speed without adding pressure to already stretched teams. It helps organizations scale security operations and add capacity in the face of ongoing cybersecurity skills shortages.
Improved outcomes, measurable ROI
By investigating every alert thoroughly and consistently, Agentic AI improves key metrics like dwell time and Mean Time to Investigate (MTTI). Faster detection and deeper investigations reduce risk exposure and mitigate the financial and reputational impact of breaches.
A force multiplier for the SOC
Agentic AI doesn't replace analysts, it amplifies them. It helps teams scale efficiently, operate more effectively, and achieve better outcomes with fewer resources. The result: stronger security and a healthier bottom line.
Key Considerations for Evaluating Agentic AI for your SOC
Not all agentic solutions are equal. Security leaders must assess solutions based on:
Transparency and Explainability: Ensure the solution clearly documents how decisions are made, enabling analysts and auditors to validate results confidently.
Accuracy and Investigative Depth: High accuracy and thorough, multi-dimensional investigations across all relevant data sources are essential.
Seamless Integration: The solution should easily connect to your existing tools and fit within established workflows, minimizing disruption.
Customization and Adaptability: Seek AI solutions capable of learning and adapting to your unique security context.
Impact and ROI: Measure the impact of the AI using the key SOC metrics that matter to your business. Ultimately, you want an Agentic AI tool for your SOC that improves business performance (i.e., lowers risk, lowers costs) and the metrics you track should be aligned with that.
How Prophet Security Redefines Alert Triage: Autonomous but Human-Driven
The introduction of Agentic AI represents a fundamental evolution for SOC teams, not a replacement of human analysts, but an augmentation enabling them to perform at their best. As organizations evaluate this transformative technology, choosing a transparent, accurate, and adaptive solution ensures that the SOC remains effective, efficient, and human-centric.
By handling routine investigations autonomously, Agentic AI empowers human analysts to focus on higher-value tasks, transforming the SOC from reactive to proactive and precise. Embracing this evolution today positions security teams to remain resilient against tomorrow's advanced threats.
Prophet Security exemplifies this evolution by automating alert triage and investigations with exceptional speed and accuracy. Powered by AI Agents, Prophet AI eliminates repetitive manual tasks, reduces analyst burnout, and significantly improves security outcomes. Visit Prophet Security today to request a demo and see firsthand how Prophet AI can elevate your SOC operations.
Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.
from The Hacker News https://ift.tt/l1UqtfZ
via IFTTT
The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed a new set of cyber attacks targeting Ukrainian institutions with information-stealing malware.
The activity is aimed at military formations, law enforcement agencies, and local self-government bodies, particularly those located near Ukraine's eastern border, the agency said.
The attacks involve distributing phishing emails containing a macro-enabled Microsoft Excel spreadsheet (XLSM), which, when opened, facilities the deployment of two pieces of malware, a PowerShell script taken from the PSSW100AVB ("Powershell Scripts With 100% AV Bypass") GitHub repository that opens a reverse shell, and a previously undocumented stealer dubbed GIFTEDCROOK.
"File names and email subject lines reference relevant and sensitive issues such as demining, administrative fines, UAV production, and compensation for destroyed property," CERT-UA said.
"These spreadsheets contain malicious code which, upon opening the document and enabling macros, automatically transforms into malware and executes without the user's knowledge."
Written in C/C++, GIFTEDCROOK facilitates the theft of sensitive data from web browsers like Google Chrome, Microsoft Edge, and Mozilla Firefox, such as cookies, browsing history, and authentication data.
The email messages are sent from compromised accounts, often via the web interface of email clients, to lend the messages a veneer of legitimacy, and trick prospective victims into opening the documents. CERT-UA has attributed the activity to a threat cluster UAC-0226, although it has not been linked to a specific country.
The development comes as a suspected Russia-nexus espionage actor dubbed UNC5837 has been linked to a phishing campaign targeting European government and military organizations in October 2024.
"The campaign employed signed .RDP file attachments to establish Remote Desktop Protocol (RDP) connections from victims' machines," the Google Threat Intelligence Group (GTIG) said.
"Unlike typical RDP attacks focused on interactive sessions, this campaign creatively leveraged resource redirection (mapping victim file systems to the attacker servers) and RemoteApps (presenting attacker-controlled applications to victims)."
It's worth noting that the RDP campaign was previouslydocumented by CERT-UA, Amazon Web Services, and Microsoft in October 2024 and subsequently by Trend Micro in December. CERT-UA is tracking the activity under the name UAC-0215, while the others have attributed it to the Russian state-sponsored hacking group APT29.
The attack is also notable for the likely use of an open-source tool called PyRDP to automate malicious activities such as file exfiltration and clipboard capture, including potentially sensitive data like passwords.
"The campaign likely enabled attackers to read victim drives, steal files, capture clipboard data (including passwords), and obtain victim environment variables," the GTIG said in a Monday report. "UNC5837's primary objective appears to be espionage and file stealing."
In recent months, phishing campaigns have also been observed using fake CAPTCHAs and Cloudflare Turnstile to distribute Legion Loader (aka Satacom), which then serves as a conduit to drop a malicious Chromium-based browser extension named "Save to Google Drive."
"The initial payload is spread via a drive-by download infection that starts when a victim searches for a specific document and is lured to a malicious website," Netskope Threat Labs said. "The downloaded document contains a CAPTCHA that, once clicked by the victim, will redirect it to a Cloudflare Turnstile CAPTCHA and then eventually to a notification page."
The page prompts users to allow notifications on the site, after which the victims are redirected to a second Cloudflare Turnstile CAPTCHA that, upon completion, is redirected again to a page that provides ClickFix-style instructions to download the document they are looking for.
In reality, the attack paves the way for the delivery and execution of an MSI installer file that's responsible for launching Legion Loader, which, in turn, performs a series of steps to download and run interim PowerShell scripts, ultimately adding the rogue browser extension to the browser.
The PowerShell script also terminates the browser session for the extension to be enabled, turns on developer mode in the settings, and relaunches the browser. The end goal is to capture a wide range of sensitive information and exfiltrate it to the attackers.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
from The Hacker News https://ift.tt/W8cl2S4
via IFTTT
A recently disclosed critical security flaw impacting CrushFTP has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog after reports emerged of active exploitation in the wild.
The vulnerability is a case of authentication bypass that could permit an unauthenticated attacker to take over susceptible instances. It has been fixed in versions 10.8.4 and 11.3.1.
"CrushFTP contains an authentication bypass vulnerability in the HTTP authorization header that allows a remote unauthenticated attacker to authenticate to any known or guessable user account (e.g., crushadmin), potentially leading to a full compromise," CISA said in an advisory.
The shortcoming has been assigned the CVE identifier CVE-2025-31161 (CVSS score: 9.8). It bears noting that the same vulnerability was previously tracked as CVE-2025-2825, which has now been marked Rejected in the CVE list.
The development comes after the disclosure process associated with the flaw has been entangled in controversy and confusion, with VulnCheck – due to it being a CVE Numbering Authority (CNA) – assigned an identifier (i.e., CVE-2025-2825), while the actual CVE (i.e., CVE-2025-31161) had been pending.
Outpost24, which is credited with responsibly disclosing the flaw to the vendor, has stepped in to clarify that it requested a CVE number from MITRE on March 13, 2025, and that it was coordinating with CrushFTP to ensure that the fixes were rolled out within a 90-day disclosure period.
However, it wasn't until March 27 that MITRE assigned the flaw the CVE CVE-2025-31161, by which time VulnCheck had released a CVE of its own without contacting "CrushFTP or Outpost24 beforehand to see if a responsible disclosure process was already underway."
The Swedish cybersecurity company has since released step-by-step instructions to trigger the exploit without sharing much of the technical specifics -
Generate a random alphanumeric session token of a minimum 31 characters of length
Set a cookie called CrushAuth to the value generated in step 1
Set a cookie called currentAuth to the last 4 characters of the value generated in step 1
Perform an HTTP GET request to the target /WebInterface/function/ with the cookies from steps 2 and 3, as well as an Authorization header set to "AWS4-HMAC=<username>/," where <username> is the user to be signed in as (e.g., crushadmin)
A net result of these actions is that the session generated at the start gets authenticated as the chosen user, allowing an attacker to execute any commands that user has rights to.
Huntress, which re-created a proof-of-concept for CVE-2025-31161, said it observed in-the-wild exploitation of CVE-2025-31161 on April 3, 2025, and that it uncovered further post-exploitation activity involving the use of MeshCentral agent and other malware. There is some evidence to suggest that the compromise may have happened as early as March 30.
The cybersecurity firm said it has seen exploitation efforts targeting four distinct hosts from four different companies to date, adding three of those affected were hosted by the same managed service provider (MSP). The names of the impacted companies were not disclosed, but they belong to marketing, retail, and semiconductor sectors.
The threat actors have been found to weaponize the access to install legitimate remote desktop software such as AnyDesk and MeshAgent, while also taking steps to harvest credentials in at least one instance.
After deploying MeshAgent, the attackers are said to have added a non-admin user ("CrushUser") to the local administrators group and delivered another C++ binary ("d3d11.dll"), an implementation of the open-source library TgBot.
"Tt is likely that the threat actors are making use of a Telegram bot to collect telemetry from infected hosts," Huntress researchers said.
As of April 6, 2025, there are 815 unpatched instances vulnerable to the flaw, with 487 of them located in North America and 250 in Europe. In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary patches by April 28 to secure their networks.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
from The Hacker News https://ift.tt/SMVK78x
via IFTTT
Are you looking for guidance on how to effectively integrate security best practices within your Azure and AI projects? We know the pace of technological innovation offers as many opportunities as it does challenges. However, security cannot be an afterthought as you create Azure deployments and accelerate AI solutions.
That’s why we’re inviting you to attend Tech Accelerator: Azure Security and AI Adoption on April 22. Designed for developers and cloud architects, this one-day virtual event will equip you with the essential guidance and resources you need to securely plan, build, manage, and optimize your Azure deployments and AI projects.
Why should you attend?
During this event, you will learn how to leverage Microsoft security guidance, products, and tooling throughout your cloud journey – from the time you consider Azure to the point that you’re regularly managing and optimizing workloads. Discover how Microsoft protects its platform, how to identify security risks in your Azure environments, protect your infrastructure from security threats, design secure AI environments, and build and protect your AI applications.
What can you expect?
During this event, you’ll have the opportunity to:
Learn from the experts: Get in-depth technical guidance from Microsoft experts to secure your Azure deployments and AI applications.
Engage with the community: Connect with fellow developers, cloud architects, and IT professionals.
Event details
Dates: April 22, 2025
Duration: 8:00-11:30 AM Pacific Time
Format: One keynote + six 25-minute sessions with technical guidance and demos
April 22, 2025:
Session
Time
Security: An essential part of your Azure and AI journey (keynote)
8:00 AM PT
Secure by design: Azure datacenter and hardware security
8:30 AM PT
Azure platform security: Embedded features and use cases
9:00 AM PT
Enhancing security for cloud migration
9:30 AM PT
How to secure your AI environment
10:00 AM PT
How to design and build secure AI projects
10:30 AM PT
Safeguard AI applications with Microsoft Defender for Cloud
11:00 AM PT
All sessions will be streamed live on the Microsoft Tech Community platform with live Q&A during the event with the speakers and subject experts. Q&A will close at 12:00 PM PT on Friday, April 25, 2025. Sessions will be available on demand immediately, so you can watch at your convenience.
Registration is not required. On each session page, you can find an Add to calendar link. Click the Attend button on the page to receive reminders. Please post questions early and often; we’re here to help!
In October 2024, Google Threat Intelligence Group (GTIG) observed a novel phishing campaign targeting European government and military organizations that was attributed to a suspected Russia-nexus espionage actor we track as UNC5837. The campaign employed signed .rdp file attachments to establish Remote Desktop Protocol (RDP) connections from victims' machines. Unlike typical RDP attacks focused on interactive sessions, this campaign creatively leveraged resource redirection (mapping victim file systems to the attacker servers) and RemoteApps (presenting attacker-controlled applications to victims). Evidence suggests this campaign may have involved the use of an RDP proxy tool likePyRDPto automate malicious activities like file exfiltration and clipboard capture. This technique has beenpreviously dubbedas “Rogue RDP.”
The campaign likely enabled attackers to read victim drives, steal files, capture clipboard data (including passwords), and obtain victim environment variables. While we did not observe direct command execution on victim machines, the attackers could present deceptive applications for phishing or further compromise. The primary objective of the campaign appears to be espionage and file theft, though the full extent of the attacker's capabilities remains uncertain. This campaign serves as a stark reminder of the security risks associated with obscure RDP functionalities, underscoring the importance of vigilance and proactive defense.
Introduction
Remote Desktop Protocol (RDP) is a legitimate Windows service that has beenwellresearchedby the security community. However, most of the security community’s existing research is focused on the adversarial use of RDP to control victim machines via interactive sessions.
This campaign included use of RDP that was not focused on interactive control of victim machines. Instead, adversaries leveraged two lesser-known features of the RDP protocol to present an application (the nature of which is currently unknown) and access victim resources. Given the low prevalence of this tactic, technique, and procedure (TTP) in previous reporting, we seek to explore the technical intricacies of adversary tradecraft abusing the following functionality of RDP:
RDP Property Files (.rdp configuration files)
Resource redirection (e.g. mapping victim file systems to the RDP server)
RemoteApps (i.e. displaying server-hosted applications to victim)
Additionally, we will shed light onPyRDP, an open-source RDP proxy tool that offers attractive automation capabilities to attacks of this nature.
By examining the intricacies of the tradecraft observed, we gain not only a better understanding of existing campaigns that have employed similar tradecraft, but of attacks that may employ these techniques in the future.
Campaign Operations
This campaign tracks a wave of suspected Russian espionage activity targeting European government and military organizations via widespread phishing. Google Threat Intelligence Group (GTIG) attributes this activity to a suspected Russia-nexus espionage actor group we refer to as UNC5837. The Computer Emergency Response Team of Ukraine (CERT-UA)reportedthis campaign on Oct. 29, 2024, noting the use of mass-distributed emails with.rdp file attachments among government agencies and other Ukrainian organizations. This campaign has also been documented byMicrosoft,TrendMicro, andAmazon.
The phishing email in the campaign claimed to be part of a project in conjunction with Amazon, Microsoft, and the Ukrainian State Secure Communications and Information Security Agency. The email included a signed .rdp file attachment purporting to be an application relevant to the described project. Unlike more common phishing lures, the email explicitly stated no personal data was to be provided and if any errors occurred while running the attachment, to ignore it as an error report would be automatically generated.
Figure 1: Campaign email sample
Executing the signed attachment initiates an RDP connection from the victim's machine. The attachment is signed with a Let’s Encrypt certificate issued to the domain the RDP connection is established with. The signed nature of the file bypasses the typical yellow warning banner, which could otherwise alert the user to a potential security risk. More information on signature-related characteristics of these files are covered in a later section.
The malicious .rdp configuration file specifies that, when executed, an RDP connection is initiated from the victim’s machine while granting the adversary read & write access to all victim drives and clipboard content. Additionally, it employs the RemoteApp feature, which presents a deceptive application titled "AWS Secure Storage Connection Stability Test" to the victim's machine. This application, hosted on the attacker's RDP server, masquerades as a locally installed program, concealing its true, potentially malicious nature. While the application's exact purpose remains undetermined, it may have been used for phishing or to trick the user into taking action on their machine, thereby enabling further access to the victim's machine.
Further analysis suggests the attacker may have used an RDP proxy tool likePyRDP(examined in later sections), which could automate malicious activities such as file exfiltration and clipboard capture, including potentially sensitive data like passwords. While we cannot confirm the use of an RDP proxy tool, the existence, ease of accessibility, and functionalities offered by such a tool make it an attractive option for this campaign. Regardless of whether such a tool was used or not, the tool is bound to the permissions granted by the RDP session. At the time of writing, we are not aware of an RDP proxy tool that exploits vulnerabilities in the RDP protocol, but rather gives enhanced control over the established connection.
The techniques seen in this campaign, combined with the complexity of how they interact with each other, make it tough for incident responders to assess the true impact to victim machines. Further, the number of artifacts left to perform post-mortem are relatively small, compared to other attack vectors. Because existing research on the topic is speculative regarding how much control an attacker has over the victim, we sought to dive deeper into the technical details of the technique components. While full modi operandi cannot be conclusively determined, UNC5837’s primary objective appears to be espionage and file stealing.
Deconstructing the Attack: A Deep Dive into RDP Techniques
Remote Desktop Protocol
The RDP is used for communication between the Terminal Server and Terminal Server Client. RDP works with the concept of “virtual channels” that are capable of carrying presentation data, keyboard/mouse activity, clipboard data, serial device information, and more. Given these capabilities, as an attack vector, RDP is commonly seen as a route for attackers in possession of valid victim credentials to gain full graphical user interface(GUI) access to a machine. However, the protocol supports other interesting capabilities that can facilitate less conventional attack techniques.
RDP Configuration Files
RDP has a number of properties that can be set to customize the behavior of a remote session (e.g., IP to connect to, display settings, certificate options). While most are familiar with configuring RDP sessions via a traditional GUI (mstsc.exe), these properties can also be defined in a configuration file with the .rdp extension which, when executed, achieves the same effect.
The following .rdp file was seen as an email attachment (SHA256): ba4d58f2c5903776fe47c92a0ec3297cc7b9c8fa16b3bf5f40b46242e7092b46
An excerpt of this .rdp file is displayed in Figure 3 with annotations describing some of the configuration settings.
When executed, this configuration file initiates an RDP connection to the malicious command-and-control (C2 or C&C) servereu-southeast-1-aws[.]govtr[.]cloudand redirects all drives, printers, COM ports, smart cards, WebAuthn requests (e.g., security key), clipboard, and point-of-sale (POS) devices to the C2 server.
Theremoteapplicationmodeparameter being set to 1 will switch the session from the “traditional” interactive GUI session to instead presenting the victim with only a part (application) of the RDP server. The RemoteApp, titledAWS Secure Storage Connection Stability Test v24091285697854, resides on the RDP server and is presented to the victim in a windowed popup. The icon used to represent this application (on the Windows taskbar for example) is defined byremoteapplicationicon. Windows environment variables%USERPROFILE%, %COMPUTERNAME%, and %USERDNSDOMAIN%are used as command-line arguments to the application. Due to the use of the propertyremoteapplicationexpandcmdline:i:0, the Windows environment variables sent to the RDP server will be that of the client (aka victim), effectively performing initial reconnaissance upon connection.
Lastly, thesignatureproperty defines the encoded signature that signs the .rdp file. The signature used in this case was generated usingLet’s Encrypt. Interestingly, the SSL certificate used to sign the file is issued for the domain the RDP connection is made to. For example, with SHA256: 1c1941b40718bf31ce190588beef9d941e217e6f64bd871f7aee921099a9d881.
Figure 4: Signature property within .rdp file
Tools likerdp_holidaycan be used to decode the public certificate embedded within the file in Figure 4.
Figure 5: .rdp file parsed by rdp_holiday
The certificate is an SSL certificate issued for the domain the RDP connection is made to. This can be correlated with the RDP propertiesfull_address/alternate_full_address.
alternate full address:s:eu-north-1-aws.ua-gov.cloud
full address:s:eu-north-1-aws.ua-gov.cloud
Figure 6: Remote Address RDP Proprties
.rdp files targeting other victims also exhibited similar certificate behavior.
In legitimate scenarios, an organization couldsign RDP connectionswith SSL certificates tied to their organization’s certificate authority. Additionally, an organization could also disable execution of .rdp files from unsigned and unknown publishers. The corresponding GPO can be found underAdministrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Connection Client -> Allow .rdp files from unknown publishers.
Figure 7: GPO policy for disabling unknown and unsigned .rdp file execution
The policy in Figure 7 can optionally further be coupled with the “Specify SHA1 Thumbprints of certificates representing trusted .rdp publishers” policy (within the same location) to add certificates as Trusted Publishers.
From an attacker’s perspective, existence of a signature allows the connection prompt to look less suspicious (i.e., without the usual yellow warning banner), as seen in Figure 8.
This RDP configuration approach is especially notable because it maps resources from both the adversary and victim machines:
This RemoteApp being presented resides on the adversary-controlled RDP server, not the client/victim machine.
The Windows environment variables are that of the client/victim that are forwarded to the RDP server as command-line arguments
Victim file system drives are forwarded and accessible as remote shares on the RDP server. Only the drives accessible to the victim-user initiating the RDP connection are accessible to the RDP server. The RDP server by default has the ability to read and write to the victim’s file system drives
Victim clipboard data is accessible to the RDP server. If the victim machine is running within a virtualized environment but shares its clipboard with the host machine in addition to the guest, the host’s clipboard will also be forwarded to the RDP server.
Keeping track of what activity happens on the victim and on the server in the case of an attacker-controlled RDP server helps assess the level of control the attacker has over the victim machine. A deeper understanding of the RDP protocol's functionalities, particularly those related to resource redirection and RemoteApp execution, is crucial for analyzing tools like PyRDP. PyRDP operates within the defined parameters of the RDP protocol, leveraging its features rather than exploiting vulnerabilities. This makes understanding the nuances of RDP essential for comprehending PyRDP's capabilities and potential impact.
More information on RDP parameters can be foundhereandhere.
Resource Redirection
The campaign’s .rdp configuration file set several RDP session properties for the purpose of resource redirection.
RDP resource redirection enables the utilization of peripherals and devices connected to the local system within the remote desktop session, allowing access to resources such as:
Printers
Keyboards, mouse
Drives (hard drives, CD/DVD drives, etc.)
Serial ports
Hardware keys like Yubico (via smartcard and WebAuthn redirection)
Audio devices
Clipboards (for copy-pasting between local and remote systems)
Resource redirection in RDP is facilitated through Microsoft's "virtual channels." The communication happens via special RDP packets, called protocol data packets (PDU), that mirror changes between the victim and attacker machine as long as the connection is active. More information on virtual channels and PDU structures can be found inMS-RDPERP.
Typically, virtual channels employ encrypted communication streams. However, PyRDP is capable of capturing the initial RDP handshake sequences and hence decrypting the RDP communication streams.
Figure 9: Victim’s mapped-drives as seen on an attacker’s RDP server
Remote Programs / RemoteApps
RDP has an optional feature calledRemoteApp programs, which are applications (RemoteApps) hosted on the remote server that behave like a windowed application on the client system, which in this case is a victim machine. This can make a malicious remote app seem like a local application to the victim machine without ever having to touch the victim machine’s disk.
Figure 10 is an example of the MS Paint application presented as a RemoteApp as seen by a test victim machine. The application does not exist on the victim machine but is presented to appear like a native application. Notice how there is no banner/top dock that indicates an RDP connection one would expect to see in an interactive session. The only indicator appears to be the RDP symbol on the taskbar.
Figure 10: RDP RemoteApp (MsPaint.exe) hosted on the RDP server, as seen on a test victim machine
All resources used by RemoteApp belong to that of the RDP server. Additionally, if victim drives are mapped to the RDP server, they are accessible by the RemoteApp as well.
PyRDP
While the use of a tool like PyRDP in this campaign cannot be confirmed, the automation capabilities it offers make it an attractive option worth diving deeper into. A closer look at PyRDP will illuminate how such a tool could be useful in this context.
PyRDPis an open-source, Python-based, man-in-the-middle (MiTM) RDP proxy toolkit designed for offensive engagements.
Figure 11: PyRDP as a MiTM tool
PyRDP operates by running on a host (MiTM server) and pointing it to a server running Windows RDP. Victims connect to the MiTM server with no indication of being connected to a relay server, while PyRDP seamlessly relays the connection to the final RDP server while providing enhanced capabilities over the connection, such as:
Stealing NTLM hashes of the credentials used to authenticate to the RDP server
Running commands on the RDP server after the user connects
Capturing the user’s clipboard
Enumerating mapped drives
Stream, record (video format), and session takeover
It’s important to note that, from our visibility, PyRDP does not exploit vulnerabilities or expose a new weakness. Instead, PyRDP gives granular control to the functionalities native to the RDP protocol.
Password Theft
PyRDP is capable of stealing passwords, regardless of whether Network Level Authentication (NLA) is enabled. In the case NLA is enabled, it will capture the NTLM hash via the NLA as seen in Figure 12. It does so by interrupting the original RDP connection sequence and completing part of it on its own, thereby allowing it to capture hashed credentials. The technique works in a similar way toResponder. More information about how PyRDP does this can be foundhere.
Figure 12: RDP server user NTLMv2 Hashes recorded by PyRDP during user authentication
Alternatively, if NLA is not enabled, PyRDP attempts to scan the codes it receives when a user tries to authenticate and convert them into virtual key codes, thereby "guessing" the supplied password. The authors of the tool refer to this as their “heuristic method” of detecting passwords.
Figure 13: Plaintext password detection without NLA
When the user authenticates to the RDP server, PyRDP captures these credentials used to login to the RDP server. In the event the RDP server is controlled by the adversary (e.g., in this campaign), this feature does not add much impact since the credentials captured belong to the actor-controlled RDP server. This capability becomes impactful, however, when an attacker attempts an MiTM attack where the end server is not owned by them.
It is worth noting that during setup, PyRDP allows credentials to be supplied by the attacker. These credentials are then used to authenticate to the RDP server. By doing so, the user does not need to be prompted for credentials and is directly presented with the RemoteApp instead. In the campaign, given that theusernameRDP property was empty, the RDP server was attacker-controlled, and the RemoteApp seemed to be core to the storyline of the operation, we suspect a tool like PyRDP was used to bypass the user authentication prompt to directly present theAWS Secure Storage Connection Stability Test v24091285697854RemoteApp to the victim.
Finally, PyRDP automatically captures the RDP challenge during connection establishment. This enables RDP packets to be decrypted if raw network captures are available, revealing more granular details about the RDP session.
Command Execution
PyRDP allows for commands to be executed on the RDP server. However, it does not allow for command execution on the victim’s machine. At the time of deployment, commands to be executed can be supplied to PyRDP in the following ways:
MS-DOS (cmd.exe)
PowerShell commands
PowerShell scripts hosted on the PyRDP server file system
PyRDP executes the command by freezing/blocking the RDP session for a given amount of time, while the command executes in the background. To the user, it seems like the session froze. At the time of deploying the PyRDP MiTM server, the attacker specifies:
What command to execute (in one of the aforementioned three ways)
How long to block/freeze the user session for
How long the command will take to complete
PyRDP is capable of detecting user connections and disconnections to RDP sessions. However, it lacks the ability to detect user authentication to the RDP server. As a user may connect to an RDP session without immediately proceeding to account login, PyRDP cannot determine authentication status, thus requiring the attacker to estimate a waiting period following user connection (and preceding authentication) before executing commands. It also requires the attacker to define the duration for which the session is to be frozen during command execution, since PyRDP has no way of knowing when the command completes.
The example in Figure 14 relays incoming connections to an RDP server on 192.168.1.2. Upon connection, it then starts the calc.exe process on the RDP server 20 seconds after the user connects and freezes the user session for five seconds while the command executes.
A clever attacker can use this capability of PyRDP to plant malicious files on a redirected drive, even though it cannot directly run it on the victim machine. This could facilitate dropping malicious files in locations that allow for further persistent access (e.g., via DLL-sideloading, malware in startup locations). Defenders can hunt for this activity by monitoring file creations originating frommstsc.exe. We'll dive deeper into practical detection strategies later in this post.
Clipboard Capture
PyRDP automatically captures the clipboard of the victim user for as long as the RDP connection is active. This is one point where the attacker’s control extends beyond the RDP server and onto the victim machine.
Note that if a user connects from a virtual environment (e.g., VMware) and the host machine's clipboard is mapped to the virtual machine, it would also be forwarded to the RDP session. This can allow the attacker to capture clipboard content from the host and guest machine combined.
Scraping/Browsing Client Files
With file redirection enabled, PyRDP can crawl the target system and save all or specified folders to the MiTM server if instructed at setup using the--crawloption. If the--crawloption is not specified at setup, PyRDP will still capture files, but only those accessed by the user during the RDP session, such as environment files. During an active connection, an attacker can also connect to the live stream and freely browse the target system's file system via the PyRDP-player GUI to download files (see Figure 15).
It is worth noting that while PyRDP does not explicitly present the ability to place files on the victim’s mapped drives, the RDP protocol itself does allow it. Should an adversary misuse that capability, it would be outside the scope of PyRDP.
Stream/Capture/Intercept RDP Sessions
PyRDP is capable of recording RDP sessions for later playback. An attacker can optionally stream each intercepted connection and thereafter connect to the stream port to interact with the live RDP connection. The attacker can also take control of the RDP server and perform actions on the target system. When an attacker takes control, the RDP connection hangs for the user, similar to when commands are executed when a user connects.
Streaming, if enabled with the-ioption, defaults to TCP port 3000 (configurable). Live connections are streamed on a locally bound port, accessible via the includedpyrdp-playerscript GUI. Upon completion of a connection, an .mp4 recording of the session can be produced by PyRDP.
This section focuses on collecting forensic information, hardening systems, and developing detections for RDP techniques used in the campaign.
Security detections detailed in this section are already integrated into the Google SecOps Enterprise+ platform. In addition, Google maintains similar proactive measures to protect Gmail and Google Workspace users.
Log Artifacts
Default Windows Machine
During testing, limited evidence was recovered on default Windows systems after drive redirection and RemoteApp interaction. In practice, it would be difficult to distinguish between a traditional RDP connection and one with drive redirection and/or RemoteApp usage on a default Windows system. From a forensic perspective, the following patterns are of moderate interest:
Creation of the following registry key upon connection, which gives insight into attacker server address and username used:
HKU\S-1-5-21-4272539574-4060845865-869095189-1000\SOFTWARE\
Microsoft\Terminal Server Client\Servers\<attacker_IP_Address>
HKU\S-1-5-21-4272539574-4060845865-869095189-1000\SOFTWARE\
Microsoft\Terminal Server Client\Servers\<attacker_server>\UsernameHint:
"<username used for connection>"
The information contained in the Windows Event Logs (Microsoft-Windows-TerminalServices-RDPClient/Operational):
Event ID 1102: Logs attacker server IP address
Event ID 1027: Logs attacker server domain name
Event ID 1029: Logs username used to authenticate in formatbase64(sha256(username)).
Heightened Logging Windows Machine
With enhanced logging capabilities (e.g., Sysmon, Windows advanced audit logging, EDR), artifacts indicative of file write activity on the target system may be present. This was tested and validated using Sysmon file creation events (event ID 11).
Victim system drives can be mapped to the RDP server via RDP resource redirection, enabling both read and write operations. Tools such as PyRDP allow for crawling and downloading the entire file directory of the target system.
When files are written to the target system using RDP resource redirection, the originating process is observed to beC:\Windows\system32\mstsc.exe. A retrospective analysis of a large set of representative data consisting of enhanced logs indicates that file write events originating frommstsc.exeare a common occurrence but display a pattern that could be excluded from alerting.
For example, multiple arbitrarily named terminal server-themed .tmp files following the regex pattern_TS[A-Z0-9]{4}\.tmp(e.g., _TS4F12.tmp) are written to the user’s%APPDATA%/Local/Tempdirectory throughout the duration of the connection.
Additionally, several file writes and folder creations related to the protocol occur in the%APPDATA%/Local\Microsoft\Terminal Server Clientdirectory.
Depending upon the RDP session, excluding these protocol-specific file writes could help manage the number of events to triage and spot potentially interesting ones. It’s worth noting that the Windows system by default will delete temporary folders from the remote computer upon logoff. This does not apply to the file operations on redirected drives.
Should file read activity be enabled,mstsc.exe-originating file reads could warrant suspicion. It is worth noting that file-read events by nature are noisy due to the way the Windows subsystem operates. Caution should be taken before enabling it.
.rdp File via Email
The .rdp configuration file within the campaign was observed being sent as an email attachment. While it's not uncommon for IT administrators to send .rdp files over email, the presence of an external address in the attachment may be an indicator of compromise. The following regex patterns, when run against an organization’s file creation events, can indicate .rdp files being run directly from Outlook email attachments:
/\\AppData\\Local\\Microsoft\\Windows\\(INetCache|Temporary Internet Files)
\\Content\.Outlook\\[A-Z0-9]{8}\\[^\\]{1,255}\.rdp$/
/\\AppData\\Local\\Packages\\Microsoft\.Outlook_[a-zA-Z0-9]{1,50}\\.{0,120}
\\[^\\]{1,80}\.rdp$/
/\\AppData\\Local\\Microsoft\\Olk\\Attachments\\([^\\]{1,50}\\){0,5}[^\\]
{1,80}\.rdp$/
System Hardening
The following options could assist with hardening enterprise environments against RDP attack techniques.
Network-level blocking of outgoing RDP traffic to public IP addresses
Disable resource redirection via the Registry
Key:HKEY_LOCAL_MACHINE\Software\Microsoft\Terminal Server Client
Allow .rdp files from unknown publishers: Setting this to disable will not allow users to run unsigned .rdp files as well as ones from untrusted publishers.
Specify SHA1 Thumbprints of certificates representing trusted .rdp publishers:A way to add certificate SHA1s as trusted file publishers
Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host:Policies on enable/disabling
Resource redirection
Clipboard redirection
Forcing Network Level Authentication
Time limits for active/idle connections
Blocking .rdp file extension as email attachments
The applicability of these measures is subject to the nature of activity within a given environment and what is considered “normal” behavior.
YARA Rules
These YARA rules can be used to detect suspicious RDP configuration files that enable resource redirection and RemoteApps.
This campaign demonstrates how common tradecraft can be revitalized with alarming effectiveness through a modular approach. By combining mass emailing, resource redirection, and the creative sleight-of-hand use of RemoteApps, the actor could effectively leverage existing RDP techniques while leaving minimal forensic evidence. This combination of familiar techniques, deployed in an unconventional manner, proved remarkably effective, proving that the true danger of Rogue RDP lies not in the code, but in the con.
In this particular campaign, while control over the target system seems limited, the main capabilities revolve around file stealing, clipboard data capture, and access to environment variables. It is more likely this campaign was aimed at espionage and user manipulation during interaction. Lastly, this campaign once again underscores how readily available red teaming tools intended for education purposes are weaponized by malicious actors with harmful intentions.
Acknowledgments
Special thanks to: Van Ta, Steve Miller, Barry Vengerik, Lisa Karlsen, Andrew Thompson, Gabby Roncone, Geoff Ackerman, Nick Simonian, and Mike Stokkel.
Cybersecurity agencies from Australia, Canada, New Zealand, and the United States have published a joint advisory about the risks associated with a technique called fast flux that has been adopted by threat actors to obscure a command-and-control (C2) channel.
"'Fast flux' is a technique used to obfuscate the locations of malicious servers through rapidly changing Domain Name System (DNS) records associated with a single domain name," the agencies said. "This threat exploits a gap commonly found in network defenses, making the tracking and blocking of malicious fast flux activities difficult."
The advisory comes courtesy of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Signals Directorate's Australian Cyber Security Centre, Canadian Centre for Cyber Security, and New Zealand's National Cyber Security Centre.
Fast flux has been embraced by many a hacking group in recent years, including threat actors linked to Gamaredon, CryptoChameleon, and Raspberry Robin in an effort to make their malicious infrastructure evade detection and law enforcement takedowns.
The approach essentially entails using a variety of IP addresses and rotating them in rapid succession, while pointing to one malicious domain. It was first detected in the wild in 2007 as part of the Honeynet Project.
It can be either a single flux, where a single domain name is linked to numerous IP addresses, or double flux, where in addition to changing the IP addresses, the DNS name servers responsible for resolving the domain are also changed frequently, offering an extra layer of redundancy and anonymity for the rogue domains.
Mallory's fast flux architecture
"A fast flux network is 'fast' because, using DNS, it quickly rotates through many bots, using each one for only a short time to make IP-based denylisting and takedown efforts difficult," Palo Alto Networks Unit 42 said in a report published in 2021.
Describing fast flux as a national security threat, the agencies said threat actors are using the technique to obfuscate the locations of malicious servers, as well as establish resilient C2 infrastructure that can withstand takedown efforts.
That's not all. Fast flux plays a vital role beyond C2 communications to also help assist adversaries host phishing websites, as well as stage and distribute malware.
To secure against fast flux, organizations are recommended to block IP addresses, sinkhole malicious domains, filter out traffic to and from domains or IP addresses with poor reputations, implement enhanced monitoring, and enforce phishing awareness and training.
"Fast flux represents a persistent threat to network security, leveraging rapidly changing infrastructure to obfuscate malicious activity," the agencies said. "By implementing robust detection and mitigation strategies, organizations can significantly reduce their risk of compromise by fast flux-enabled threats."
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
from The Hacker News https://ift.tt/MfHq6SG
via IFTTT
The moment it became real for me was two weeks ago in New Orleans, when Citrix CTO Shawn Bass welcomed me on stage at our UNITE conference. I hadn’t even said a word yet—I just stood there, grinning in front of a thousand of my new colleagues, thinking, “This is gonna be awesome!”
As Iwrote on LinkedIn when I joined the company, Citrix has been a part of my life for almost 30 years. I first encountered Citrix (WinFrame 1.6!) in the 1990s. I wrote my first blog post, my first book, and gave my first talk about Citrix over 20 years ago. I’ve met the majority of my closest friends via the Citrix community. So being here now is more than just a job for me; it’s truly an honor.
All that said, I didn’t join Citrix because of nostalgia—I joined because of the future.
As I write this in early 2025, we’re on the cusp of the greatest workplace transformation of our lives—bigger than mobility, bigger than SaaS, and bigger than the cloud. AI is changing everything, and the companies that thrive will be the ones who think big, understand how work is evolving, and move decisively.
I came to Citrix because they are doing all three, and I believe this company is uniquely positioned to lead in that new world of work.
In this post, I’ll talk a bit about what I’ve seen and experienced inside the company as one of its newest employees.
The modern workplace is more than Windows
The first thing that struck me is how Citrix is about so much more than VDI now.
Back in 2012, I co-authored a book calledThe VDI Delusion. Its cover showed a hammer trying to drive in a screw. (Because when all you have is a hammer, everything looks like a nail.) The point wasn’t to bash VDI, as I’ve always loved VDI when used properly. Rather, the cover image reinforced that VDI isn’t the right solution for every problem, and that we shouldn’t limit our view of what’s possible based only on the tools we already have.
Fast forward to today: I’m a Citrix employee … and I don’t use VDI!
My daily device is a BYO MacBook. My corporate apps are all web-based, which I make feel like native desktop apps by running them as ChromeProgressive Web Apps(PWAs). My laptop is truly “mine” and unmanaged, yet I’m fully secure and compliant thanks to Citrix Workspace and our enterprise browser. For the more sensitive and internal web apps, Citrix Secure Private Access (SPA) provides VPN-less access in the background without me even knowing it.
This setup works perfectly for me in my role, but of course it’s not the right solution for everyone. For many scenarios, VDI is the right choice, and millions of workers rely on Citrix-delivered VDI every day. The Citrix platform lets IT departments adapt the workspace to the worker, instead of forcing the worker to adapt to the workspace. Whether it’s a full desktop session, individual published apps, or local web apps on managed or unmanaged devices, today’s workers can access the right app in the right way at the right time. We have truly evolved beyond the old days of “VDI for everyone.”
AI is entering the workplace, whether companies are ready or not
My first six weeks at Citrix have given me the opportunity to meet with and listen to several customers and partners, and inevitably those conversations veer towards AI and its impact on the workplace. One early takeaway I have is that while everyone agrees the impact of AI will be massive, many leaders are struggling to quantify its value and unsure where and how to invest in an enterprise-wide strategy.
What’snotin question, though, is what’s actually happening in userland: millions of individual rank-and-file employees are discovering and embracing AI on their own. Some use AI to work faster, some to work smarter, and some to work better, but across every industry, workers are increasingly finding AI tools which help them with more of their tasks every day. And of course we’re still in the very early days of this trend. As AI tools continue to improve, workers will incorporate more and more into the fabric of their daily work. Organizations need to figure out how to respond.
We’re building something great
Citrix has gone through a lot of changes in the past few years. But what I’ve seen and felt since joining is that we’re entering this new era with energy, urgency, and vision.
I’ve had more insightful, interesting, and intriguing conversations in the past six weeks than in any other six-week stretch of my career. Everyone I talk to—product, engineering, sales, strategy, customers, and partners—is thinking about what’s next.
We’re building and shipping. We’re integrating new innovations from recent acquisitions like Unicon, uberAgent, deviceTRUST, and Strong Network. We’re continuing to deepen our partnerships (as shown with recent announcements withGoogleandNVIDIA). And we’re laser-focused on building a modern, flexible, and secure work platform that meets the needs of todayandtomorrow.
There’s a startup vibe at Citrix these days. People are fired up. We’re not just delivering desktops and apps—we’re rethinking how work happens and who (or what) is doing it.
Engage!
There’s so much happening that I can’t even begin to cover everything in one post. So this is the first of what will be a weekly series on Citrix.com. I’ll be writing about the future of work, the role of AI, the evolution of Citrix, and what I’m seeing in the industry and from the inside.
Today, every unpatched system, leaked password, and overlooked plugin is a doorway for attackers. Supply chains stretch deep into the code we trust, and malware hides not just in shady apps — but in job offers, hardware, and cloud services we rely on every day.
Hackers don't need sophisticated exploits anymore. Sometimes, your credentials and a little social engineering are enough.
This week, we trace how simple oversights turn into major breaches — and the silent threats most companies still underestimate.
Let's dive in.
⚡ Threat of the Week
UNC5221 Exploits New Ivanti Flaw to Drop Malware — The China-nexus cyber espionage group tracked as UNC5221 exploited a now-patched flaw in Ivanti Connect Secure, CVE-2025-22457 (CVSS score: 9.0), to deliver an in-memory dropper called TRAILBLAZE, a passive backdoor codenamed BRUSHFIRE, and the SPAWN malware suite. The vulnerability was originally patched by Ivanti on February 11, 2025, indicating that the threat actors studied the patch and figured out a way to exploit prior versions to breach unpatched systems. UNC5221 is believed to share overlaps with clusters tracked by the broader cybersecurity community under the monikers APT27, Silk Typhoon, and UTA0178.
🔔 Top News
EncryptHub Unmasked as a Likely Lone Wolf Actor — An up-and-coming threat actor operating under the alias EncryptHub has been exposed due to a series of operational security blunders. What distinguishes EncryptHub from other typical cybercriminals is the dichotomy of their online activities – while conducting malicious campaigns, the individual simultaneously contributed to legitimate security research, even receiving acknowledgment from the Microsoft Security Response Center (MSRC) last month for discovering and reporting CVE-2025-24061 and CVE-2025-2407. Another interesting aspect of EncryptHub is their use of OpenAI ChatGPAT as a "partner in crime," leveraging it for malware development and translation tasks. In some particularly revealing conversations with the artificial intelligence (AI) chatbot, EncryptHub asked it to evaluate whether he was better suited to be a "black hat or white hat" hacker and if would be better being a "a cool hacker or a malicious researcher," even going to the extent of confessing to his criminal activities and the exploits he had developed. "When people think of cybercriminals, they tend to imagine high-tech, government-backed teams and elite hackers using cutting-edge technology," Outpost24 said. "However, many hackers are normal people who at some point decided to follow a dark path."
GitHub Action Supply Chain Traced Back to SpotBugs PAT Theft — The cascading supply chain attack that initially targeted Coinbase before becoming broader in scope to single out users of the "tj-actions/changed-files" GitHub Action has been traced further back to the theft of a personal access token (PAT) associated with another open-source project called SpotBugs. The origins of the sophisticated breach are slowly coming into focus amid continued investigation, revealing how the initial compromise happened. It has now emerged that the popular static analysis tool, SpotBugs, was compromised in November 2024, using it as a stepping stone to compromise "reviewdog/action-setup," which subsequently led to the infection of "tj-actions/changed-files." This was made possible due to the fact that the maintainer of reviewdog also had access to SpotBugs repositories. The multi-step supply chain attack eventually went on to expose secrets in 218 repositories after the attackers failed in their attempt to breach Coinbase-related projects.
Contagious Interviews Adopts ClickFix and Spreads Fake npm Packages — The North Korean threat actors behind the ongoing Contagious Interview campaign have been observed adopting the infamous ClickFix social engineering strategy to deliver a previously undocumented backdoor called GolangGhost. The adversarial collective have also published as many as 11 npm packages that deliver the BeaverTail information stealer malware, as well as a new remote access trojan (RAT) loader. The packages were downloaded more than 5,600 times prior to their removal. Meanwhile, North Korean IT workers are expanding their efforts beyond the U.S., and are seeking to fraudulently gain employment with organizations around the world, especially in Europe. Google researchers called out the IT warriors for engaging in "a pattern of providing fabricated references, building a rapport with job recruiters, and using additional personas they controlled to vouch for their credibility." What's more, they are increasingly attempting to extort money from these companies once they get discovered and/or fired. In recent years, the U.S. government has made a concentrated push to raise awareness about the insider threat operation, to root out and punish U.S.-based facilitators of the fraudulent scheme, to uncover the IT workers and front companies that help these workers conceal their true origin, and to help organizations detect the risk before it's too late. In all probability, these heightened law enforcement efforts have caused the operators of the scheme to focus more on targets located elsewhere, while also driving them to embrace more aggressive measures to maintain revenue streams.
Phony Versions of Android Phones Come Preloaded with Triada Malware — Counterfeit versions of popular smartphone models that are sold at reduced prices have been found to be pre-installed with a modified version of an Android malware called Triada. A majority of infections have been reported in Russia. It's believed that the infections are the result of a hardware supply chain compromise, although Triada has been observed propagated via unofficial WhatsApp mods and third-party app marketplaces.
Bad Actors Abuse mu-plugins to Stash Malware — Threat actors are utilizing the WordPress mu-plugins ("must-use plugins") directory to stealthily run malicious code on every page while evading detection. Because mu-plugins run on every page load and don't appear in the standard plugin list, they can be used to stealthily perform a wide range of malicious activity, such as stealing credentials, injecting malicious code, or altering HTML output.
️🔥 Trending CVEs
Attackers love software vulnerabilities—they're easy doors into your systems. Every week brings fresh flaws, and waiting too long to patch can turn a minor oversight into a major breach. Below are this week's critical vulnerabilities you need to know about. Take a look, update your software promptly, and keep attackers locked out.
Oracle Privately Confirms Data Breach — Enterprise computing giant Oracle is reportedly informing its customers in private that it hackers compromised a "legacy" Oracle environment, exposing usernames, passkeys, and encrypted passwords, contradicting its consistent public denial about the incident. "The company informed customers that the system hasn't been in use for eight years and that the stolen client credentials therefore pose little risk," Bloomberg reported. An investigation by the U.S. Federal Bureau of Investigation (FBI) and CrowdStrike is reportedly ongoing. This is the second breach the company has acknowledged to clients in recent weeks. The intrusion is assessed to be separate from another hack at Oracle Health(formerly Cerner) that affected some U.S. healthcare customers last month. News about the breach came to light after an unidentified threat actor named "rose87168" attempted to sell data on BreachForums that they claimed to have stolen from the company's cloud servers. Multiple cybersecurity companies, including Black Kite, CloudSEK, CyberAngel, Hudson Rock, Orca Security, SOCRadar, Sygnia, and Trustwave, have analyzed and validated the data posted for sale online as directly extracted from Oracle. The attacker is believed to have exploited an unpatched vulnerability in Oracle Fusion Middleware (CVE-2021-35587) to compromise Oracle Cloud's login and authentication system and steal the data. "This exposure was facilitated via a 2020 Java exploit and the hacker was able to install a web shell along with malware," CyberAngel said. "The malware specifically targeted the Oracle IDM database and was able to exfil data." Security researcher Kevin Beaumont said "Oracle are attempting to wordsmith statements around Oracle Cloud and use very specific words to avoid responsibility," adding "Oracle rebadged old Oracle Cloud services to be Oracle Classic. Oracle Classic has the security incident. Oracle are denying it on 'Oracle Cloud' by using this scope — but it's still Oracle cloud services that Oracle manage. That's part of the wordplay." CloudSEK has developed an online tool that allows organizations to check whether they are impacted by the data breach. Oracle's private acknowledgment also comes just days after the company was hit with a class action lawsuit over its handling of the security event.
New Triton RAT Emerges in the Wild — A new Python-based remote access trojan called Triton RAT allows threat actors to remotely access and control a system using Telegram. Written in Python, the malware is publicly available on GitHub and comes with capabilities to log keystrokes, run commands, record screens, gather Wi-Fi information, and steal passwords, clipboard content, and Roblox security cookies. "A Roblox security cookie is a browser cookie that stores the users' session and can be used to gain access to the Roblox account bypassing 2FA," Cado Security said. The disclosure comes as CYFIRMA detailed another RAT written in Python that uses Discord's API for command-and-control (C2) in order to execute arbitrary system commands, steal sensitive information, capture screenshots, and manipulate both local machines and Discord servers.
U.S. DoJ Announces Recovery of $8.2M Stolen in Romance Baiting Scam — The U.S. Department of Justice (DoJ) has announced the recovery of $8.2 million worth of USDT (Tether) that was stolen via a romance baiting (previously pig butchering) scam. According to a complaint filed in late February 2025, the scam targeted a woman in Ohio, who lost her entire life savings of approximately $663,352, after she responded to a text message from an unknown number in November 2023. While the initial conversation revolved around topics such as hobbies and religion, the victim was persuaded into opening an account at crypto.com and transferred her money into the account. "When the victim wanted to withdraw funds, her 'friend,' relented and said additional payments were needed and she complied," the DoJ said. "When the victim no longer had any funds left after making additional payments, her 'friend' began to threaten her that he would send his friends to 'take care of' her friends and family." Over 30 victims are estimated to have fallen for the scheme in total."
ClickFix Used to Deliver QakBot — The increasingly popular ClickFix technique has been used as a delivery vector to distribute the previously dormant QakBot malware. The attack pairs the malware with ClickFix, an endpoint compromise method that was first observed towards the end of 2024 and has since gained significant traction in recent months. It involves tricking a victim into running a malicious command under the pretext of fixing an issue, typically a CAPTCHA verification challenge.
Flaw Disclosed in Verizon Call Filter — Verizon's Call Filter app had a vulnerability that allowed customers to access the incoming call logs for another Verizon Wireless number through an unsecured API request to the "clr-aqx.cequintvzwecid.com/clr/callLogRetrieval" endpoint. But security researcher Evan Connelly, who discovered and reported the bug on February 22, 2025, found that the request containing the phone number used to retrieve call history logs was not verified against the phone number whose incoming call logs were being requested. This could open the door to a scenario where an attacker could have altered the request with another Verizon phone to retrieve their incoming call history. The vulnerability has since been addressed by Verizon as of March 25, 2025.
GitHub Unveils Updates to Advanced Security Platform — GitHub has announced updates to its Advanced Security platform after its secret scanning service detected over 39 million leaked secrets in repositories last year. This includes a free, organization-wide secret scan to help teams identify and reduce exposure, as well as the availability of GitHub Secret Protection and a new secret risk assessment tool that aims to offer "clear insights into your organization's exposure."
New Ubuntu Linux Security Bypasses Detailed — Three security bypasses have been discovered in Ubuntu Linux's unprivileged user namespace restrictions, which could enable a local attacker to exploit vulnerabilities in kernel components. The bypasses, which occur via aa-exec, busybox, and LD_PRELOAD, permit attackers to create user namespaces with elevated privileges. "These bypasses enable local attackers to create user namespaces with full administrative capabilities, which facilitate exploiting vulnerabilities in kernel components requiring powerful administrative privileges within a confined environment," Qualys said in a statement. "It is important to note that these bypasses alone do not enable complete system takeover; however, they become dangerous when combined with other vulnerabilities, typically kernel-related." Ubuntu, which acknowledged the issues, said it's working to "implement further tightening rules in AppArmor."
Classiscam Targets Central Asia — Classiscam is an automated scam-as-a-service operation that uses Telegram bots to create fake websites impersonating legitimate services in an attempt to deceive victims into sharing their financial details. The scam, also called Telekopye, essentially involves the fraudsters either posing as a buyer or a seller on online platforms to trick victims into transferring money for non-existent goods or services, or persuading the seller to use a delivery service for the transaction via a fake delivery website that seeks their financial information. These conversations happen over a messaging app like Telegram by claiming that "it is easier to communicate." Group-IB investigation has found that more than ten financial institutions in Uzbekistan, including prominent banks and payment systems, have been targeted by phishing schemes, which employ bogus sites impersonating the services to obtain their customers' banking credentials. One such team engaged in the fraudulent scheme is Namangun Team which has primarily provided phishing services aimed at Uzbekistan and Kyrgyzstan since late November 2024, allowing its customers to create phishing pages on the fly using their Telegram bot.
Google Partners with NVIDIA and HiddenLayer for a New Model Signing Library — Google, in collaboration with NVIDIA and HiddenLayer, has announced the release of a Python library called "model-signing" that offers developers a way to sign and verify machine learning (ML) models in an effort to bolster the security of the ML supply chain and safeguard against emerging threats like Model and data poisoning, prompt injection, prompt leaking and prompt evasion. "Using digital signatures like those from Sigstore, we allow users to verify that the model used by the application is exactly the model that was created by the developers," the tech giant said. The development comes as Python officially standardized a lock file format as part of PEP 751. The new format, named pylock.toml, is a TOML-based format that records exact dependency versions, file hashes, and installation sources. The new standard "brings Python in line with other ecosystems like JavaScript (package-lock.json), Rust (Cargo.lock), and Go (go.sum)," Socket said. "While the PEP doesn't address all supply chain threats (such as typosquatting, maintainer account compromise, and concealed payloads), it lays the groundwork for better auditing and tamper resistance."
Arcanum Trojan Distributed via Fortune-Telling Sites — A new trojan called Arcanum is being distributed via websites dedicated to fortune-telling and esoteric practices, masquerading as a "magic" app for predicting the future. The app, while offering seemingly harmless functionality, connects to a remote server to deploy additional payloads, including the Autolycus. Hermes stealer, the Karma.Miner miner, and the Lysander.Scytale crypto-malware. The captured information is subsequently exfiltrated to an attacker-controlled server. The emergence of the malware coincides with the discovery of a credit card skimmer malware codenamed RolandSkimmer that targets e-commerce users in Bulgaria by means of a Windows shortcut (LNK) file distributed via ZIP archives. The LNK file then initiates a multi-step process that installs a malicious browser extension on web browsers to steal credit card information. "The attackers employ carefully crafted JavaScript payloads, misleading manifest files, and obfuscated VBScripts to maintain persistence across sessions and evade detection," Fortinet said.
Identity-Based Attacks on the Rise — Attackers are relying heavily on credential-enabled access points to infiltrate networks and power their operations, rather than using more complex methods like exploiting vulnerabilities or deploying malware, according to Cisco Talos. Ransomware gangs, in particular, are known to use stolen-but-valid credentials procured from initial access brokers (IABs) as a means of initial access into corporate networks. IABs, in turn, leverage commercially-available information stealers like Lumma to capture users' credentials. This is also exacerbated by the fact that many users recycle passwords across multiple services, creating a "ripple effect of risk" when their credentials are stolen. Based on traffic observed between September and November 2024, 41% of successful logins across websites protected by Cloudflare involve compromised passwords, per the web infrastructure company. What's more, valid VPN credentials could be abused to gain unrestricted access to sensitive systems, often with elevated privileges that mirror those of legitimate employees or administrators. The use of legitimate credentials by threat actors entirely bypasses security barriers, giving them a "direct path to infiltrate networks, steal data, and deploy ransomware undetected." "Identity-based attacks are attractive to threat actors because they can allow an adversary to carry out a range of malicious operations, often with minimal effort or without meeting much resistance from a security standpoint," the company said. "This is due in large part to the activity being difficult to detect because it emanates from seemingly legitimate user accounts." Data gathered by the company shows that Identity and access management (IAM) applications were most frequently targeted in MFA attacks, accounting for 24% of all attacks targeting multi-factor authentication (MFA).
Iran-linked OilRig Targets Iraqi Entities — The Iranian hacking group known as OilRig (aka APT34) has been attributed to a series of cyber attacks against Iraqi state entities since 2024 that involve the use of spear-phishing lures to deploy a backdoor that can execute commands, gather host information, and upload/download files. The backdoor makes use of HTTP and email for C2 communications. "The former secretly sends control instructions based on the characteristic value of the body content, and the latter uses a large number of compromised Iraqi official government mailboxes for email communication," ThreatBook said.
Security Flaws in PyTorch Lightning — Five deserialization vulnerabilities have been disclosed in PyTorch Lightning versions 2.4.0 and earlier that could be potentially exploited to execute malicious code when loading machine learning models from unknown or untrusted sources. "These vulnerabilities arise from the unsafe use of torch.load(), which is used to deserialize model checkpoints, configurations, and sometimes metadata," the CERT Coordination Center (CERT/CC) said. "A user could unknowingly load a malicious file from local or remote locations containing embedded code that executes within the system's context, potentially leading to full system compromise." CERT/CC said the issues remain unpatched, requiring that users verify the files to be loaded are from trusted sources and with valid signatures.
Russian Firm Offers $4 Million for Telegram Exploits — Operation Zero, a Russian exploit acquisition firm, says it is willing to pay up to $4 million for full-chain exploits targeting the popular messaging service Telegram. In a post shared on X, the zero-day vulnerability purchase platform said it will pay up to $500,000 for exploits that can achieve 1-click remote code execution (RCE) and $1.5 million for those that can be weaponized to achieve RCE sans any user interaction (i.e., zero-click). "In the scope are exploits for Android, iOS, Windows. The prices are depending on limitations of zero-days and obtained privileges," Operation Zero said. Exploit brokers often either develop or acquire security vulnerabilities in popular operating systems and apps and then re-sell them for a higher price to clients of interest. For Operation Zero to single out Telegram makes sense, given that the messaging app is popular with users in both Russia and Ukraine. A Telegram spokesperson told TechCrunch that the messaging platform has "never been vulnerable" to a zero-click exploit. The development comes as details emerged about a zero-day flaw in Telegram's macOS client that could be exploited to achieve RCE. Early last month, security researcher 0x6rss also disclosed an updated version of the EvilVideo flaw in Telegram (CVE-2024-7014), which bypasses existing mitigations via .HTM files. "A file with an '.htm' extension is disguised as a video and sent via the Telegram API, and while the user expects a video, the JavaScript code inside the HTML is actually executed," the researcher said. The new exploit has been codenamed EvilLoader.
What are the Most Common Passwords in RDP Attacks? — They are 123456, 1234, Password1, 12345, P@sswOrd, password, Password123, Welcome1, 12345678, and Aa123456, according to Specops, based on an analysis of 15 million passwords used to attack RDP ports. "Attackers are on the lookout for exposed RDP servers as these can be easy targets for brute force attacks," the company said. "Additionally, attackers may conduct password spraying attacks on RDP servers and try known breached credentials on exposed servers."
🎥 Expert Webinar
Shadow AI Is Already Inside Your Apps — Learn How to Lock It Down — AI tools are flooding your environment — and most security teams can't see half of them. Shadow AI is quietly connecting to critical systems like Salesforce, creating hidden risks that traditional defenses miss. Join Dvir Sasson, Director of Security Research at Reco, to uncover where AI threats are hiding inside your SaaS apps, real-world attack stories, and how leading teams are detecting and shutting down rogue AI before it causes real damage.
Secure Every Step of the Identity Lifecycle — Before Attackers Exploit It — Today's attackers are using AI-driven deepfakes and social engineering to bypass weak identity defenses. Securing the entire identity journey — from enrollment to daily access to recovery — is now essential. Join Beyond Identity and Nametag to learn how enterprises are blocking account takeovers, securing access with phishing-resistant MFA and device trust, and defending against AI threats with Deepfake Defense™.
🔧 Cybersecurity Tools
GoResolver — Golang malware is tough to reverse — obfuscators like Garble hide critical functions. GoResolver, Volexity's open-source tool, uses control-flow graph similarity to recover hidden function names and reveal package structures automatically. Integrated with IDA Pro and Ghidra, it turns opaque binaries into readable code faster. Available now on GitHub.
Matano — It is a serverless, cloud-native security data lake built for AWS, giving security teams full control over their logs without vendor lock-in. It normalizes unstructured security data in real time, integrates with 50+ sources out of the box, supports detections-as-code in Python, and transforms logs using powerful VRL scripting — all stored in open formats like Apache Iceberg and ECS. Query your data with tools like Athena or Snowflake, write real-time detections, and cut SIEM costs while keeping ownership of your security analytics.
🔒 Tip of the Week
Detecting Threats Early by Tracking First-Time Connections — Most attackers leave their first real clue not with malware, but when they log in for the first time — from a new IP, device, or location. Catching "first-time" access events is one of the fastest ways to spot breaches early, before attackers blend into daily traffic. Focus on critical systems: VPNs, admin portals, cloud dashboards, and service accounts.
You can automate this easily with free tools like Wazuh (detects new devices and IPs), OSQuery (queries unknown endpoints), or Graylog (builds alerts for unfamiliar connections). More advanced setups like Microsoft Sentinel or CrowdStrike Falcon Free also offer "first seen" detection at scale. Simple rules — like alerting when an admin account logs in from a new country or an unexpected device accesses sensitive data — can trigger early alarms without waiting for malware signatures.
Pro Move: Baseline your "known" users, IPs, and devices, then flag anything new. Bonus points if you combine this with honeytokens (fake credentials) to catch intruders actively probing your network. Remember: attackers can steal credentials, bypass MFA, or hide malware — but they can't fake never having connected before.
Conclusion
In cybersecurity, the threats that worry us most often aren't the loudest — they're the ones we never see coming. A silent API flaw. A forgotten credential. A malware-laced package you installed last month without a second thought.
This week's stories are a reminder: real risk lives in the blind spots.
Stay curious. Stay skeptical. Your next breach won't knock first.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
from The Hacker News https://ift.tt/Mkcug5J
via IFTTT