The threat actor has been observed targeting companies with operations supporting foreign exchanges and cryptocurrency, and organizations in the Decentralized Finance (DeFi) industry.
A new piece of malware called ZuoRAT, based on the Mirai code, is hitting SOHO routers and performing DNS and HTTP hijacking.
A new "highly-evasive" Linux malware leverages the Berkeley Packet Filter (BPF) hooking functionality to hide malicious network traffic.
A newly discovered malware loader is under active development and is executed via shellcode stored in a Word document.
Researchers have discovered a sophisticated post-exploitation framework being deployed on Microsoft Exchange servers to assist threat actors with credential harvesting and local reconnaissance.