Attempted US real estate firm compromise involves Tuoni C2 framework

Newly emergent command-and-control and red teaming framework Tuoni has been exploited as part of an unsuccessful cyberattack against a leading U.S. real estate firm last month, Infosecurity Magazine reports.

Threat actors suspected of impersonating Microsoft Teams corporate contacts lured an employee to execute a nefarious PowerShell one-liner that triggered a concealed PowerShell process and fetched a secondary script with artificial intelligence-generated comments, according to a report from Morphisec, which discovered and averted the intrusion.

Running the script led to BMP file downloading and eventual in-memory execution of the extracted shellcode, followed by inline C# compilation and delegate-based invocation, resulting in the stealthy loading of TuoniAgent.dll.

"The Tuoni C2 attack demonstrates how attackers are leveraging AI and advanced techniques like steganography and in-memory execution to evade traditional defenses... With tools like Tuoni becoming increasingly accessible, immediately adopting a preemptive cyber defense first approach is essential to staying ahead of these evolving threats," said Morphisec.