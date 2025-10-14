Attackers have compromised a financial services firm's environment with the newly emergent ChaosBot backdoor late last month, The Hacker News reports.Exploitation of both a breached Active Directory account and Windows Management Instrumentation facilitated remote command execution and the eventual distribution and execution of the Rust-based ChaosBot malware, according to an eSentire analysis.ChaosBot has also been spread through phishing emails with illicit Windows LNK files that execute a PowerShell command. Aside from receiving commands for PowerShell command execution, screenshot capturing, and file uploading or downloading from its Discord command-and-control server, ChaosBot was also discovered to evade virtual machines and Event Tracing for Windows.Such findings come as the Chaos ransomware was reported by Fortinet FortiGuard Labs to have spawned a more potent C++-based variant dubbed "Chaos-C++," which opts to remove large files. "This dual strategy of destructive encryption and covert financial theft underscores Chaos' transition into a more aggressive and multifaceted threat designed to maximize financial gain," said researchers.
