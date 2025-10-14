Attackers have compromised a financial services firm's environment with the newly emergent ChaosBot backdoor late last month, The Hacker News reports.

Exploitation of both a breached Active Directory account and Windows Management Instrumentation facilitated remote command execution and the eventual distribution and execution of the Rust-based ChaosBot malware, according to an eSentire analysis.

ChaosBot has also been spread through phishing emails with illicit Windows LNK files that execute a PowerShell command. Aside from receiving commands for PowerShell command execution, screenshot capturing, and file uploading or downloading from its Discord command-and-control server, ChaosBot was also discovered to evade virtual machines and Event Tracing for Windows.

Such findings come as the Chaos ransomware was reported by Fortinet FortiGuard Labs to have spawned a more potent C++-based variant dubbed "Chaos-C++," which opts to remove large files.

"This dual strategy of destructive encryption and covert financial theft underscores Chaos' transition into a more aggressive and multifaceted threat designed to maximize financial gain," said researchers.