Malware

Chinese advanced persistent threat operation Mustang Panda, also known as Bronze President, Earth Preta, Basin, and Red Delta, has leveraged new ToneShell backdoor variants, the novel StarProxy tool, the Paklog and Corklog keyloggers, and SplatCloak EDR bypass driver in a new attack against a Myanmar-based organization, according to SecurityWeek.

IBM’s X-Force 2025 Threat Intelligence Index reveals an increase in misuse of valid credentials.

Organizations across Europe are having their Windows systems compromised with the BRICKSTORM backdoor linked to Chinese state-backed threat operation UNC5221 as part of a cyberespionage campaign that commenced three years ago, Infosecurity Magazine reports.

Novel BPFDoor backdoor component facilitates covert attacks Attacks involving a novel controller linked to the BPFDoor malware have been launched by the Earth Bluecrow threat operation, also known as Red Menshen, DecisiveArchitect, and Red Dev 18, against the Linux systems of telecommunications, finance, and retail organizations in Hong Kong, South Korea, Malaysia, Mynanmar, and Egypt last year, according to The Hacker News.

More threat actors have been leveraging the widely used open-source cross-platform runtime environment Node.js to covertly deploy malware and other malicious payloads since October, SecurityWeek reports.

The lesserknown ransomware group uses fake updaters on compromised sites to lure victims.

Hackread reports that widely used online file conversion tool PDFCandy.com has been spoofed to spread the ArechClient2 information-stealing malware.

Attacks involving trojanized coding challenges have been launched by North Korean state-sponsored hacking operation Slow Pisces, also known as TraderTraitor, JadeSleet, and Pukchong, to compromise cryptocurrency project developers with the new RN Loader and RN Stealer payloads since last year, according to Infosecurity Magazine.