#Backdoor
@tranquil_cassowary @halotroop2288 here's a good example:
And yes, this can and will be weaponized against any non-#Govware - #backdoored #OS & -Device.
- #Microsoft doesn't even hide the fact that they got a #Backdoor in #BitLocker.
- #Apple certainly is both able and willing to unlock #iOS & #macOS devices as they have all the keys and literally snitched on users in the "P.R." #China.
- #Russia literally sues @delta / #deotaChat for neither collecting user data nor providing them with #backdoors.
In fact, #Australia banning #SecureDevices and -#Encryption came just after their #HoneyPot "#ANØM" aka. #OperationIronside aka. #OperationTrøjanShield had to end and they had to bust the users as #Estonia was unwilling to extend the permission to host the infrastructure on it's soil on behalf if #FBI & #AFP!
APT Attacks Target Indian Government Using SHEETCREEP, FIREPOWER, and MAILCREEP
A new campaign targeting Indian government entities was uncovered, utilizing three backdoors: SHEETCREEP, FIREPOWER, and MAILCREEP. These tools leverage legitimate cloud services like Google Sheets, Firebase, and Microsoft Graph API for command and control, enabling the attackers to blend in with normal traffic. The campaign, named Sheet Attack, employed PDFs and malicious LNK files as initial infection vectors. Evidence suggests the use of generative AI in malware development. While sharing similarities with APT36, the campaign's unique characteristics point to either a new Pakistan-linked group or an APT36 subgroup. The attackers demonstrated hands-on-keyboard activity and deployed additional payloads, including a document stealer, to selected targets.
Pulse ID: 697a42251f1b8af2c39201cc
Pulse Link: https://otx.alienvault.com/pulse/697a42251f1b8af2c39201cc
Pulse Author: AlienVault
Created: 2026-01-28 17:06:45
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #Cloud #CyberSecurity #Google #Government #ICS #India #InfoSec #LNK #Malware #Microsoft #OTX #OpenThreatExchange #PDF #Pakistan #RAT #bot #AlienVault
@Soeren_loeg the fact that @signalapp not only does "#KYC with extra steps" by mandating a #PhoneNumber to this day as well as being solely under #CloudAct whilst basically being a #centralized, #proprietary, #SingleVendor & #SingleProvider solution makes them the ideal candidate for a longterm #HoneyPot like #ANØM aka. #OperationIronside aka. #OperationTrøjanShield.
- By the sheer size of users, it's a statistical inevitability that they got #Subopena'd and since they don't implement real #E2EE (with #SelfCustody of all the keys!) @Mer__edith would be in jail *if there wasn't a #Govware #backdoor as mandated per telco laws in every juristiction (see "#LawfulInterception!")…
CoolClient backdoor updated, new data stealing tools used
The HoneyMyte APT group has enhanced its toolset with an updated CoolClient backdoor and new data stealing capabilities. The group targeted government entities in Asia and Europe, particularly Southeast Asia. CoolClient now features clipboard monitoring, HTTP proxy credential sniffing, and plugin support for extended functionality. HoneyMyte also deployed browser login data stealers and document theft scripts. The campaign's focus has shifted towards active surveillance, including keylogging, clipboard data collection, and proxy credential harvesting. Organizations are advised to remain vigilant against HoneyMyte's evolving toolkit, which includes CoolClient, PlugX, ToneShell, Qreverse, and LuminousMoth malware families.
Pulse ID: 6978a64af51a4e50807b6636
Pulse Link: https://otx.alienvault.com/pulse/6978a64af51a4e50807b6636
Pulse Author: AlienVault
Created: 2026-01-27 11:49:30
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Asia #BackDoor #Browser #Clipboard #CredentialHarvesting #CyberSecurity #Europe #Government #HTTP #InfoSec #Malware #OTX #OpenThreatExchange #PlugX #Proxy #bot #AlienVault
A Versatile Script Framework for LOLBins Exploitation Used by China-aligned Threat Groups
PeckBirdy is a sophisticated JScript-based C&C framework employed by China-aligned APT groups since 2023. It exploits LOLBins across multiple environments to deliver advanced backdoors, targeting gambling industries and Asian government entities. The framework's versatility allows it to be used in various attack stages, from watering-hole control to lateral movement and C&C operations. Two campaigns, SHADOW-VOID-044 and SHADOW-EARTH-045, demonstrate coordinated threat group activity using PeckBirdy. The framework is complemented by two modular backdoors, HOLODONUT and MKDOOR, which extend its attack capabilities. PeckBirdy's design enables flexible deployment and execution across different environments, including browsers, MSHTA, WScript, Classic ASP, Node JS, and .NET.
Pulse ID: 6977cf000e82fbf4ca307f21
Pulse Link: https://otx.alienvault.com/pulse/6977cf000e82fbf4ca307f21
Pulse Author: AlienVault
Created: 2026-01-26 20:30:56
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Asia #BackDoor #Browser #CandC #China #CyberSecurity #Government #InfoSec #NET #OTX #OpenThreatExchange #RAT #bot #AlienVault
APT Attacks Target Indian Government Using GOGITTER, GITSHELLPAD, and GOSHELL | Part 1
A Pakistan-linked APT group conducted two campaigns targeting Indian government entities. The Gopher Strike campaign used PDFs with malicious links to deliver an ISO file containing GOGITTER, a Golang downloader that fetches payloads from private GitHub repositories. GITSHELLPAD, a Golang backdoor, was used for C2 communication via GitHub. GOSHELL, a Golang shellcode loader, deployed Cobalt Strike Beacon on specific hostnames. The attackers used various techniques including scheduled tasks for persistence, obfuscation, and environmental keying. Post-compromise activities involved system reconnaissance and data exfiltration. The campaign demonstrated sophisticated TTPs and custom-built tools, indicating a potentially new subgroup or parallel Pakistan-linked threat actor.
Pulse ID: 6977da59fb7a0679c7535c14
Pulse Link: https://otx.alienvault.com/pulse/6977da59fb7a0679c7535c14
Pulse Author: AlienVault
Created: 2026-01-26 21:19:21
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CobaltStrike #CyberSecurity #GitHub #Golang #Government #India #InfoSec #OTX #OpenThreatExchange #PDF #Pakistan #RAT #ShellCode #bot #AlienVault
North Korean cybercriminals are using an AI-generated PowerShell backdoor
North Korean cybercriminals are targeting developers with access to blockchains. A PowerShell backdoor appears to be programmed by AI.
#Backdoor #Cybercrime #IT #KünstlicheIntelligenz #Malware #PowerShell #Security #news
#Meta pourrait accéder à toutes les conversations #WhatsApp : un procès accuse l'entreprise d'avoir escroqué des milliards d'utilisateurs grâce à un accès #backdoor aux communications privées chiffrées
Un groupe international de plaignants aurait intenté un recours collectif contre WhatsApp, propriété de Meta, accusant l'entreprise d'avoir escroqué des milliards d'utilisateurs.
Nordkoreanische Cyberkriminelle setzen KI-generierte PowerShell-Backdoor ein
Nordkoreanische Cyberkriminelle nehmen Entwickler mit Zugriff auf Blockchains ins Visier. Eine PowerShell-Backdoor scheint von KI programmiert.
#Backdoor #Cybercrime #IT #KünstlicheIntelligenz #Malware #PowerShell #Security #news
ShadowRelay: New Modular Backdoor in the Public Sector
Pulse ID: 6976faf3afd930bc438d7bb0
Pulse Link: https://otx.alienvault.com/pulse/6976faf3afd930bc438d7bb0
Pulse Author: Tr1sa111
Created: 2026-01-26 05:26:11
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CyberSecurity #InfoSec #OTX #OpenThreatExchange #bot #Tr1sa111
Das einzige was daran verwundert, ist die Tatsache, daß Microsoft das offen zugibt und sogar Zahlen nennt.
Alles andere war klar.
@Xeniax OFC #CensorBoot never was about #Security and #Microsoft having #Govware - #Backdoors in their #CryptoAPI is nothing new.
- Just glad to have them admit publicly that they don't give a fuck about #Windows #security or #orivacy!
If this doesn't disqualify Windows & Microsoft in general then those who made that decision should be fired.
The only secure #encryption is #FLOSS with #SelfCustody of all the keys…
- And Windows is just #malware… #BitLocker having a #GoldenKey is just yet another piece of evidence after #GoldenKeyBoot...
ShadowRelay: New Modular Backdoor in the Public Sector
A new modular backdoor called ShadowRelay was discovered on a compromised Exchange server in a government organization. The backdoor allows loading different plugins and demonstrates sophisticated design indicative of well-prepared attackers. It uses packet injection to hide network activity and can spy covertly in protected network segments by communicating through infected machines. The backdoor can inject itself into other processes and uses plugins to load additional functionality, allowing it to evade detection. These capabilities suggest the attackers aim for long-term covert presence and espionage, typical of state-sponsored APT groups. The backdoor was found alongside tools from other known threat actors, complicating attribution.
Pulse ID: 69734904476c08abeb44c4b8
Pulse Link: https://otx.alienvault.com/pulse/69734904476c08abeb44c4b8
Pulse Author: AlienVault
Created: 2026-01-23 10:10:12
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CyberSecurity #ELF #Espionage #Government #InfoSec #Mac #OTX #OpenThreatExchange #RAT #bot #AlienVault
KONNI Adopts AI to Generate PowerShell Backdoors
Pulse ID: 6972f6c4cf85ed8ad3923afb
Pulse Link: https://otx.alienvault.com/pulse/6972f6c4cf85ed8ad3923afb
Pulse Author: Tr1sa111
Created: 2026-01-23 04:19:16
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CyberSecurity #InfoSec #Konni #OTX #OpenThreatExchange #PowerShell #RAT #bot #Tr1sa111
KONNI Adopts AI to Generate PowerShell Backdoors
A North Korea-linked threat actor known as KONNI has been observed conducting a phishing campaign targeting software developers and engineering teams, particularly those with blockchain expertise. The campaign uses AI-generated PowerShell backdoors and targets a broader range of countries in the APAC region. The infection chain begins with a Discord-hosted link downloading a ZIP archive containing a PDF lure and a malicious LNK file. The LNK file deploys additional components, including the AI-generated PowerShell backdoor. The backdoor employs various anti-analysis techniques and establishes persistence through scheduled tasks. This campaign demonstrates KONNI's evolution in tactics and tooling, including the adoption of AI-assisted malware development.
Pulse ID: 69726ae65cfcf0a192c03c35
Pulse Link: https://otx.alienvault.com/pulse/69726ae65cfcf0a192c03c35
Pulse Author: AlienVault
Created: 2026-01-22 18:22:30
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#APAC #BackDoor #BlockChain #CyberSecurity #Discord #ICS #InfoSec #Konni #Korea #LNK #Malware #NorthKorea #OTX #OpenThreatExchange #PDF #Phishing #PowerShell #RAT #ZIP #bot #developers #AlienVault
Threat Actors Expand Abuse of Microsoft Visual Studio Code
North Korean threat actors have evolved their techniques in the Contagious Interview campaign, now abusing Microsoft Visual Studio Code task configuration files. The infection chain begins when a victim opens a malicious Git repository, often disguised as part of a recruitment process. If trust is granted, arbitrary commands are executed on the system. The malware uses JavaScript payloads hosted on vercel.app to implement backdoor logic, including remote code execution, system fingerprinting, and persistent command-and-control communication. The backdoor collects host information and beacons to a C2 server every five seconds. Recent observations show further execution of similar payloads, indicating ongoing development of these tactics.
Pulse ID: 6970c8be406455823a3d9652
Pulse Link: https://otx.alienvault.com/pulse/6970c8be406455823a3d9652
Pulse Author: AlienVault
Created: 2026-01-21 12:38:22
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CyberSecurity #ICS #InfoSec #Java #JavaScript #Korea #Malware #Microsoft #NorthKorea #OTX #OpenThreatExchange #RAT #RCE #RemoteCodeExecution #Rust #bot #AlienVault
📰 Stealthy 'PDFSIDER' Backdoor Uses DLL Side-Loading to Bypass EDR and AV
New 'PDFSIDER' backdoor uses DLL side-loading with a legit PDF app to bypass EDR/AV. It creates an encrypted C2 channel for stealthy access and is already used by the Qilin ransomware group. 🛡️ #Malware #Backdoor #EDR #Qilin #ThreatIntel
Chrome, Edge e Firefox colpiti da estensioni con backdoor
#Backdoor #Browser #Chrome #CyberSecurity #Edge #Estensioni #Firefox #GhostPoster #GoogleChrome #Hacker #Malware #MicrosoftEdge #Privacy #Sicurezza #TechNews #Tecnologia
https://www.ceotech.it/chrome-edge-e-firefox-colpiti-da-estensioni-con-backdoor/
