A recent cyber campaign utilizes a compromised software installer to deliver multi-stage malware, ultimately gaining network access through Remote Desktop Protocol (RDP). Attackers employ techniques like certificate abuse and living-off-the-land tools for reconnaissance and data theft, including potential links to ransomware operations. The campaign prioritizes evading detection and exfiltrating data via insecure channels like FTP.
Latest mentioned: 09-09
Earliest mentioned: 09-08