A sophisticated threat actor has shifted from broad campaigns to highly targeted spearphishing attacks using new custom backdoors. These advanced tools employ memory-resident techniques and encrypted communication to evade detection, reducing reliance on third-party software. The group leverages a mix of legitimate cloud services and bulletproof hosting to conceal their command-and-control infrastructure.
Latest mentioned: 09-19
Earliest mentioned: 09-17