DarkCloud Stealer: Inside a Sophisticated Malware Campaign Using AutoIt

Introduction Unit 42 researchers have recently uncovered an advanced phishing campaign leveraging DarkCloud Stealer, an information-stealing malware active since 2022. This malware uses complex evasion techniques, including AutoIt scripting, to bypass security mechanisms and extract sensitive user data. Here’s a breakdown of how this stealthy malware operates and what you can do to protect your …

Wi-Fi Warfare: The Shocking New Hack That Exploits Neighboring Businesses

A Russian state-sponsored hacking group, GruesomeLarch (also known as APT28 or Fancy Bear), has developed a sophisticated method called the “Nearest Neighbor Attack.” This technique allows hackers to remotely infiltrate organizations by exploiting the Wi-Fi networks of nearby businesses, without needing malware or physical presence. How the Attack Worked The attack was discovered in February …

Is this attacker’s IP spoofed?

We’re actively sending abuse alert emails to network owners, alerting them to potential compromises on their servers. Recently, several TOR operators (middle, guard, and exit nodes) have reached out, reporting that their IPs were spoofed. While these claims have validity, we’d like to highlight that a significant amount of the TCP port 22 traffic we …