2025-08-28 AI创业新闻

Storm-0501 Exploits Entra ID to Exfiltrate and Delete Azure Data in Hybrid Cloud Attacks

The financially motivated threat actor known as Storm-0501 has been observed refining its tactics to conduct data exfiltration and extortion attacks targeting cloud environments. “Unlike traditional on-premises ransomware, where the threat actor typically deploys malware to encrypt critical files across endpoints within the compromised network and then negotiates for a decryption key, cloud-based ransomware introduces a fundamental shift,” the Microsoft Threat Intelligence team said in a report shared with The Hacker News. “Leveraging cloud-native capabilities, Storm-0501 rapidly exfiltrates large volumes of data, destroys data and backups within the victim environment, and demands ransom – all without relying on traditional malware deployment.” Storm-0501 was first documented by Microsoft almost a year ago, detailing its hybrid cloud ransomware attacks targeting government, manufacturing, transportation, and law enforcement sectors in the U.S., with the threat actors pivoting from on-premises to cloud for subsequent data exfiltration, credential theft, and ransomware deployment. Assessed to be active since 2021, the hacking group has evolved into a ransomware-as-a-service (RaaS) affiliate delivering various ransomware payloads over the years, such as Sabbath, Hive, BlackCat (ALPHV), Hunters International, LockBit, and Embargo.

“Storm-0501 has continued to demonstrate proficiency in moving between on-premises and cloud environments, exemplifying how threat actors adapt as hybrid cloud adoption grows,” the company said. “They hunt for unmanaged devices and security gaps in hybrid cloud environments to evade detection and escalate cloud privileges and, in some cases, traverse tenants in multi-tenant setups to achieve their goals.” Typical attack chains involve the threat actor abusing their initial access to achieve privilege escalation to a domain administrator, followed by on-premises lateral movement and reconnaissance steps that allow the attackers to breach the target’s cloud environment, thereby initiating a multi-stage sequence involving persistence, privilege escalation, data exfiltration, encryption, and extortion. Initial access, per Microsoft, is achieved through intrusions facilitated by access brokers like Storm-0249 and Storm-0900, taking advantage of stolen, compromised credentials to sign in to the target system, or exploiting various known remote code execution vulnerabilities in unpatched public-facing servers. In a recent campaign targeting an unnamed large enterprise with multiple subsidiaries, Storm-0501 is said to have conducted reconnaissance before laterally moving across the network using Evil-WinRM .

The attackers also carried out what’s called a DCSync Attack to extract credentials from Active Directory by simulating the behavior of a domain controller. “Leveraging their foothold in the Active Directory environment, they traversed between Active Directory domains and eventually moved laterally to compromise a second Entra Connect server associated with a different Entra ID tenant and Active Directory domain,” Microsoft said. “The threat actor extracted the Directory Synchronization Account to repeat the reconnaissance process, this time targeting identities and resources in the second tenant.” These efforts ultimately enabled Storm-0501 to identify a non-human synced identity with a Global Admin role in Microsoft Entra ID on that tenant, and lacking in multi-factor authentication (MFA) protections. This subsequently opened the door to a scenario where the attackers reset the user’s on-premises password, causing it to be synced to the cloud identity of that user using the Entra Connect Sync service.

Armed with the compromised Global Admin account, the digital intruders have been found to access the Azure Portal, registering a threat actor-owned Entra ID tenant as a trusted federated domain to create a backdoor, and then elevate their access to critical Azure resources, before setting the stage for data exfiltration and extortion. “After completing the exfiltration phase, Storm-0501 initiated the mass-deletion of the Azure resources containing the victim organization data, preventing the victim from taking remediation and mitigation action by restoring the data,” Microsoft said. “After successfully exfiltrating and destroying the data within the Azure environment, the threat actor initiated the extortion phase, where they contacted the victims using Microsoft Teams using one of the previously compromised users, demanding ransom.” The company said it has enacted a change in Microsoft Entra ID that prevents threat actors from abusing Directory Synchronization Accounts to escalate privileges. It has also released updates to Microsoft Entra Connect ( version 2.5.3.0 ) to support Modern Authentication to allow customers to configure application-based authentication for enhanced security.

“It is also important to enable Trusted Platform Module (TPM) on the Entra Connect Sync server to securely store sensitive credentials and cryptographic keys, mitigating Storm-0501’s credential extraction techniques,” the tech giant added. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Someone Created First AI-Powered Ransomware Using OpenAI’s gpt-oss:20b Model

Cybersecurity company ESET has disclosed that it discovered an artificial intelligence (AI)-powered ransomware variant codenamed PromptLock . Written in Golang, the newly identified strain uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts in real-time. The open-weight language model was released by OpenAI earlier this month. “PromptLock leverages Lua scripts generated from hard-coded prompts to enumerate the local filesystem, inspect target files, exfiltrate selected data, and perform encryption,” ESET said .

“These Lua scripts are cross-platform compatible, functioning on Windows, Linux, and macOS.” The ransomware code also embeds instructions to craft a custom note based on the “files affected,” and the infected machine is a personal computer, company server, or a power distribution controller. It’s currently not known who is behind the malware, but ESET told The Hacker News that PromptLoc artifacts were uploaded to VirusTotal from the United States on August 25, 2025. “PromptLock uses Lua scripts generated by AI, which means that indicators of compromise (IoCs) may vary between executions,” the Slovak cybersecurity company pointed out. “This variability introduces challenges for detection.

If properly implemented, such an approach could significantly complicate threat identification and make defenders’ tasks more difficult.” Assessed to be a proof-of-concept (PoC) rather than a fully operational malware deployed in the wild, PromptLock uses the SPECK 128-bit encryption algorithm to lock files. Besides encryption, analysis of the ransomware artifact suggests that it could also be used to exfiltrate data or even destroy it, although the functionality to actually perform the erasure appears not yet to be implemented. “PromptLock does not download the entire model, which could be several gigabytes in size,” ESET clarified. “Instead, the attacker can simply establish a proxy or tunnel from the compromised network to a server running the Ollama API with the gpt-oss-20b model.” The emergence of PromptLock is another sign that AI has made it easier for cybercriminals, even those who lack technical expertise, to quickly set up new campaigns , develop malware, and create compelling phishing content and malicious sites.

Earlier today, Anthropic revealed that it banned accounts created by two different threat actors that used its Claude AI chatbot to commit large-scale theft and extortion of personal data targeting at least 17 distinct organizations, and developed several variants of ransomware with advanced evasion capabilities, encryption, and anti-recovery mechanisms. The development comes as large language models (LLMs) powering various chatbots and AI-focused developer tools, such as Amazon Q Developer, Anthropic Claude Code, AWS Kiro, Butterfly Effect Manus, Google Jules, Lenovo Lena , Microsoft GitHub Copilot, OpenAI ChatGPT Deep Research, OpenHands, Sourcegraph Amp, and Windsurf, have been found susceptible to prompt injection attacks, potentially allowing information disclosure, data exfiltration, and code execution. Despite incorporating robust security and safety guardrails to avoid undesirable behaviors, AI models have repeatedly fallen prey to novel variants of injections and jailbreaks, underscoring the complexity and evolving nature of the security challenge. “Prompt injection attacks can cause AIs to delete files, steal data, or make financial transactions,” Anthropic said .

“New forms of prompt injection attacks are also constantly being developed by malicious actors.” What’s more, new research has uncovered a simple yet clever attack called PROMISQROUTE – short for “Prompt-based Router Open-Mode Manipulation Induced via SSRF-like Queries, Reconfiguring Operations Using Trust Evasion” – that abuses ChatGPT’s model routing mechanism to trigger a downgrade and cause the prompt to be sent to an older, less secure model, thus allowing the system to bypass safety filters and produce unintended results. “Adding phrases like ‘use compatibility mode’ or ‘fast response needed’ bypasses millions of dollars in AI safety research,” Adversa AI said in a report published last week, adding the attack targets the cost-saving model-routing mechanism used by AI vendors. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Anthropic Disrupts AI-Powered Cyberattacks Automating Theft and Extortion Across Critical Sectors

Anthropic on Wednesday revealed that it disrupted a sophisticated operation that weaponized its artificial intelligence (AI)-powered chatbot Claude to conduct large-scale theft and extortion of personal data in July 2025. “The actor targeted at least 17 distinct organizations, including in healthcare, the emergency services, and government, and religious institutions,” the company said . “Rather than encrypt the stolen information with traditional ransomware, the actor threatened to expose the data publicly in order to attempt to extort victims into paying ransoms that sometimes exceeded $500,000.” “The actor employed Claude Code on Kali Linux as a comprehensive attack platform, embedding operational instructions in a CLAUDE.md file that provided persistent context for every interaction.” The unknown threat actor is said to have used AI to an “unprecedented degree,” using Claude Code, Anthropic’s agentic coding tool, to automate various phases of the attack cycle, including reconnaissance, credential harvesting, and network penetration. The reconnaissance efforts involved scanning thousands of VPN endpoints to flag susceptible systems, using them to obtain initial access and following up with user enumeration and network discovery steps to extract credentials and set up persistence on the hosts.

Furthermore, the attacker used Claude Code to craft bespoke versions of the Chisel tunneling utility to sidestep detection efforts, and disguise malicious executables as legitimate Microsoft tools – an indication of how AI tools are being used to assist with malware development with defense evasion capabilities. The activity, codenamed GTG-2002, is notable for employing Claude to make “tactical and strategic decisions” on its own and allowing it to decide which data needs to be exfiltrated from victim networks and craft targeted extortion demands by analyzing the financial data to determine an appropriate ransom amount ranging from $75,000 to $500,000 in Bitcoin. Claude Code, per Anthropic, was also put to use to organize stolen data for monetization purposes, pulling out thousands of individual records, including personal identifiers, addresses, financial information, and medical records from multiple victims. Subsequently, the tool was employed to create customized ransom notes and multi-tiered extortion strategies based on exfiltrated data analysis.

“Agentic AI tools are now being used to provide both technical advice and active operational support for attacks that would otherwise have required a team of operators,” Anthropic said. “This makes defense and enforcement increasingly difficult, since these tools can adapt to defensive measures, like malware detection systems, in real-time.” To mitigate such “vibe hacking” threats from occurring in the future, the company said it developed a custom classifier to screen for similar behavior and shared technical indicators with “key partners.” Other documented misuses of Claude are listed below - Use of Claude by North Korean operatives related to the fraudulent remote IT worker scheme in order to create elaborate fictitious personas with persuasive professional backgrounds and project histories, technical and coding assessments during the application process, and assist with their day-to-day work once hired Use of Claude by a U.K.-based cybercriminal, codenamed GTG-5004, to develop, market, and distribute several variants of ransomware with advanced evasion capabilities, encryption, and anti-recovery mechanisms, which were then sold on darknet forums such as Dread, CryptBB, and Nulled to other threat actors for $400 to $1,200 Use of Claude by a Chinese threat actor to enhance cyber operations targeting Vietnamese critical infrastructure, including telecommunications providers, government databases, and agricultural management systems, over the course of a 9-month campaign Use of Claude by a Russian-speaking developer to create malware with advanced evasion capabilities Use of Model Context Protocol (MCP) and Claude by a threat actor operating on the xss[.]is cybercrime forum with the goal of analyzing stealer logs and build detailed victim profiles Use of Claude Code by a Spanish-speaking actor to maintain and improve an invite-only web service geared towards validating and reselling stolen credit cards at scale Use of Claude as part of a Telegram bot that offers multimodal AI tools to support romance scam operations , advertising the chatbot as a “high EQ model” Use of Claude by an unknown actor to launch an operational synthetic identity service that rotates between three card validation services, aka “card checkers” The company also said it foiled attempts made by North Korean threat actors linked to the Contagious Interview campaign to create accounts on the platform to enhance their malware toolset, create phishing lures, and generate npm packages, effectively blocking them from issuing any prompts. The case studies add to growing evidence that AI systems, despite the various guardrails baked into them, are being abused to facilitate sophisticated schemes at speed and at scale. “Criminals with few technical skills are using AI to conduct complex operations, such as developing ransomware, that would previously have required years of training,” Anthropic’s Alex Moix, Ken Lebedev, and Jacob Klein said, calling out AI’s ability to lower the barriers to cybercrime.

“Cybercriminals and fraudsters have embedded AI throughout all stages of their operations. This includes profiling victims, analyzing stolen data, stealing credit card information, and creating false identities allowing fraud operations to expand their reach to more potential targets.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

ShadowSilk Hits 35 Organizations in Central Asia and APAC Using Telegram Bots

A threat activity cluster known as ShadowSilk has been attributed to a fresh set of attacks targeting government entities within Central Asia and Asia-Pacific (APAC). According to Group-IB, nearly three dozen victims have been identified, with the intrusions mainly geared towards data exfiltration. The hacking group shares toolset and infrastructural overlaps with campaigns undertaken by threat actors dubbed YoroTrooper, SturgeonPhisher, and Silent Lynx. Victims of the group’s campaigns span Uzbekistan, Kyrgyzstan, Myanmar, Tajikistan, Pakistan, and Turkmenistan, a majority of which are government organizations, and to a lesser extent, entities in the energy, manufacturing, retail, and transportation sectors.

“The operation is run by a bilingual crew – Russian-speaking developers tied to legacy YoroTrooper code and Chinese-speaking operators spearheading intrusions, resulting in a nimble, multi-regional threat profile,” researchers Nikita Rostovcev and Sergei Turner said . “The exact depth and nature of cooperation of these two sub-groups remains still uncertain.” YoroTrooper was first publicly documented by Cisco Talos in March 2023, detailing its attacks targeting government, energy, and international organizations across Europe since at least June 2022. The group is believed to be active as far back as 2021, per ESET. A subsequent analysis later that year revealed that the hacking group likely consists of individuals from Kazakhstan based on their fluency in Kazakh and Russian, as well as what appeared to be deliberate efforts to avoid targeting entities in the country.

Then earlier this January, Seqrite Labs uncovered cyber attacks orchestrated by an adversary dubbed Silent Lynx that singled out various organizations in Kyrgyzstan and Turkmenistan. It also characterized the threat actor as having overlaps with YoroTrooper. ShadowSilk represents the latest evolution of the threat actor, leveraging spear-phishing emails as the initial access vector to drop password-protected archives to drop a custom loader that hides command-and-control (C2) traffic behind Telegram bots to evade detection and deliver additional payloads. Persistence is achieved by modifying the Windows Registry to run them automatically after a system reboot.

The threat actor also employs public exploits for Drupal (CVE-2018-7600 and CVE-2018-76020 and the WP-Automatic WordPress plugin (CVE-2024-27956), alongside leveraging a diverse toolkit comprising reconnaissance and penetration-testing tools such as FOFA, Fscan, Gobuster, Dirsearch, Metasploit, and Cobalt Strike. Furthermore, ShadowSilk has incorporated into its arsenal JRAT and Morf Project web panels acquired from darknet forums for managing infected devices, and a bespoke tool for stealing Chrome password storage files and the associated decryption key. Another notable aspect is its compromise of legitimate websites to host malicious payloads. “Once inside a network, ShadowSilk deploys web shells [like ANTSWORD, Behinder, Godzilla, and FinalShell], Sharp-based post-exploitation tools, and tunneling utilities such as Resocks and Chisel to move laterally, escalate privileges and siphon data,” the researchers said.

The attacks have been observed paving the way for a Python-based remote access trojan (RAT) that can receive commands and exfiltrate data to a Telegram bot, thereby allowing the malicious traffic to be disguised as legitimate messenger activity. Cobalt Strike and Metasploit modules are used to grab screenshots and webcam pictures, while a custom PowerShell script scans for files matching a predefined list of extensions and copies them into a ZIP archive, which is then transmitted to an external server. The Singaporean company has assessed that the operators of the YoroTrooper group are fluent in Russian, and are likely engaged in malware development and facilitating initial access. However, a series of screenshots capturing one of the attackers’ workstations – featuring images of the active keyboard layout, automatic translation of Kyrgyzstan government websites into Chinese, and a Chinese language vulnerability scanner – indicates the involvement of a Chinese-speaking operator, it added.

“Recent behavior indicates that the group remains highly active, with new victims identified as recently as July,” Group-IB said. “ShadowSilk continues to focus on the government sector in Central Asia and the broader APAC region, underscoring the importance of monitoring its infrastructure to prevent long-term compromise and data exfiltration.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

The 5 Golden Rules of Safe AI Adoption

Employees are experimenting with AI at record speed. They are drafting emails, analyzing data, and transforming the workplace. The problem is not the pace of AI adoption, but the lack of control and safeguards in place. For CISOs and security leaders like you, the challenge is clear: you don’t want to slow AI adoption down, but you must make it safe.

A policy sent company-wide will not cut it. What’s needed are practical principles and technological capabilities that create an innovative environment without an open door for a breach. Here are the five rules you cannot afford to ignore. Rule #1: AI Visibility and Discovery The oldest security truth still applies: you cannot protect what you cannot see.

Shadow IT was a headache on its own, but shadow AI is even slipperier. It is not just ChatGPT, it’s also the embedded AI features that exist in many SaaS apps and any new AI agents that your employees might be creating. The golden rule: turn on the lights. You need real-time visibility into AI usage, both stand-alone and embedded.

AI discovery should be continuous and not a one-time event. Rule #2: Contextual Risk Assessment Not all AI usage carries the same level of risk. An AI grammar checker used inside a text editor doesn’t carry the same risk as an AI tool that connects directly to your CRM. Wing enriches each discovery with meaningful context so you can get contextual awareness, including: Who the vendor is and their reputation in the market If your data being used for AI training and if it’s configurable Whether the app or vendor has a history of breaches or security issues The app’s compliance adherence (SOC 2, GDPR, ISO, etc.) If the app connects to any other systems in your environment The golden rule: context matters.

Prevent leaving gaps that are big enough for attackers to exploit. Your AI security platform should give you contextual awareness to make the right decisions about which tools are in use and if they are safe. Rule #3: Data Protection AI thrives on data, which makes it both powerful and risky. If employees feed sensitive information into applications with AI without controls, you risk exposure, compliance violations, and devastating consequences in the event of a breach.

The question is not if your data will end up in AI, but how to ensure it is protected along the way. The golden rule: data needs a seatbelt. Put boundaries around what data can be shared with AI tools and how it is handled, both in policy and by utilizing your security technology to give you full visibility. Data protection is the backbone of safe AI adoption.

Enabling clear boundaries now will prevent potential loss later. Rule #4: Access Controls and Guardrails Letting employees use AI without controls is like handing your car keys to a teenager and yelling, “Drive safe!” without driving lessons. You need technology that enables access controls to determine which tools are being used and under what conditions. This is new for everyone, and your organization is relying on you to make the rules.

The golden rule: zero trust. Still! Make sure your security tools enable you to define clear, customizable policies for AI use, like: Blocking AI vendors that don’t meet your security standards Restricting connections to certain types of AI apps Trigger a workflow to validate the need for a new AI tool Rule #5: Continuous Oversight Securing your AI is not a “set it and forget it” project. Applications evolve, permissions change, and employees find new ways to use the tools.

Without ongoing oversight, what was safe yesterday can quietly become a risk today. The golden rule: keep watching. Continuous oversight means: Monitoring apps for new permissions, data flows, or behaviors Auditing AI outputs to ensure accuracy, fairness, and compliance Reviewing vendor updates that may change how AI features work Being ready to step in when AI is breached This is not about micromanaging innovation. It is about making sure AI continues to serve your business safely as it evolves.

Harness AI wisely AI is here, it is useful, and it is not going anywhere. The smart play for CISOs and security leaders is to adopt AI with intention. These five golden rules give you a blueprint for balancing innovation and protection. They will not stop your employees from experimenting, but they will stop that experimentation from turning into your next security headline.

Safe AI adoption is not about saying “no.” It is about saying: “yes, but here’s how.” Want to see what’s really hiding in your stack? Wing’s got you covered . Found this article interesting? This article is a contributed piece from one of our valued partners.

Salesloft OAuth Breach via Drift AI Chat Agent Exposes Salesforce Customer Data

A widespread data theft campaign has allowed hackers to breach sales automation platform Salesloft to steal OAuth and refresh tokens associated with the Drift artificial intelligence (AI) chat agent. The activity, assessed to be opportunistic in nature, has been attributed to a threat actor tracked by Google Threat Intelligence Group and Mandiant, tracked as UNC6395 . “Beginning as early as August 8, 2025, through at least August 18, 2025, the actor targeted Salesforce customer instances through compromised OAuth tokens associated with the Salesloft Drift third-party application,” researchers Austin Larsen, Matt Lin, Tyler McLellan, and Omar ElAhdan said . In these attacks, the threat actors have been observed exporting large volumes of data from numerous corporate Salesforce instances, with the likely aim of harvesting credentials that could be then used to compromise victim environments.

These include Amazon Web Services (AWS) access keys (AKIA), passwords, and Snowflake -related access tokens. UNC6395 has also demonstrated operational security awareness by deleting query jobs, although Google is urging organizations to review relevant logs for evidence of data exposure, alongside revoking API keys, rotating credentials, and performing further investigation to determine the extent of compromise. Salesloft, in an advisory issued August 20, 2025, said it identified a security issue in the Drift application and that it has proactively revoked connections between Drift and Salesforce. The incident does not affect customers who do not integrate with Salesforce.

“A threat actor used OAuth credentials to exfiltrate data from our customers’ Salesforce instances,” Salesloft said . “The threat actor executed queries to retrieve information associated with various Salesforce objects, including Cases, Accounts, Users, and Opportunities.” The company is also recommending that administrators re-authenticate their Salesforce connection to re-enable the integration. The exact scale of the activity is not known. However, Salesloft said it has notified all affected parties.

In a statement Tuesday, Salesforce said a “small number of customers” were impacted, stating the issue stems from a “compromise of the app’s connection.” “Upon detecting the activity, Salesloft, in collaboration with Salesforce, invalidated active Access and Refresh Tokens, and removed Drift from AppExchange. We then notified affected customers,” Salesforce added . The development comes as Salesforce instances have become an active target for financially motivated threat groups like UNC6040 and UNC6240 (aka ShinyHunters), the latter of which has since joined hands with Scattered Spider (aka UNC3944) to secure initial access. “What’s most noteworthy about the UNC6395 attacks is both the scale and the discipline,” Cory Michal, CSO of AppOmni, said.

“This wasn’t a one-off compromise; hundreds of Salesforce tenants of specific organizations of interest were targeted using stolen OAuth tokens, and the attacker methodically queried and exported data across many environments.” “They demonstrated a high level of operational discipline, running structured queries, searching specifically for credentials, and even attempting to cover their tracks by deleting jobs. The combination of scale, focus, and tradecraft makes this campaign stand out.” Michal also pointed out that many of the targeted and compromised organizations were themselves security and technology companies, indicating that the campaign may be an “opening move” as part of a broader supply chain attack strategy. “By first infiltrating vendors and service providers, the attackers put themselves in position to pivot into downstream customers and partners,” Michal added. “That makes this not just an isolated SaaS compromise, but potentially the foundation for a much larger campaign aimed at exploiting the trust relationships that exist across the technology supply chain.” Found this article interesting?

Cybersecurity researchers have discovered five distinct activity clusters linked to a persistent threat actor known as Blind Eagle between May 2024 and July 2025. These attacks, observed by Recorded Future Insikt Group, targeted various victims, but primarily within the Colombian government across local, municipal, and federal levels. The threat intelligence firm is tracking the activity under the name TAG-144. “Although the clusters share similar tactics, techniques, and procedures (TTPs) such as leveraging open-source and cracked remote access trojans (RATs), dynamic domain providers, and legitimate internet services (LIS) for staging, they differ significantly in infrastructure, malware deployment, and other operational methods,” the Mastercard-owned company said .

Blind Eagle has a history of targeting organizations in South America since at least 2018, with the attacks reflecting both cyber espionage and financially driven motivations. This is evidenced in their recent campaigns, which have involved banking-related keylogging and browser monitoring as well as targeting government entities using various remote access trojans (RATs). Targets of the group’s attacks include the judiciary and tax authorities, along with entities in the financial, petroleum, energy, education, healthcare, manufacturing, and professional services sectors. The operations predominantly span Colombia, Ecuador, Chile, and Panama, and, in some cases, Spanish-speaking users in North America.

Attack chains typically involve the use of spear-phishing lures impersonating local government agencies to entice recipients into opening malicious documents or clicking on links concealed using URL shorteners like cort[.]as, acortaurl[.]com, and gtly[.]to. Blind Eagle makes use of compromised email accounts to send the messages and leverages geofencing tricks to redirect users to official government websites when attempting to navigate to attacker-controlled infrastructure outside of Colombia or Ecuador. “TAG-144’s command-and-control (C2) infrastructure often incorporates IP addresses from Colombian ISPs alongside virtual private servers (VPS) such as Proton666 and VPN services like Powerhouse Management, FrootVPN, and TorGuard,” Recorded Future said. This setup is further enhanced by the use of dynamic DNS services, including duckdns[.]org, ip-ddns[.]com, and noip[.]com.” The threat group has also taken advantage of legitimate internet services, such as Bitbucket, Discord, Dropbox, GitHub, Google Drive, the Internet Archive, lovestoblog.com, Paste.ee, Tagbox, and lesser-known Brazilian image-hosting websites, for staging payloads in order to obscure malicious content and evade detection.

Recent campaigns orchestrated by the threat actor have employed a Visual Basic Script file as a dropper to execute a dynamically generated PowerShell script at runtime, which, in turn, reaches out to an external server to download an injector module that’s responsible for loading Lime RAT, DCRat, AsyncRAT, or Remcos RAT. The regional focus aside, the hacking group has consistently relied on the same techniques since its emergence, underscoring how “well-established methods” continue to yield high success rates in the region. Recorded Future’s analysis of Blind Eagle’s campaigns have uncovered five clusters of activity - Cluster 1 (from February through July 2025), which has targeted Colombian government entities exclusively with DCRat, AsyncRAT, and Remcos RAT Cluster 2 (from September through December 2024), which has targeted Colombian government and entities in the education, defense, and retail sectors with AsyncRAT and XWorm Cluster 3 (from September 2024 through July 2025), which is characterized by the deployment of AsyncRAT and Remcos RAT Cluster 4 (from May 2024 through February 2025), which is associated with malware and phishing infrastructure attributed to TAG-144, with the phishing pages mimicking Banco Davivienda, Bancolombia, and BBVA Cluster 5 (from March through July 2025), which is associated with Lime RAT and a cracked AsyncRAT variant observed in Clusters 1 and 2 The digital missives used in these campaigns come with an SVG attachment, which then reaches out to Discord CDN to retrieve a JavaScript payload that, for its part, fetches a PowerShell script from Paste.ee. The PowerShell script is designed to decode and execute another PowerShell payload that obtains a JPG image hosted on the Internet Archive and extracts from it an embedded .NET assembly.

Interestingly, the cracked version of AsyncRAT used in the attacks has been previously observed in connection with intrusion activity mounted by threat actors Red Akodon and Shadow Vector , both of which have targeted Colombia over the past year. Nearly 60% of the observed Blind Eagle activity during the analysis period has targeted the government sector, followed by education, healthcare, retail, transportation, defense, and oil verticals. “Although TAG-144 has targeted other sectors and has occasionally been linked to intrusions in additional South American countries such as Ecuador, as well as Spanish-speaking victims in the US, its primary focus has consistently remained on Colombia, particularly on government entities,” Recorded Future said. “This persistent targeting raises questions about the threat group’s true motivations, such as whether it operates solely as a financially driven threat actor leveraging established tools, techniques, and monetization strategies, or whether elements of state-sponsored espionage are also at play.” Found this article interesting?

Citrix Patches Three NetScaler Flaws, Confirms Active Exploitation of CVE-2025-7775

Citrix has released fixes to address three security flaws in NetScaler ADC and NetScaler Gateway, including one that it said has been actively exploited in the wild. The vulnerabilities in question are listed below - CVE-2025-7775 (CVSS score: 9.2) - Memory overflow vulnerability leading to Remote Code Execution and/or Denial-of-Service CVE-2025-7776 (CVSS score: 8.8) - Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial-of-Service CVE-2025-8424 (CVSS score: 8.7) - Improper access control on the NetScaler Management Interface The company acknowledged that “exploits of CVE-2025-7775 on unmitigated appliances have been observed,” but stopped short of sharing additional details. However, for the flaws to be exploited, there are a number of prerequisites - CVE-2025-7775

NetScaler must be configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server; NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers; NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers; or CR virtual server with type HDX CVE-2025-7776
NetScaler must be configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it CVE-2025-8424
Access to NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access The issues have been resolved in the following versions, with no available workarounds - NetScaler ADC and NetScaler Gateway 14.1-47.48 and later releases NetScaler ADC and NetScaler Gateway 13.1-59.22 and later releases of 13.1 NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1-37.241 and later releases of 13.1-FIPS and 13.1-NDcPP NetScaler ADC 12.1-FIPS and 12.1-NDcPP 12.1-55.330 and later releases of 12.1-FIPS and 12.1-NDcPP Citrix credited Jimi Sebree of Horizon3.ai, Jonathan Hetzer of Schramm & Partnerfor and François Hämmerli for discovering and reporting the vulnerabilities. CVE-2025-7775 is the latest NetScaler ADC and Gateway vulnerability to be weaponized in real-world attacks in a short span of time, after CVE-2025-5777 (aka Citrix Bleed 2) and CVE-2025-6543 .

The disclosure also comes a day after the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two security flaws impacting Citrix Session Recording (CVE-2024-8068 and CVE-2024-8069) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. CISA Adds CVE-2025-7775 to KEV Catalog CISA, on August 26, 2025, added CVE-2025-7775 to the KEV catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate to address the flaw within the next 48 hours (i.e., August 28). “Citrix NetScaler ADC and NetScaler Gateway contain a memory overflow vulnerability that could allow for remote code execution and/or Denial-of-Service,” the agency said .

Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

New Sni5Gect Attack Crashes Phones and Downgrades 5G to 4G without Rogue Base Station

A team of academics has devised a novel attack that can be used to downgrade a 5G connection to a lower generation without relying on a rogue base station (gNB). The attack , per the ASSET (Automated Systems SEcuriTy) Research Group at the Singapore University of Technology and Design (SUTD), relies on a new open-source software toolkit named Sni5Gect (short for “Sniffing 5G Inject”) that’s designed to sniff unencrypted messages sent between the base station and the user equipment (UE, i.e., a phone) and inject messages to the target UE over-the-air. The framework can be used to carry out attacks such as crashing the UE modem, downgrading to earlier generations of networks, fingerprinting, or authentication bypass, according to Shijie Luo, Matheus Garbelini, Sudipta Chattopadhyay, and Jianying Zhou. “As opposed to using a rogue base station, which limits the practicality of many 5G attacks, SNI5GECT acts as a third-party in the communication, silently sniffs messages, and tracks the protocol state by decoding the sniffed messages during the UE attach procedure,” the researchers said.

“The state information is then used to inject a targeted attack payload in downlink communication.” The findings build upon a prior study from ASSET in late 2023 that led to the discovery of 14 flaws in the firmware implementation of 5G mobile network modems from MediaTek and Qualcomm, collectively dubbed 5Ghoul , that could be exploited to launch attacks to drop connections, freeze the connection that involves manual reboot, or downgrade the 5G connectivity to 4G. The Sni5Gect attacks are designed to passively sniff messages during the initial connection process, decode the message content in real-time, and then leverage the decoded message content to inject targeted attack payloads. Specifically, the attacks are designed to take advantage of the phase before the authentication procedure, at which point the messages exchanged between the gNB and the UE are not encrypted. As a result, the threat model does not require knowledge of the UE’s credentials to sniff uplink/downlink traffic or inject messages.

“To the best of our knowledge, SNI5GECT is the first framework that empowers researchers with both over-the-air sniffing and stateful injection capabilities, without requiring a rogue gNB,” the researchers said. “For example, an attacker can exploit the short UE communication window that spans from the RACH process until the NAS security context is established. Such an attacker actively listens for any RAR message from the gNB, which provides the RNTI to decode further UE messages.” This enables the threat actor to crash the modem on the victim’s device, fingerprint the targeted device, and even downgrade the connection to 4G, which has known vulnerabilities that can be exploited by the attacker to track the UE location over time. In tests against five smartphones, including OnePlus Nord CE 2, Samsung Galaxy S22, Google Pixel 7, and Huawei P40 Pro, the study achieved 80% accuracy in uplink and downlink sniffing, and managed to inject messages with a success rate of 70-90% from a distance of up to 20 meters (65 feet).

The Global System for Mobile Communications Association (GSMA), a non-profit trade association that represents mobile network operators worldwide and develops new technologies, has acknowledged the multi-stage, downgrade attack, and assigned it the identifier CVD-2024-0096. “We argue that SNI5GECT is a fundamental tool in 5G security research that enables not only over-the-air 5G exploitation but advancing future research on packet-level 5G intrusion detection and mitigation, security enhancements to 5G physical layer security and beyond,” the researchers concluded. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

MixShell Malware Delivered via Contact Forms Targets U.S. Supply Chain Manufacturers

Cybersecurity researchers are calling attention to a sophisticated social engineering campaign that’s targeting supply chain-critical manufacturing companies with an in-memory malware dubbed MixShell. The activity has been codenamed ZipLine by Check Point Research. “Instead of sending unsolicited phishing emails, attackers initiate contact through a company’s public ‘Contact Us’ form, tricking employees into starting the conversation,” the company said in a statement shared with The Hacker News. “What follows are weeks of professional, credible exchanges, often sealed with fake NDAs, before delivering a weaponized ZIP file carrying MixShell, a stealthy in-memory malware.” The attacks have cast a wide net, spanning multiple organizations across sectors and geographic locations, but with an emphasis on U.S.-based entities.

Primary targets include companies in industrial manufacturing, such as machinery, metalwork, component production, and engineered systems, as well as those related to hardware and semiconductors, consumer goods, biotechnology, and pharmaceuticals. This diverse, yet focused, targeting has raised the possibility that the threat actors behind the campaign are honing in on industry verticals critical to the supply chain. Other countries targeted by ZipLine include Singapore, Japan, and Switzerland. The campaign’s provenance and motives are presently unclear, but Check Point said it identified overlapping digital certificates between an IP address used in the attacks and infrastructure previously identified by Zscaler and Proofpoint as employed in TransferLoader attacks undertaken by a threat cluster referred to as UNK_GreenSec.

ZipLine is another instance of how threat actors are increasingly banking on legitimate business workflows, such as approaching targets via a company’s Contact Us form on their website, thereby weaponizing trust in the process to sidestep any potential concerns. While the approach of using website contact forms as a malware distribution vector is not wholly new, where ZipLine stands apart is in its avoidance of scare tactics and urgent language to trick recipients into taking unintended actions. This patient, social engineering technique involves drawing victims into multi-week conversations, in some cases even instructing them to sign non-disclosure agreements (NDAs), before sending booby-trapped ZIP files. Recent social engineering waves have also capitalized on the artificial intelligence (AI) transformation trend, with the attackers “offering” to help the target entities implement new AI-centric initiatives to reduce costs and improve efficiency.

The attack chain is characterized by multi-stage payloads, in-memory execution, and DNS-based command-and-control (C2) channels, allowing the threat actor to stay under the radar. Specifically, the ZIP archives come fitted with a Windows shortcut (LNK) that triggers a PowerShell loader, which then paves the way for the custom in-memory MixShell implant that uses DNS tunneling and HTTP as a fallback C2 mechanism to support remote command execution, file operations, reverse proxying, stealth persistence, and deeper network infiltration. MixShell also comes in a PowerShell variant that incorporates advanced anti-debugging and sandbox evasion techniques, uses scheduled tasks for persistence, and drops the reverse proxy shell and file download capabilities. The malicious ZIP files are hosted on a sub-domain of herokuapp[.]com, a legitimate Platform-as-a-Service (PaaS) providing compute and storage infrastructure for hosting web applications – once again illustrating the threat actor’s abuse of legitimate services to blend in with normal enterprise network activity.

The LNK file responsible for initiating the execution chain also displays a lure document present in the ZIP file so as not to arouse the victim’s suspicion. That said, Check Point noted that not all ZIP files served from the Heroku domain are malicious, suggesting customized delivery of malware in real-time based on certain criteria. “In many cases, the attacker uses domains that match the names of LLCs registered U.S.-based companies, and in some cases, may have previously belonged to legitimate businesses,” Check Point said. “The attacker maintains similar template websites to all those companies, which hint at a well-planned and streamlined campaign on a large scale.” The campaign poses severe risks to companies, as it can lead to theft of intellectual property and ransomware attacks, business email compromise, and account takeovers resulting in financial fraud, and potential supply chain disruptions with cascading impacts.

“The ZipLine campaign is a wake-up call for every business that believes phishing is just about suspicious links in emails,” Sergey Shykevich, threat intelligence group manager at Check Point Research, said. “Attackers are innovating faster than ever – blending human psychology, trusted communication channels, and timely AI-themed lures. To stay safe, organizations must adopt prevention-first, AI-driven defenses and build a culture of vigilance that treats every inbound interaction as a potential threat.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

AI-Driven Trends in Endpoint Security: What the 2025 Gartner® Magic Quadrant™ Reveals

Cyber threats and attacks like ransomware continue to increase in volume and complexity with the endpoint typically being the most sought after and valued target. With the rapid expansion and adoption of AI, it is more critical than ever to ensure the endpoint is adequately secured by a platform capable of not just keeping pace, but staying ahead of an ever-evolving threat landscape. SentinelOne’s steadfast commitment to delivering AI-powered cybersecurity enables global customers and partners to achieve resiliency and reduce risk with real-time, autonomous protection across the entire enterprise — all from a single agent and console with a robust, rigorously tested platform that keeps the customer in control. Cybersecurity today isn’t just about detection—it’s about operational continuity under pressure.

For example, endpoint solutions must account for encrypted traffic inspection, policy enforcement during identity compromise, and fast containment across distributed environments. These capabilities are especially critical in industries like healthcare or finance, where seconds can mean regulatory penalties or breached patient records. Gartner recently named SentinelOne a Leader in the 2025 Gartner® Magic Quadrant for Endpoint Protection Platforms for the fifth consecutive year. This recognition builds on the Singularity Platform’s momentum in innovation as the first solution with an AI analyst and the first unified platform delivering EDR, CNAPP, Hyperautomation, and SIEM to be FedRAMP High (the highest level of U.S.

federal cloud security authorization) Authorized. SentinelOne provides protection for organizations of all sizes—from small businesses to global governments and enterprises—meeting their unique needs in the face of an increasingly complex cyber landscape. The Singularity Platform secures organizations across any device, any OS, and any cloud, providing industry-leading signal-to-noise so SOC teams can focus on responding as quickly as possible. With advanced XDR, AI SIEM, and CNAPP capabilities, a lightweight agent, and responsible architecture, SentinelOne offers a solution designed for both security and operational resiliency.

Organizations using Singularity Endpoint and Purple AI detect threats 63% faster, reduce MTTR by 55% , and lower the likelihood of a security incident by 60%. Customers have reported a 338% ROI over three years, maximizing the value of their security investments while strengthening their endpoint security. For example, a healthcare provider using SentinelOne reported cutting incident response time by over 50% during a phishing-induced ransomware outbreak, thanks to automated rollback and unified visibility across cloud workloads and endpoints. Many teams searching for EDR or XDR platforms are trying to answer: “Will this reduce alert fatigue?” or “Can it integrate with my SIEM or SOAR stack without more overhead?” This is where automation must go beyond buzzwords—reducing manual triage, stitching disconnected signals, and working with existing tools instead of replacing them.

SentinelOne has set the standard in modern endpoint protection since entering the market more than a decade ago, disrupting both traditional antivirus and early next-gen AV approaches. Unlike signature-based protection and cloud-dependent defenses, the platform pioneered the use of static and behavioral AI and machine learning to detect even novel techniques, solve for both online and air-gapped environments, and automate response. These innovations differentiate SentinelOne from traditional AV and even next-gen EDR solutions, offering deeper automation and on-device intelligence compared to competitors that rely heavily on cloud lookups or manual workflows. This innovation, architecture, and design philosophy continues to evolve through Purple AI, advanced behavioral detection models, automated remediation and rollback, XDR capabilities, and more.

The security platform now offers solutions spanning Identity, Cloud, AI SIEM, Hyperautomation, expert-managed detection and response, and a range of threat services. Accelerating the SOC and staying ahead of attacks in the age of AI requires platforms that harness innovation in AI and automation to radically improve detection, triage, and response. SentinelOne’s platform has long embedded AI and automation as a foundational element. The company continues to develop accessible, compliant AI and automation to transform the SOC.

Behavioral AI and the Future of Cyber Threat Detection Over the last decade, SentinelOne has advanced behavioral AI detections, automated remediation, and introduced agentic AI for security. Rather than merely assisting analysts, agentic AI—defined as a class of autonomous AI systems capable of initiating and executing security actions without human prompting—autonomously takes action, handles routine tasks, and accelerates decision making while keeping the human operator in control. Purple AI, the platform’s AI security analyst , translates natural language questions into powerful threat hunting queries, suggests follow-up questions, recommends next steps, and generates reports and email summaries to accelerate remediation. Built on the Open Cybersecurity Schema Framework (OCSF), a vendor-agnostic standard for unifying data models, Purple AI ensures unified visibility across all security data, enabling fast, precise threat detection.

Figure 2: A natural language query using Purple AI to hunt for Privilege Escalation activity This capability is integrated into Singularity Complete, SentinelOne’s EDR solution, positioning Purple AI as a transformative force in SOC operations. By combining human insight with AI-level reasoning and automation, it enables faster, more accurate triage, investigation, threat management, and response. How Endpoint Security Has Evolved in the Age of AI Product innovation remains central to SentinelOne’s strategy, driven by customer feedback, cost and time savings, and deep integration of AI and automation. Detects suspicious and malicious patterns in real time using behavioral and static AI models across servers, workstations, and workloads Correlates telemetry data from endpoints, cloud workloads, and identity sources into detailed, visual Storylines Figure 3: Storyline helps security teams understand, investigate, and respond to threats faster and more effectively Offers one-click rollback to a pre-attack state, drastically reducing remediation time Enables custom workflows and incident response via Singularity Hyperautomation’s no-code, drag-and-drop canvas SentinelOne also plays a central role in Zero Trust architectures, supporting identity-based segmentation and continuous trust evaluation across cloud, hybrid, and air-gapped environments.

By aligning with frameworks like MITRE ATT&CK, OCSF, and NIST 800-207, the platform enables cohesive telemetry correlation and policy enforcement—positioning it as more than just endpoint protection, but a pillar in enterprise-wide cyber resilience. Balancing Control and Stability in Modern Cybersecurity Platforms The Singularity Platform delivers simplicity, stability, and ease of use across various deployment environments—on-premises, hybrid, air-gapped, or fully cloud-based. SentinelOne offers comprehensive OS support, including legacy systems such as Windows XP, 2008, and 2012, and spans more than 20 years of Windows Server coverage. Customer control is a cornerstone of the platform’s philosophy.

The multi-tenant management console emphasizes analyst experience, with streamlined deployment, configuration, and management. Updates are rigorously tested, responsibly deployed, and controlled by the customer to ensure stability and autonomy. As recognized by Gartner in this year’s evaluation, the unified agent and intuitive console deliver deep enterprise visibility while reducing overhead and administrative burden, allowing security teams to focus on high-priority tasks. Earning Industry Trust Through Proven Performance SentinelOne continues to lead in endpoint cybersecurity, earning trust from nearly 15,000 customers—including Fortune 10, Fortune 500, Global 2000 companies, and major government agencies.

The company consistently achieves top results in MITRE ATT&CK Enterprise Evaluations, delivering an industry-leading signal-to-noise ratio. In addition to being named a Leader in the 2025 Gartner Magic Quadrant for Endpoint Protection Platforms , SentinelOne’s Singularity Platform has been recognized as a 2025 Customers’ Choice in the Voice of the Customer for Extended Detection and Response (XDR), a 2024 Customers’ Choice for Cloud-Native Application Protection Platforms (CNAPP), and a 2024 Customers’ Choice for Managed Detection and Response (MDR). SentinelOne was also named a Strong Performer in the 2025 Gartner Peer Insights Voice of the Customer for Cloud Security Posture Management tools (CSPM). To see how SentinelOne can transform endpoint security within an organization, stakeholders can request a tailored demo or download the full Gartner report for detailed evaluation insights.

Gartner, Magic Quadrant for Endpoint Protection Platforms, Evgeny Mirolyubov, Franz Hinner, Deepak Mishra, July 14, 2025. Gartner, Voice of the Customer for Extended Detection and Response, Peer Contributors, 23 May 2025. Gartner, Voice of the Customer for Cloud-Native Application Protection Platforms, Peer Contributors, 27 December 2024. Gartner, Voice of the Customer for Managed Detection and Response, Peer Contributors, 28 November 2024.

Gartner, Voice of the Customer for Cloud Security Posture Management Tools, Peer Contributors, 30 May 2025. Gartner Disclaimer GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, MAGIC QUADRANT and PEER INSIGHTS are registered trademarks of Gartner, Inc.

and/or its affiliates and are used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact.

Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences with the vendors listed on the platform, should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose. Found this article interesting?

This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

ShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto Miners

A new large-scale campaign has been observed exploiting over 100 compromised WordPress sites to direct site visitors to fake CAPTCHA verification pages that employ the ClickFix social engineering tactic to deliver information stealers, ransomware, and cryptocurrency miners. The large-scale cybercrime campaign, first detected in August 2025, has been codenamed ShadowCaptcha by the Israel National Digital Agency. “The campaign […] blends social engineering, living-off-the-land binaries (LOLBins), and multi-stage payload delivery to gain and maintain a foothold in targeted systems,” researchers Shimi Cohen, Adi Pick, Idan Beit Yosef, Hila David, and Yaniv Goldman said . “The ultimate objectives of ShadowCaptcha are collecting sensitive information through credential harvesting and browser data exfiltration, deploying cryptocurrency miners to generate illicit profits, and even causing ransomware outbreaks.” The attacks begin with unsuspecting users visiting a compromised WordPress website that has been injected with malicious JavaScript code that’s responsible for initiating a redirection chain that takes them to a fake Cloudflare or Google CAPTCHA page.

From there, the attack chain forks into two, depending on the ClickFix instructions displayed on the web page: One that utilizes the Windows Run dialog and another that guides the victim to save a page as an HTML Application (HTA) and then run it using mshta.exe. The execution flow triggered via the Windows Run dialog culminates in the deployment of Lumma and Rhadamanthys stealers via MSI installers launched using msiexec.exe or through remotely-hosted HTA files run using mshta.exe, whereas the execution of the saved HTA payload results in the installation of Epsilon Red ransomware. It’s worth pointing out that the use of ClickFix lures to trick users into downloading malicious HTA files for spreading Epsilon Red ransomware was documented last month by CloudSEK. “The compromised ClickFix page automatically executes obfuscated JavaScript that uses ‘navigator.clipboard.writeText’ to copy a malicious command to the user’s clipboard without any interaction, relying on users to paste and run it unknowingly,” the researchers said.

The attacks are characterized by the use of anti-debugger techniques to prevent inspection of web pages using browser developer tools, while also relying on DLL side-loading to execute malicious code under the guise of legitimate processes. Select ShadowCaptcha campaigns have observed delivering an XMRig-based cryptocurrency miner, with some variants fetching the mining configuration from a Pastebin URL rather than hard-coding it in the malware, thus allowing them to adjust the parameters on the fly. In cases where the miner payloads are deployed, the attackers have also been observed dropping a vulnerable driver (“WinRing0x64.sys”) to achieve kernel-level access and interact with CPU registers with an aim to improve mining efficiency. Of the infected WordPress sites, a majority of them are located in Australia, Brazil, Italy, Canada, Colombia, and Israel, spanning technology, hospitality, legal/finance, healthcare, and real estate sectors.

Exactly how these WordPress sites are compromised is not known. However, Goldman told The Hacker News there is medium confidence that the attackers obtained access through various known exploits in a variety of plugins, and in some instances using the WordPress portal with compromised credentials. To mitigate the risks posed by ShadowCaptcha, it’s essential to train users to watch out for ClickFix campaigns, segment networks to prevent lateral movement, and ensure WordPress sites are kept up-to-date and secured using multi-factor authentication (MFA) protections. “ShadowCaptcha shows how social-engineering attacks have evolved into full-spectrum cyber operations,” the researchers said.

“By tricking users into running built-in Windows tools and layering obfuscated scripts and vulnerable drivers, operators gain stealthy persistence and can pivot between data theft, crypto mining, or ransomware.” The disclosure comes as GoDaddy detailed the evolution of Help TDS , a traffic distribution (or direction) system that has been active since 2017 and has been linked to malicious schemes like VexTrio Viper. Help TDS provides partners and affiliates with PHP code templates that are injected into WordPress sites, ultimately directing users to malicious destinations based on the targeting criteria. “The operation specializes in tech support scams utilizing full-screen browser manipulation and exit prevention techniques to trap victims on fraudulent Microsoft Windows security alert pages, with fallback monetization through dating, cryptocurrency, and sweepstakes scams,” security researcher Denis Sinegubko said . Some of the notable malware campaigns that have leveraged Help TDS in recent years include DollyWay, Balada Injector, and DNS TXT redirects.

The scam pages, for their part, use JavaScript to force browsers to enter full-screen mode and display the fraudulent alert and even feature counterfeit CAPTCHA challenges before rendering them in a bid to sidestep automated security scanners. Help TDS operators are said to have developed a malicious WordPress plugin known as “woocommerce_inputs” between late 2024 and August 2025 to enable the redirection functionality, alongside steadily adding credential harvesting, geographic filtering, and advanced evasion techniques. The plugin is estimated to be installed on over 10,000 sites worldwide. The malicious plugin masquerades as WooCommerce to evade detection by site owners.

It’s exclusively installed by attackers after compromising WordPress sites through stolen administrator credentials. “This plugin serves as both a traffic monetization tool and credential harvesting mechanism, demonstrating continuous evolution from simple redirect functionality to a sophisticated malware-as-a-service offering,” GoDaddy said. “By providing ready-made solutions including C2 infrastructure, standardized PHP injection templates, and fully-featured malicious WordPress plugins, Help TDS has lowered the barrier to entry for cybercriminals seeking to monetize infiltrated websites.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.