The disclosed cyber attack involved the use of the Tuoni C2 framework, a relatively new command-and-control tool released in early 2024 and freely available as a community edition on GitHub. Tuoni is primarily intended for security professionals conducting penetration testing and red team operations, but threat actors leveraged it maliciously in this campaign. The attack began with social engineering via Microsoft Teams impersonation, where the attacker posed as a trusted vendor or colleague to convince an employee to execute a PowerShell command. This initial script downloaded a second PowerShell script from an external server (kupaoquan[.]com), which employed steganography by embedding the next-stage payload within a bitmap (BMP) image file. The embedded payload extracted shellcode and executed it directly in memory, avoiding disk writes and thereby reducing detection likelihood. This shellcode loaded the TuoniAgent.dll, which connected back to the attacker’s C2 server, enabling remote control over the compromised host. The attack chain demonstrated AI-assisted code generation, evident from scripted comments and modular loader design, suggesting automation in crafting evasive payloads. Although the attack was ultimately unsuccessful, it underscores the risk posed by the abuse of legitimate red team tools and AI-enhanced malware delivery techniques. The campaign targeted a U.S.-based real-estate company in October 2025, but the tactics and tools used could be adapted globally. No known exploits in the wild have been reported beyond this incident, and no patches are available since the threat exploits social engineering and legitimate tools rather than software vulnerabilities.

For European organizations, particularly those in real estate, property management, and associated sectors, this threat poses significant risks. The use of social engineering combined with stealthy, in-memory execution techniques can bypass traditional endpoint defenses and detection mechanisms. If successful, attackers could gain persistent remote access, enabling data exfiltration, espionage, or further lateral movement within networks. The abuse of legitimate red teaming tools complicates attribution and detection, increasing the risk of prolonged undetected intrusions. Given the sensitive nature of real estate data, including financial transactions, personal client information, and corporate intellectual property, a breach could lead to severe confidentiality and integrity impacts. Additionally, the use of AI-assisted payload generation indicates a trend toward more sophisticated, rapidly evolving attack methods that could outpace current defensive capabilities. European organizations may also face regulatory and reputational consequences under GDPR and other data protection laws if such intrusions lead to data breaches.

European organizations should implement targeted mitigations beyond generic advice: 1) Enhance employee training focused on social engineering threats, particularly on collaboration platforms like Microsoft Teams, emphasizing verification of unexpected requests and commands. 2) Deploy advanced endpoint detection and response (EDR) solutions capable of detecting in-memory execution and anomalous PowerShell activity, including monitoring for steganographic payload delivery methods. 3) Restrict PowerShell execution policies and implement application control to limit execution of unauthorized scripts and DLLs. 4) Monitor network traffic for unusual communications to known or suspicious external domains such as kupaoquan[.]com, and employ DNS filtering to block access to malicious infrastructure. 5) Conduct threat hunting exercises focused on detecting misuse of red team tools like Tuoni and signs of AI-generated code artifacts. 6) Maintain an inventory of legitimate red team tools authorized within the environment and monitor for unauthorized usage. 7) Collaborate with threat intelligence providers to stay updated on emerging threats involving AI-assisted malware and red team tool abuse. 8) Implement multi-factor authentication and least privilege principles to reduce the impact of compromised credentials used in social engineering attacks.