Threats Tagged 'cloudflare tunnels'
View all threats tagged with 'cloudflare tunnels'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cloudflare tunnels'
Click on any threat for detailed analysis and mitigation recommendations
Gamaredon in 2024: Cranking out spearphishing campaigns against Ukraine with an evolved toolset 0 Throughout 2024, Gamaredon focused exclusively on targeting Ukrainian governmental institutions with spearphishing campaigns and weaponized USB drives. The group developed six new tools and significantly updated existing ones, improving stealth and evasion capabilities. Gamaredon increased the scale of its spearphishing campaigns, especially in the second half of the year. The group also made efforts to bypass network-based blocking, hiding most of its command and control infrastructure behind Cloudflare tunnels. Notable updates include enhancements to PteroLNK for weaponizing network drives, improvements in file exfiltration techniques, and the introduction of new downloaders. Despite these advancements, Gamaredon showed signs of operational limitations, occasionally abandoning or infrequently updating certain tools. Join the discussion | AlienVault OTX General | 07/04/2025, 10:34:21 UTC Added: 07/04/2025, 10:54:29 UTC |
Analyzing SERPENTINE#CLOUD: Threat Actors Abuse Cloudflare Tunnels to Infect Systems with Stealthy Python-Based Malware 0 The SERPENTINE#CLOUD campaign leverages Cloudflare Tunnels and Python-based loaders to deliver memory-injected payloads through a chain of shortcut files and obfuscated scripts. The attack begins with malicious .lnk files disguised as documents, fetching remote code from Cloudflare subdomains. The infection chain involves batch, VBScript, and Python stages, ultimately deploying shellcode that loads a Donut-packed PE payload. The campaign focuses on Western targets, using Cloudflare for payload hosting and anonymity. It demonstrates evolving tactics, shifting from simple .url files to sophisticated .lnk payloads. The final stage involves a RAT payload, giving attackers full control over infected hosts. Join the discussion | AlienVault OTX General | 06/20/2025, 06:08:42 UTC Added: 06/20/2025, 08:31:51 UTC |
Showing 1 to 2 of 2 results