Threats Tagged 'powershower'

AdaptixC2 is an emerging open-source post-exploitation framework rapidly adopted by threat actors in APT attacks and ransomware campaigns. Written in Go and C++, it supports Windows, macOS, and Linux with extensive modularity through Beacon Object Files (BOFs). The framework enables diverse command-and-control channels including HTTP/S, TCP, mTLS, DNS, DoH, and SMB with RC4 encryption throughout. It implements sophisticated evasion techniques targeting both network detection systems and endpoint defenses. Despite advanced obfuscation capabilities, network-level detection remains viable through analysis of distinctive communication patterns, header structures, and behavioral indicators. The framework supports credential harvesting via LSASS dumping, LAPS exploitation, and Kerberos attacks, alongside defense evasion through process injection and lateral movement via WinRM and PsExec. Combined NDR and EDR solutions provide effective multi-layered detection coverage against AdaptixC2 operations across network ...

The APT group Cloud Atlas has launched a new wave of cyberattacks targeting Russia's defense industry. They are using stolen document templates from previously infected organizations to create malicious Microsoft Office files. The group cleans metadata from these documents to avoid revealing compromised entities. They move between targeted companies using compromised email accounts (BEC attacks). The attacks focus on defense industry enterprises, with malicious documents disguised as invitations, anti-corruption checks, mobilization documents, employee records, and financial statements. Cloud Atlas uses Google Sheets API for data exfiltration and employs the PowerShower backdoor. The group's infrastructure has migrated to new servers and domains, indicating ongoing campaign development.

MediumMalwareRussiaGermanyFrance+3#bec attacks#powershower#apt