Related Posts

Ukrainian Network FDN3 Conducts Widespread Brute-Force Attacks on SSL VPN and RDP Devices

Date: Sep 02, 2025
Category: Cyber Attack / Botnet

Cybersecurity experts have identified a Ukrainian IP network engaging in extensive brute-force and password spraying campaigns against SSL VPN and RDP devices between June and July 2025. The operations are traced back to the Ukraine-based autonomous system FDN3 (AS211736), according to French cybersecurity firm Intrinsec. “We have high confidence that FDN3 is part of a larger malicious infrastructure that includes two other Ukrainian networks, VAIZ-AS (AS61432) and ERISHENNYA-ASN (AS210950), as well as a Seychelles-based system, TK-NET (AS210848),” the report stated. “All of these were allocated in August 2021 and frequently exchange IPv4 prefixes to bypass blocklisting and sustain their abusive operations.” AS61432 currently announces a single prefix, 185.156.72[.]0/24, while AS210950 has two prefixes: 45.143.201[.]0/24 and 185.193.89[.]0/24. These autonomous systems were allocated in May…

Researchers Raise Alarm Over MystRodX Backdoor Utilizing DNS and ICMP Triggers for Covert Control

Sep 02, 2025 – Cyber Espionage / Network Security

Cybersecurity experts have revealed a new stealthy backdoor named MystRodX, designed to capture sensitive information from compromised systems. According to a report from QiAnXin XLab, “MystRodX is a typical backdoor developed in C++, featuring capabilities such as file management, port forwarding, reverse shell, and socket management.” The report highlights that MystRodX distinguishes itself from standard backdoors through its exceptional stealth and versatility. Also referred to as ChronosRAT, this malware was initially documented by Palo Alto Networks Unit 42 last month, linked to a threat activity cluster named CL-STA-0969, which shows connections to a China-based cyber espionage group called Liminal Panda. Its stealthy nature is enhanced by multiple layers of encryption that obscure both the source code and payloads, while its flexibility allows it to dynamically activate different functionalities based on configuration settings, including the choice between TCP or HTTP for network communication.

Lazarus Group Enhances Malware Toolkit with PondRAT, ThemeForestRAT, and RemotePE

Sep 02, 2025
Malware / Threat Intelligence

The North Korea-linked threat actor, Lazarus Group, has been linked to a social engineering campaign that distributes three new cross-platform malware variants: PondRAT, ThemeForestRAT, and RemotePE. This attack, observed by NCC Group’s Fox-IT in 2024, specifically targeted an organization within the decentralized finance (DeFi) sector, resulting in the breach of an employee’s system.

“As the actor accessed the internal network, they utilized various RATs along with other tools to collect credentials and establish proxy connections,” noted Yun Zheng Hu and Mick Koomen. “Subsequently, the attacker transitioned to a more stealthy RAT, indicating a potential progression in their attack strategy.”

The attack began with the threat actor impersonating a current employee of a trading firm via Telegram and using counterfeit websites resembling Calendly and Picktime to arrange a meeting with the target. Although the initial steps were…

Salesloft Shuts Down Drift Temporarily Following OAuth Token Theft Affecting Numerous Organizations

 
Sep 03, 2025
Data Breach / Threat Intelligence

Salesloft announced on Tuesday the temporary suspension of Drift, slated to occur “in the very near future,” due to an extensive supply chain attack impacting multiple companies. This breach has led to the widespread theft of authentication tokens linked to the marketing software-as-a-service platform. The company stated, “This action will allow us to thoroughly review the application and enhance its resilience and security before restoring full functionality.” Consequently, the Drift chatbot on customer websites will be offline, and Drift itself will not be accessible. Salesloft emphasized its commitment to preserving the integrity and security of its systems and customers’ data, collaborating with cybersecurity partners Mandiant and Coalition as part of their incident response strategy. This announcement follows a disclosure from Google Threat Intelligence Group (GTIG) and Mandiant regarding the ongoing threats.