Cybersec Sentinel - Cybersec Sentinel

Cybersec Sentinel

Cybersec Sentinel: 30+ years of IT expertise, delivering clear, actionable cyber security insights.

Sindoor Dropper Phishing Exploits Linux Desktop Files for Persistent Remote Control

Sindoor Dropper Phishing Exploits Linux Desktop Files for Persistent Remote Control

Threat Group: Transparent Tribe / APT36 / Mythic Leopard / G0134 Threat Type: Targeted phishing dropper, Linux desktop shortcut abuse, remote administration tool deployment, cyber espionage Exploited Vulnerabilities: No public CVE exploitation confirmed. Abuse of Linux .desktop launcher behaviour, user execution, weak attachment controls, and trusted cloud storage delivery. Malware Used: Sindoor Dropper

ScarCruft and RokRAT Pose High Threat to Government and Academia

ScarCruft and RokRAT Pose High Threat to Government and Academia

Threat Group: ScarCruft / APT37 / Reaper / Red Eyes Threat Type: Advanced Persistent Threat (APT), Remote‑Access Trojan (RAT), Espionage and Ransomware Exploited Vulnerabilities: CVE‑2017‑8291 (Encapsulated PostScript vulnerability in Hangul Word Processor), CVE‑2024‑38178 (Internet Explorer mode of Microsoft Edge), vulnerabilities in Hancom Office; exploitation of Windows LNK files,

Fileless MixShell Malware Delivered Through Web Forms and Cloud Services

Fileless MixShell Malware Delivered Through Web Forms and Cloud Services

Threat Group: Unknown actor with possible overlaps to the UNK_GreenSec cybercriminal cluster Threat Type: Social engineering phishing campaign delivering a fileless, in memory backdoor Exploited Vulnerabilities: No software vulnerabilities exploited. The threat abuses web "Contact Us" forms, trusted cloud storage and user trust to bypass email gateways

Skype Delivered SCR and PIF Files Deploy GodRAT Malware in Financial Campaigns

Skype Delivered SCR and PIF Files Deploy GodRAT Malware in Financial Campaigns

Threat Group: Winnti (APT41) – suspected attribution based on code lineage and targeting Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Social engineering via Skype delivering malicious .SCR and .PIF files containing steganographic shellcode in JPEGs and DLL sideloading Malware Used: GodRAT – evolution of Gh0st RAT and AwesomePuppet, featuring plugin-based architecture

Microsoft 365 Exchange Online Direct Send exploited for internal phishing campaigns

Microsoft 365 Exchange Online Direct Send exploited for internal phishing campaigns

Threat Group: Opportunistic and financially motivated actors targeting multiple sectors Threat Type: Phishing and email infrastructure abuse Exploited Vulnerabilities: Abuse of Microsoft 365 Exchange Online Direct Send feature; implicit trust of unauthenticated internal-looking emails; weak or unenforced SPF, DKIM, and DMARC Malware Used: None required for initial access; follow-on payloads

Charon ransomware adopts APT style tactics to target Middle East public sector and aviation

Charon ransomware adopts APT style tactics to target Middle East public sector and aviation

Threat Group: Suspected China linked Earth Baxia affiliate or imitator Threat Type: Ransomware Exploited Vulnerabilities: None confirmed. Suspected spear phishing and DLL sideloading Malware Used: Ransom.Win64.CHARON.THGBCBE Threat Score: 🔴 High (7.5/10) – Advanced persistent threat style capabilities, targeted operations, destructive behaviours, and potential state alignment Last Threat

PXA Stealer Malware Uses Trusted Cloud Services to Exfiltrate Government and Education Credentials

PXA Stealer Malware Uses Trusted Cloud Services to Exfiltrate Government and Education Credentials

Threat Group: Vietnamese-speaking cybercrime actors (possible overlap with CoralRaider) Threat Type: Python-based Information Stealer (Infostealer) Exploited Vulnerabilities: DLL sideloading, phishing ZIP archives, abuse of legitimate cloud services (Cloudflare Workers, Dropbox) Malware Used: PXA Stealer Threat Score: 🔥 Critical (9.0/10) – Due to advanced evasion, large-scale credential theft, and abuse of

Gamaredon Revives Remcos RAT in Fileless LNK Shortcut Attacks

Gamaredon Revives Remcos RAT in Fileless LNK Shortcut Attacks

$Threat Group: Gamaredon (a.k.a. Primitive Bear, UAC‑0010/UAC‑0184, Hive0156) Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: LNK shortcut execution, mshta abuse, PowerShell scripting, DLL sideloading Malware Used: Remcos RAT v6.0.0 Pro Threat Score: 🔴 High (7.5/10) – Due to fileless in-memory execution, sophisticated

Koske AI generated malware hides in panda images to mine cryptocurrency

Koske AI generated malware hides in panda images to mine cryptocurrency

Koske AI generated malware hides in panda images to mine cryptocurrency Threat actor: Unknown – opportunistic attackers exploiting misconfigured JupyterLab servers Threat type: AI‑assisted Linux malware for cryptomining Exploited weakness: Unauthenticated and misconfigured JupyterLab server exposure Malware used: Koske (rootkit and shell script), with associated miners such as ccminer Last

SquidLoader Reemerges with Stealth Upgrades in APAC Financial Attacks

SquidLoader Reemerges with Stealth Upgrades in APAC Financial Attacks

Threat Group: Unknown (APT-level sophistication suspected) Threat Type: Loader / Malware-as-a-Service (MaaS) Exploited Vulnerabilities: No specific CVE; exploits social engineering and security evasion Malware Used: SquidLoader, Cobalt Strike Beacon Threat Score: 🔴 High (8.4/10) – Highly evasive loader, zero-detection rate at launch, APT-style tradecraft, and persistent access via Cobalt Strike Last