C2 - Cybersec Sentinel

C2

A collection of 3 posts

React2Shell exploited to deploy EtherRAT across cloud servers

React2Shell exploited to deploy EtherRAT across cloud servers

Threat Group – DPRK linked operators with overlaps to earlier blockchain focused campaigns and China nexus groups exploiting React2Shell in parallel for other payloads Threat Type – Remote access trojan deployed through a critical web application remote code execution vulnerability Exploited Vulnerabilities – CVE-2025-55182 React2Shell unsafe deserialisation in the React Server Components Flight

Browser Notification Hijack via Matrix Push C2

Browser Notification Hijack via Matrix Push C2

Threat Group – Crimeware cluster similar to UNC5142 access brokers and web compromise crews using Matrix Push C2 Threat Type – Browser based C2 platform, phishing delivery system and malware loader sold as a MaaS service Exploited Vulnerabilities – Abuse of W3C Push API, Service Workers, notification prompts, clipboard and Run dialog through

Xillen Stealer v5 Advanced Credential Theft and Loader Platform

Xillen Stealer v5 Advanced Credential Theft and Loader Platform

Threat Group – Xillen Killers Threat Type – Information stealer and loader operating under a Malware as a Service model Exploited Vulnerabilities – Social engineering and opportunistic scanning for unpatched versions of Cisco AnyConnect, OpenVPN, FortiClient and Pulse Secure in order to access cached credentials Malware Used – Xillen Stealer version five using a