GroupAttribution unconfirmed. Infrastructure overlap identified with a March 2026 fake FileZilla distribution campaign. C2 domain first observed November 2025. Campaign tagged internally as "CityOfSin".TypeSupply Chain Attack / Remote Access Trojan / BackdoorMalwareSTX RAT (classified as Backdoor.Win64.Alien by Kaspersky) — a multi-stage, memory-resident remote access trojan with credential theft,