The Sekoia TDR team detected a sophisticated cyber attack infrastructure named “Cloudflare tunnel infrastructure,” used to deliver remote access trojans, including AsyncRAT, since February 2024. Initiated through a phishing email, the complex multi-step process begins by opening an “application/windows-library+xml” attachment. This activates a connection to a WebDAV resource within Cloudflare, leading to the execution of a deceptive LNK file, evasion of defenses, and persistent malware through the Windows Startup folder.
Hackers Claim To Steal Files From App Used by Trump Adviser
Hackers have reportedly stolen messages from TeleMessage, an app used by Trump’s former national security adviser.
