Sophisticated malware identified by cybersecurity researchers utilises JScript for its multi-stage attack chain, delivering different malware (either XWorm or Rhadamanthys) depending on the victim’s geographic location. This geolocation-based payload delivery is considered an evolution in targeted malware distribution. The techniques used allow attackers to bypass traditional security systems, with the malware also implementing thorough anti-forensic measures to evade detection.
Leaked KeyPlug Malware Infrastructure Contains Exploit Scripts to Hack Fortinet Firewall and VPN
A server linked to the KeyPlug malware exposed various exploitation tools targeting Fortinet firewalls and VPNs, attributed to the RedGolf threat group. The server revealed
