Ragnar Loader, also known as Sardonic Backdoor, is a sophisticated malware toolkit used in ransomware attacks by the Monstrous Mantis group (formerly Ragnar Locker). Discovered by security researchers, the malware maintains persistent access to compromised systems, using multi-layered obfuscation and dynamic decryption to challenge traditional security defenses. It utilizes PowerShell-based payloads, process injection strategies for stealthy control, and WMI filters for undetectable, fileless persistence. The loader is part of a toolkit enabling lateral movement and persistence within victim networks.
Lazarus Group Hid Backdoor in Fake npm Packages in Latest Attack
North Korean hacking group Lazarus is exploiting the npm software library through malicious code disguised as legitimate packages. These packages can infiltrate developers’ systems to
