Read all Blogs from this Author
CloudSEK uncovered a surge in Iran-linked cyberattacks targeting Israel and its allies. Groups like APT42, APT34, MuddyWater, and hacktivist Handala are conducting espionage, data theft, and DDoS attacks. These actors use phishing, credential theft, and stealthy tools to infiltrate sensitive sectors. CloudSEK advises organizations to patch vulnerabilities, monitor DNS traffic, and enforce zero-trust security policies.
A fileless AsyncRAT campaign is targeting German-speaking users via a fake “I’m not a robot” prompt that executes malicious PowerShell code. Delivered through Clickfix-themed sites, it abuses system utilities to load obfuscated C# code in memory, enabling full remote access and credential theft. It persists via registry keys and communicates with a C2 server on port 4444. Organizations should block suspicious PowerShell activity and scan memory for threats.
Read all Whitepapers and reports from this Author
Read all knowledge base articles from this Author