🚀 CloudSEK has raised $19M Series B1 Round – Powering the Future of Predictive Cybersecurity
CATEGORIES

Adversary Intelligence

Articles in Blog Posts

October 14, 2025

An Insider Look At The IRGC-linked APT35 Operations: Ep3 - Malware Arsenal & Tooling

APT35 (Charming Kitten) operates a professional malware ecosystem featuring Saqeb System and RAT-2AC2 RATs, custom webshells, and FUD-tested modules. The group’s C2 uses TOR, multi-hop relays, and encrypted traffic for persistence and stealth. Targeting airlines, law enforcement, and regional infrastructure (2022-2025), it links cyber operations to IRGC geopolitical objectives

Written by

Koushik Pal

October 7, 2025

An Insider Look At The IRGC-linked APT35 Operations: Ep1 & Ep2

CloudSEK’s TRIAD team analyzed leaked internal documents from Iran-linked APT35 (Charming Kitten), revealing its structure, tools, and espionage operations. The group—tied to the IRGC—targeted government, legal, energy, and financial sectors across the Middle East, U.S., and Asia through phishing, CVE exploits, and supply-chain attacks. The leak exposes Iran’s organized cyber-espionage network capable of long-term persistence, data theft, and national security risks

Written by

Koushik Pal

September 25, 2025

Botnet Loader-as-a-Service Infrastructure Distributing RondoDoX and Mirai Payloads

CloudSEK uncovered a large-scale Loader-as-a-Service botnet distributing RondoDoX, Mirai, and Morte payloads through SOHO routers, IoT devices, and enterprise apps. Exploiting weak credentials, unsanitized inputs, and old CVEs, the campaign surged 230% in mid-2025, weaponizing compromised devices for cryptomining, DDoS, and enterprise intrusions. With rapid infrastructure rotation and multi-architecture malware, the threat is evolving fast—making early detection and defense critical

Written by

Koushik Pal

September 5, 2025

Threat Actors Impersonate Microsoft Teams To Deliver Odyssey macOS Stealer Via Clickfix

Threat actors are exploiting a fake Microsoft Teams download site to deliver the Odyssey macOS stealer via Clickfix. Once executed, the malware harvests credentials, cookies, Apple Notes, and crypto wallets, exfiltrating data to a C2 server before ensuring persistence through LaunchDaemons and even replacing Ledger Live with a trojanized version. The campaign poses severe risks of credential theft, financial loss, and long-term reinfection.

Written by

Koushik Pal

August 31, 2025

Racing Into Danger: Advanced Cyber Threats Targeting Formula 1 Fans and Teams Ahead of the Dutch Grand Prix

Cybercriminals are targeting Formula 1 fans and teams ahead of the Dutch Grand Prix on August 31, 2025, with advanced threats including AI deepfakes impersonating executives, malicious F1 mobile apps, fake hospitality packages, crypto/NFT scams, and telemetry data theft. Fraudsters exploit regulatory gaps and fan demand for tickets, travel, and streaming. CloudSEK urges fans to use official sources and teams to strengthen verification, monitoring, and cybersecurity measures.

Written by

Varun Ajmera

August 27, 2025

Ganesh Chaturthi Online Scams: How Cybercriminals Exploit Festive Offers

As Ganesh Chaturthi approaches, cybercriminals exploit festive cheer with fake offers, including sham idols, prizes, and fraudulent loans. These scams spread through social media and phishing websites, targeting Indian consumers. Read the full report to learn how to identify these threats and protect your money and data this festival season.

Written by

Mayank Sahariya

Articles in Threat Intelligence

November 15, 2023

Critical CSRF Vulnerability in IBM CICS TX - CVE-2023-42027 Demands Immediate Action

CVE-2023-42027 IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multi platforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts

November 6, 2023

CVE-2023-43792 baserCMS is a website development framework vulnerable to Code Injection attacks

CVE-2023-43792 is a code injection vulnerability in the mail form of baserCMS versions 4.6.0 to 4.7.6. This vulnerability allows an attacker to inject arbitrary code into the baserCMS application, which could then be executed by other users of the application.

November 6, 2023

CVE-2023-4197 Vulnerability in Dolibarr ERP CRM 18.0.1 Allows PHP Code Injection

CVE-2023-4197 Improper input validation in Dolibarr ERP CRM v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code

September 8, 2023

Hoze shell script dropped along with XMRig miners on misconfigured SSH Servers by Brute Forcing

CloudSEK’s Threat Intelligence Team uncovered a campaign, actively running from the past 1.8 years, that attacks and brute forces the SSH. 

September 4, 2023

3,20,000+ Patient Records From Ayush Jharkhand Gov. In Shared On Dark Web Hacking Forums

A hacker known as Tanaka has exposed over 320,000 patient records from ayush.jharkhand.gov.in, detailing personal and medical information. The 7.3 MB database leak includes sensitive data from the AYUSH ministry's site

August 28, 2023

Rogue Scripts Are Exploiting OTP Verification APIs To Send Heaps of OTP SMSes, Hold The Potential Of Triggering Service Disruptions.

Discover how CloudSEK's AI-powered XVigil platform identified concerning GitHub repositories mentioning Indian companies and their APIs.

Join 10,000+ subscribers

Keep up with the latest news about strains of Malware, Phishing Lures,
Indicators of Compromise, and Data Leaks.