top of page
ALL POSTS
Harvester Deploys Linux GoGra Backdoor Across South Asia via Microsoft Graph API
Key Findings Harvester APT group deployed a new Linux variant of GoGra backdoor targeting South Asia, with samples linked to India and Afghanistan Malware abuses Microsoft Graph API and Outlook mailboxes as covert command-and-control infrastructure, bypassing traditional network defenses Linux and Windows versions share nearly identical code and identical developer mistakes, indicating same development team Attack chain uses social engineering to distribute ELF binaries disgu
Apr 233 min read
SystemBC C2 Infrastructure Exposes Over 1,570 Victims Connected to The Gentlemen Ransomware Campaign
Key Findings A compromised SystemBC C2 server linked to The Gentlemen ransomware operation revealed over 1,570 infected corporate networks globally The Gentlemen has claimed more than 320 victims since emerging in July 2025, establishing itself as one of the most prolific ransomware groups The group targets Windows, Linux, NAS, and BSD systems using Go-based encryption and demonstrates sophisticated defense evasion tactics SystemBC establishes SOCKS5 tunnels using custom RC4-
Apr 212 min read
GlassWorm Malware Leverages Solana Blockchain for Command Delivery and Data Exfiltration
Key Findings GlassWorm campaign evolved to deliver multi-stage malware framework with data theft and remote access capabilities Operators use Solana blockchain transactions as dead drop resolvers to hide command-and-control infrastructure Malware includes hardware wallet phishing targeting Ledger and Trezor devices with fake recovery phrase prompts Chrome extension masquerading as "Google Docs Offline" steals browser data, cookies, and monitors cryptocurrency exchange session
Mar 253 min read
bottom of page
