ALL POSTS

Key Findings DKnife is a Linux-based toolkit used since 2019 to hijack router traffic and deliver malware in cyber-espionage attacks The toolkit is designed for deep packet inspection, traffic manipulation, credential harvesting, and malware delivery DKnife has been linked to China-nexus threat actors with high confidence The toolkit targets Chinese-speaking users, stealing credentials from Chinese services and popular Chinese apps DKnife hijacks software downloads and Androi

Key Findings: Ongoing campaign targeting Indian users with a multi-stage backdoor as part of a suspected cyber espionage operation Phishing emails impersonating the Income Tax Department of India to trick victims into downloading a malicious archive Malware known as Blackmoon (aka KRBanker) and a legitimate enterprise tool called SyncFuture TSM used as the final payload Sophisticated attack involving anti-analysis, privilege escalation, DLL sideloading, commercial-tool repurp