home.social

#lnk — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #lnk, aggregated by home.social.

  1. Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload

    Cloud Atlas APT group targeted government organizations and commercial companies in Russia and Belarus during late 2025 and early 2026, employing phishing campaigns with malicious ZIP archives containing LNK shortcuts. The attackers deployed multiple backdoors including VBCloud for file theft and PowerShower for network reconnaissance. New tools identified include PowerCloud, which exfiltrates data to Google Sheets, and browser checker utilities. The group established persistence through reverse SSH tunnels, patched OpenSSH binaries, ReverseSocks, and Tor networking. Initial infection vectors included malicious shortcuts executing PowerShell scripts and exploiting CVE-2018-0802 in Microsoft Office. The attackers performed credential theft, RDP manipulation via termsrv.dll patching, and lateral movement across networks while maintaining multiple backup control channels.

    Pulse ID: 6a105530af26afbd3752ab81
    Pulse Link: otx.alienvault.com/pulse/6a105
    Pulse Author: AlienVault
    Created: 2026-05-22 13:08:00

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #BackDoor #Belarus #Browser #Cloud #CloudAtlas #CyberSecurity #Google #Government #InfoSec #LNK #Microsoft #MicrosoftOffice #OTX #Office #OpenThreatExchange #Phishing #PowerShell #RAT #RDP #Russia #SSH #ZIP #bot #AlienVault

  2. Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload

    Cloud Atlas APT group targeted government organizations and commercial companies in Russia and Belarus during late 2025 and early 2026, employing phishing campaigns with malicious ZIP archives containing LNK shortcuts. The attackers deployed multiple backdoors including VBCloud for file theft and PowerShower for network reconnaissance. New tools identified include PowerCloud, which exfiltrates data to Google Sheets, and browser checker utilities. The group established persistence through reverse SSH tunnels, patched OpenSSH binaries, ReverseSocks, and Tor networking. Initial infection vectors included malicious shortcuts executing PowerShell scripts and exploiting CVE-2018-0802 in Microsoft Office. The attackers performed credential theft, RDP manipulation via termsrv.dll patching, and lateral movement across networks while maintaining multiple backup control channels.

    Pulse ID: 6a105530af26afbd3752ab81
    Pulse Link: otx.alienvault.com/pulse/6a105
    Pulse Author: AlienVault
    Created: 2026-05-22 13:08:00

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #BackDoor #Belarus #Browser #Cloud #CloudAtlas #CyberSecurity #Google #Government #InfoSec #LNK #Microsoft #MicrosoftOffice #OTX #Office #OpenThreatExchange #Phishing #PowerShell #RAT #RDP #Russia #SSH #ZIP #bot #AlienVault

  3. Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload

    Cloud Atlas APT group targeted government organizations and commercial companies in Russia and Belarus during late 2025 and early 2026, employing phishing campaigns with malicious ZIP archives containing LNK shortcuts. The attackers deployed multiple backdoors including VBCloud for file theft and PowerShower for network reconnaissance. New tools identified include PowerCloud, which exfiltrates data to Google Sheets, and browser checker utilities. The group established persistence through reverse SSH tunnels, patched OpenSSH binaries, ReverseSocks, and Tor networking. Initial infection vectors included malicious shortcuts executing PowerShell scripts and exploiting CVE-2018-0802 in Microsoft Office. The attackers performed credential theft, RDP manipulation via termsrv.dll patching, and lateral movement across networks while maintaining multiple backup control channels.

    Pulse ID: 6a105530af26afbd3752ab81
    Pulse Link: otx.alienvault.com/pulse/6a105
    Pulse Author: AlienVault
    Created: 2026-05-22 13:08:00

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #BackDoor #Belarus #Browser #Cloud #CloudAtlas #CyberSecurity #Google #Government #InfoSec #LNK #Microsoft #MicrosoftOffice #OTX #Office #OpenThreatExchange #Phishing #PowerShell #RAT #RDP #Russia #SSH #ZIP #bot #AlienVault

  4. Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload

    Cloud Atlas APT group targeted government organizations and commercial companies in Russia and Belarus during late 2025 and early 2026, employing phishing campaigns with malicious ZIP archives containing LNK shortcuts. The attackers deployed multiple backdoors including VBCloud for file theft and PowerShower for network reconnaissance. New tools identified include PowerCloud, which exfiltrates data to Google Sheets, and browser checker utilities. The group established persistence through reverse SSH tunnels, patched OpenSSH binaries, ReverseSocks, and Tor networking. Initial infection vectors included malicious shortcuts executing PowerShell scripts and exploiting CVE-2018-0802 in Microsoft Office. The attackers performed credential theft, RDP manipulation via termsrv.dll patching, and lateral movement across networks while maintaining multiple backup control channels.

    Pulse ID: 6a105530af26afbd3752ab81
    Pulse Link: otx.alienvault.com/pulse/6a105
    Pulse Author: AlienVault
    Created: 2026-05-22 13:08:00

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #BackDoor #Belarus #Browser #Cloud #CloudAtlas #CyberSecurity #Google #Government #InfoSec #LNK #Microsoft #MicrosoftOffice #OTX #Office #OpenThreatExchange #Phishing #PowerShell #RAT #RDP #Russia #SSH #ZIP #bot #AlienVault

  5. Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload

    Cloud Atlas APT group targeted government organizations and commercial companies in Russia and Belarus during late 2025 and early 2026, employing phishing campaigns with malicious ZIP archives containing LNK shortcuts. The attackers deployed multiple backdoors including VBCloud for file theft and PowerShower for network reconnaissance. New tools identified include PowerCloud, which exfiltrates data to Google Sheets, and browser checker utilities. The group established persistence through reverse SSH tunnels, patched OpenSSH binaries, ReverseSocks, and Tor networking. Initial infection vectors included malicious shortcuts executing PowerShell scripts and exploiting CVE-2018-0802 in Microsoft Office. The attackers performed credential theft, RDP manipulation via termsrv.dll patching, and lateral movement across networks while maintaining multiple backup control channels.

    Pulse ID: 6a105530af26afbd3752ab81
    Pulse Link: otx.alienvault.com/pulse/6a105
    Pulse Author: AlienVault
    Created: 2026-05-22 13:08:00

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #BackDoor #Belarus #Browser #Cloud #CloudAtlas #CyberSecurity #Google #Government #InfoSec #LNK #Microsoft #MicrosoftOffice #OTX #Office #OpenThreatExchange #Phishing #PowerShell #RAT #RDP #Russia #SSH #ZIP #bot #AlienVault

  6. Operation Dragon Whistle: UNG002 Targets Chinese Academia via Weaponized Institutional Lure

    A sophisticated spear-phishing campaign designated Operation Dragon Whistle has been identified targeting Changzhou University in China. The threat actor UNG002 leveraged highly contextual social engineering by impersonating official university communications regarding mandatory 2026 National Student Physical Fitness and Health Standards testing, which directly impacts graduation eligibility. The attack chain begins with a weaponized ZIP file containing a malicious LNK file disguised as a PDF document. Upon execution, it triggers a VBScript that simultaneously displays a legitimate-looking decoy document while deploying a multi-stage infection chain involving DLL sideloading via Bandizip.exe, anti-debugging techniques, and ultimately delivering a Cobalt Strike Beacon payload entirely in memory. The campaign demonstrates advanced evasion capabilities and utilizes Chinese cloud infrastructure hosted on Alibaba Cloud for command and control operations.

    Pulse ID: 6a0db1f45208b8cf1b2b1571
    Pulse Link: otx.alienvault.com/pulse/6a0db
    Pulse Author: AlienVault
    Created: 2026-05-20 13:07:00

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #China #Chinese #Cloud #CobaltStrike #CyberSecurity #InfoSec #LNK #OTX #OpenThreatExchange #PDF #Phishing #RAT #SideLoading #SocialEngineering #SpearPhishing #VBS #ZIP #bot #AlienVault

  7. I am far more saddened by this news than is rational. I wish McGinnis and Cameron the very best, and thank both for making "Cameron the Capitol Cat" a thing. #LNK

    Cameron the Capitol Cat bids farewell to constituents, retreats to private life: nebraskapublicmedia.org/en/new

  8. Python Backdoor Threat Analysis Following an AI Deepfake Impersonation Campaign

    A sophisticated campaign linked to APT37 delivers Python-based backdoors through spear-phishing emails containing malicious LNK files disguised as legitimate documents. Attackers use themes including airline e-tickets, North Korea research invitations, and impersonation of defense and police officials to induce execution. The LNK files employ environment variable-based obfuscation techniques to download additional BAT files, which establish a Python runtime environment and execute compiled Python bytecode disguised with .cat extensions. The malware functions as a remote command execution backdoor, communicating with C2 servers to receive commands and exfiltrate results. Persistence is maintained through scheduled tasks executing at one-minute intervals. The campaign shows strong tactical similarities to previous APT37 operations, including infrastructure patterns, script obfuscation methods, and the abuse of legitimate tools.

    Pulse ID: 6a04a9a090a64de310cb0568
    Pulse Link: otx.alienvault.com/pulse/6a04a
    Pulse Author: AlienVault
    Created: 2026-05-13 16:41:04

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #APT37 #BackDoor #CyberSecurity #Email #InfoSec #Korea #LNK #Malware #NorthKorea #OTX #OpenThreatExchange #Phishing #Python #RAT #RemoteCommandExecution #SpearPhishing #bot #AlienVault

  9. Python Backdoor Threat Analysis Following an AI Deepfake Impersonation Campaign

    A sophisticated campaign linked to APT37 delivers Python-based backdoors through spear-phishing emails containing malicious LNK files disguised as legitimate documents. Attackers use themes including airline e-tickets, North Korea research invitations, and impersonation of defense and police officials to induce execution. The LNK files employ environment variable-based obfuscation techniques to download additional BAT files, which establish a Python runtime environment and execute compiled Python bytecode disguised with .cat extensions. The malware functions as a remote command execution backdoor, communicating with C2 servers to receive commands and exfiltrate results. Persistence is maintained through scheduled tasks executing at one-minute intervals. The campaign shows strong tactical similarities to previous APT37 operations, including infrastructure patterns, script obfuscation methods, and the abuse of legitimate tools.

    Pulse ID: 6a04a9a090a64de310cb0568
    Pulse Link: otx.alienvault.com/pulse/6a04a
    Pulse Author: AlienVault
    Created: 2026-05-13 16:41:04

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #APT37 #BackDoor #CyberSecurity #Email #InfoSec #Korea #LNK #Malware #NorthKorea #OTX #OpenThreatExchange #Phishing #Python #RAT #RemoteCommandExecution #SpearPhishing #bot #AlienVault

  10. Python Backdoor Threat Analysis Following an AI Deepfake Impersonation Campaign

    A sophisticated campaign linked to APT37 delivers Python-based backdoors through spear-phishing emails containing malicious LNK files disguised as legitimate documents. Attackers use themes including airline e-tickets, North Korea research invitations, and impersonation of defense and police officials to induce execution. The LNK files employ environment variable-based obfuscation techniques to download additional BAT files, which establish a Python runtime environment and execute compiled Python bytecode disguised with .cat extensions. The malware functions as a remote command execution backdoor, communicating with C2 servers to receive commands and exfiltrate results. Persistence is maintained through scheduled tasks executing at one-minute intervals. The campaign shows strong tactical similarities to previous APT37 operations, including infrastructure patterns, script obfuscation methods, and the abuse of legitimate tools.

    Pulse ID: 6a04a9a090a64de310cb0568
    Pulse Link: otx.alienvault.com/pulse/6a04a
    Pulse Author: AlienVault
    Created: 2026-05-13 16:41:04

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #APT37 #BackDoor #CyberSecurity #Email #InfoSec #Korea #LNK #Malware #NorthKorea #OTX #OpenThreatExchange #Phishing #Python #RAT #RemoteCommandExecution #SpearPhishing #bot #AlienVault

  11. Python Backdoor Threat Analysis Following an AI Deepfake Impersonation Campaign

    A sophisticated campaign linked to APT37 delivers Python-based backdoors through spear-phishing emails containing malicious LNK files disguised as legitimate documents. Attackers use themes including airline e-tickets, North Korea research invitations, and impersonation of defense and police officials to induce execution. The LNK files employ environment variable-based obfuscation techniques to download additional BAT files, which establish a Python runtime environment and execute compiled Python bytecode disguised with .cat extensions. The malware functions as a remote command execution backdoor, communicating with C2 servers to receive commands and exfiltrate results. Persistence is maintained through scheduled tasks executing at one-minute intervals. The campaign shows strong tactical similarities to previous APT37 operations, including infrastructure patterns, script obfuscation methods, and the abuse of legitimate tools.

    Pulse ID: 6a04a9a090a64de310cb0568
    Pulse Link: otx.alienvault.com/pulse/6a04a
    Pulse Author: AlienVault
    Created: 2026-05-13 16:41:04

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #APT37 #BackDoor #CyberSecurity #Email #InfoSec #Korea #LNK #Malware #NorthKorea #OTX #OpenThreatExchange #Phishing #Python #RAT #RemoteCommandExecution #SpearPhishing #bot #AlienVault

  12. Python Backdoor Threat Analysis Following an AI Deepfake Impersonation Campaign

    A sophisticated campaign linked to APT37 delivers Python-based backdoors through spear-phishing emails containing malicious LNK files disguised as legitimate documents. Attackers use themes including airline e-tickets, North Korea research invitations, and impersonation of defense and police officials to induce execution. The LNK files employ environment variable-based obfuscation techniques to download additional BAT files, which establish a Python runtime environment and execute compiled Python bytecode disguised with .cat extensions. The malware functions as a remote command execution backdoor, communicating with C2 servers to receive commands and exfiltrate results. Persistence is maintained through scheduled tasks executing at one-minute intervals. The campaign shows strong tactical similarities to previous APT37 operations, including infrastructure patterns, script obfuscation methods, and the abuse of legitimate tools.

    Pulse ID: 6a04a9a090a64de310cb0568
    Pulse Link: otx.alienvault.com/pulse/6a04a
    Pulse Author: AlienVault
    Created: 2026-05-13 16:41:04

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #APT37 #BackDoor #CyberSecurity #Email #InfoSec #Korea #LNK #Malware #NorthKorea #OTX #OpenThreatExchange #Phishing #Python #RAT #RemoteCommandExecution #SpearPhishing #bot #AlienVault

  13. LNK — это гораздо больше, чем просто ярлык к файлу

    Вы всегда знаете, что скрывается за простым ярлыком? Почему злоумышленники часто используют вредоносные ярлыки для заражения? Сегодня попытаемся разобраться, почему и как простой ярлык может привести к компрометации, как исследовать такие подозрительные файлы и почему эту угрозу так сложно устранить.

    habr.com/ru/companies/angarase

    #LNK #Windows #уязвимости #ZeroClick #информация_безопасность #исследование

  14. LNK — это гораздо больше, чем просто ярлык к файлу

    Вы всегда знаете, что скрывается за простым ярлыком? Почему злоумышленники часто используют вредоносные ярлыки для заражения? Сегодня попытаемся разобраться, почему и как простой ярлык может привести к компрометации, как исследовать такие подозрительные файлы и почему эту угрозу так сложно устранить.

    habr.com/ru/companies/angarase

    #LNK #Windows #уязвимости #ZeroClick #информация_безопасность #исследование

  15. LNK — это гораздо больше, чем просто ярлык к файлу

    Вы всегда знаете, что скрывается за простым ярлыком? Почему злоумышленники часто используют вредоносные ярлыки для заражения? Сегодня попытаемся разобраться, почему и как простой ярлык может привести к компрометации, как исследовать такие подозрительные файлы и почему эту угрозу так сложно устранить.

    habr.com/ru/companies/angarase

    #LNK #Windows #уязвимости #ZeroClick #информация_безопасность #исследование

  16. LNK — это гораздо больше, чем просто ярлык к файлу

    Вы всегда знаете, что скрывается за простым ярлыком? Почему злоумышленники часто используют вредоносные ярлыки для заражения? Сегодня попытаемся разобраться, почему и как простой ярлык может привести к компрометации, как исследовать такие подозрительные файлы и почему эту угрозу так сложно устранить.

    habr.com/ru/companies/angarase

    #LNK #Windows #уязвимости #ZeroClick #информация_безопасность #исследование

  17. The new election stickers are awesome. Kudos to the Lancaster County Election Commission for kicking the sticker tradition up a notch. #LNK

  18. I heard that Norris Public Schools put out an alert about a traffic tie-up on S. 68th Street due to an "unsanctioned senior prank". Apparently kids met in Hickman and rode their bikes the 4 miles to school. Bravo, kids. Bravo. #LNK #shareTheRoad

  19. Operation GriefLure: Dissecting an APT Campaign Targeting Vietnam's Military Telecom & Philippine Healthcare

    A sophisticated spear phishing campaign dubbed Operation GriefLure targeted senior executives of Viettel Group, Vietnam's largest military-owned telecommunications provider, and St. Luke's Medical Center in the Philippines. The operation weaponized authentic legal documents from a genuine data breach dispute involving a Vietnamese citizen and Viettel, alongside fabricated whistleblower complaints targeting Philippine healthcare administrators. Attackers delivered malicious Windows LNK files within nested RAR archives, abusing native ftp.exe as a Living-off-the-Land dropper. Upon execution, the payload assembled polymorphic implants directly on disk from chunked .doc files, establishing persistence while displaying legitimate decoy PDFs. The malware enabled remote access through process injection, credential harvesting from browsers and remote access tools, screenshot capture, and file exfiltration via HTTPS C2 communication to infrastructure hosted on bulletproof Hong Kong servers.

    Pulse ID: 69fc841d0cbc4c199d708315
    Pulse Link: otx.alienvault.com/pulse/69fc8
    Pulse Author: AlienVault
    Created: 2026-05-07 12:22:53

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Browser #CredentialHarvesting #CyberSecurity #DataBreach #HTTP #HTTPS #Healthcare #HongKong #InfoSec #LNK #Malware #Military #OTX #OpenThreatExchange #PDF #Philippines #Phishing #RAT #SpearPhishing #Telecom #Telecommunication #UK #Vietnam #Windows #bot #AlienVault

  20. Operation GriefLure: Dissecting an APT Campaign Targeting Vietnam's Military Telecom & Philippine Healthcare

    A sophisticated spear phishing campaign dubbed Operation GriefLure targeted senior executives of Viettel Group, Vietnam's largest military-owned telecommunications provider, and St. Luke's Medical Center in the Philippines. The operation weaponized authentic legal documents from a genuine data breach dispute involving a Vietnamese citizen and Viettel, alongside fabricated whistleblower complaints targeting Philippine healthcare administrators. Attackers delivered malicious Windows LNK files within nested RAR archives, abusing native ftp.exe as a Living-off-the-Land dropper. Upon execution, the payload assembled polymorphic implants directly on disk from chunked .doc files, establishing persistence while displaying legitimate decoy PDFs. The malware enabled remote access through process injection, credential harvesting from browsers and remote access tools, screenshot capture, and file exfiltration via HTTPS C2 communication to infrastructure hosted on bulletproof Hong Kong servers.

    Pulse ID: 69fc841d0cbc4c199d708315
    Pulse Link: otx.alienvault.com/pulse/69fc8
    Pulse Author: AlienVault
    Created: 2026-05-07 12:22:53

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Browser #CredentialHarvesting #CyberSecurity #DataBreach #HTTP #HTTPS #Healthcare #HongKong #InfoSec #LNK #Malware #Military #OTX #OpenThreatExchange #PDF #Philippines #Phishing #RAT #SpearPhishing #Telecom #Telecommunication #UK #Vietnam #Windows #bot #AlienVault

  21. Operation GriefLure: Dissecting an APT Campaign Targeting Vietnam's Military Telecom & Philippine Healthcare

    A sophisticated spear phishing campaign dubbed Operation GriefLure targeted senior executives of Viettel Group, Vietnam's largest military-owned telecommunications provider, and St. Luke's Medical Center in the Philippines. The operation weaponized authentic legal documents from a genuine data breach dispute involving a Vietnamese citizen and Viettel, alongside fabricated whistleblower complaints targeting Philippine healthcare administrators. Attackers delivered malicious Windows LNK files within nested RAR archives, abusing native ftp.exe as a Living-off-the-Land dropper. Upon execution, the payload assembled polymorphic implants directly on disk from chunked .doc files, establishing persistence while displaying legitimate decoy PDFs. The malware enabled remote access through process injection, credential harvesting from browsers and remote access tools, screenshot capture, and file exfiltration via HTTPS C2 communication to infrastructure hosted on bulletproof Hong Kong servers.

    Pulse ID: 69fc841d0cbc4c199d708315
    Pulse Link: otx.alienvault.com/pulse/69fc8
    Pulse Author: AlienVault
    Created: 2026-05-07 12:22:53

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Browser #CredentialHarvesting #CyberSecurity #DataBreach #HTTP #HTTPS #Healthcare #HongKong #InfoSec #LNK #Malware #Military #OTX #OpenThreatExchange #PDF #Philippines #Phishing #RAT #SpearPhishing #Telecom #Telecommunication #UK #Vietnam #Windows #bot #AlienVault

  22. Operation GriefLure: Dissecting an APT Campaign Targeting Vietnam's Military Telecom & Philippine Healthcare

    A sophisticated spear phishing campaign dubbed Operation GriefLure targeted senior executives of Viettel Group, Vietnam's largest military-owned telecommunications provider, and St. Luke's Medical Center in the Philippines. The operation weaponized authentic legal documents from a genuine data breach dispute involving a Vietnamese citizen and Viettel, alongside fabricated whistleblower complaints targeting Philippine healthcare administrators. Attackers delivered malicious Windows LNK files within nested RAR archives, abusing native ftp.exe as a Living-off-the-Land dropper. Upon execution, the payload assembled polymorphic implants directly on disk from chunked .doc files, establishing persistence while displaying legitimate decoy PDFs. The malware enabled remote access through process injection, credential harvesting from browsers and remote access tools, screenshot capture, and file exfiltration via HTTPS C2 communication to infrastructure hosted on bulletproof Hong Kong servers.

    Pulse ID: 69fc841d0cbc4c199d708315
    Pulse Link: otx.alienvault.com/pulse/69fc8
    Pulse Author: AlienVault
    Created: 2026-05-07 12:22:53

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Browser #CredentialHarvesting #CyberSecurity #DataBreach #HTTP #HTTPS #Healthcare #HongKong #InfoSec #LNK #Malware #Military #OTX #OpenThreatExchange #PDF #Philippines #Phishing #RAT #SpearPhishing #Telecom #Telecommunication #UK #Vietnam #Windows #bot #AlienVault

  23. Operation GriefLure: Dissecting an APT Campaign Targeting Vietnam's Military Telecom & Philippine Healthcare

    A sophisticated spear phishing campaign dubbed Operation GriefLure targeted senior executives of Viettel Group, Vietnam's largest military-owned telecommunications provider, and St. Luke's Medical Center in the Philippines. The operation weaponized authentic legal documents from a genuine data breach dispute involving a Vietnamese citizen and Viettel, alongside fabricated whistleblower complaints targeting Philippine healthcare administrators. Attackers delivered malicious Windows LNK files within nested RAR archives, abusing native ftp.exe as a Living-off-the-Land dropper. Upon execution, the payload assembled polymorphic implants directly on disk from chunked .doc files, establishing persistence while displaying legitimate decoy PDFs. The malware enabled remote access through process injection, credential harvesting from browsers and remote access tools, screenshot capture, and file exfiltration via HTTPS C2 communication to infrastructure hosted on bulletproof Hong Kong servers.

    Pulse ID: 69fc841d0cbc4c199d708315
    Pulse Link: otx.alienvault.com/pulse/69fc8
    Pulse Author: AlienVault
    Created: 2026-05-07 12:22:53

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Browser #CredentialHarvesting #CyberSecurity #DataBreach #HTTP #HTTPS #Healthcare #HongKong #InfoSec #LNK #Malware #Military #OTX #OpenThreatExchange #PDF #Philippines #Phishing #RAT #SpearPhishing #Telecom #Telecommunication #UK #Vietnam #Windows #bot #AlienVault

  24. When was the last time any of y'all saw Cameron? #LNK

  25. There are, as of this moment, over 175 open worker slots for the Tuesday, May 12 Primary Election in #LNK / Lancaster County. Please consider serving your community. It's not volunteer work -- it's paid! And your job is required to give you leave.

    lancaster.ne.gov/347/Election-

  26. Analysis of Attack Activities Using SSH+TOR Tunnels to Achieve Covert Persistence

    APT-C-13 (Sandworm), also known as FROZENBARENTS, is a state-sponsored advanced persistent threat group conducting global cyber espionage operations. The organization recently deployed malicious campaigns using nested SSH and TOR tunnel infrastructure to establish covert remote access channels. Attackers distribute ZIP archives containing weaponized LNK files via spearphishing emails, which extract and execute payloads that create scheduled tasks disguised as legitimate software. The attack establishes dual-encrypted anonymous tunnels using obfs4 protocol to bypass deep packet inspection, while mapping sensitive ports (SMB/445, RDP/3389) to Onion domains for persistent backdoor access. The campaign leverages sophisticated anti-analysis techniques including sandbox detection, file disguise, and process masquerading to evade detection and maintain long-term unauthorized control over compromised systems for intelligence collection.

    Pulse ID: 69f1f50a5410ca637c84368c
    Pulse Link: otx.alienvault.com/pulse/69f1f
    Pulse Author: AlienVault
    Created: 2026-04-29 12:09:46

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #BackDoor #CyberSecurity #Email #Espionage #InfoSec #LNK #OTX #Onion #OpenThreatExchange #Phishing #RAT #RDP #SMB #SSH #Sandworm #SpearPhishing #Worm #ZIP #bot #AlienVault

  27. Analysis of Attack Activities Using SSH+TOR Tunnels to Achieve Covert Persistence

    APT-C-13 (Sandworm), also known as FROZENBARENTS, is a state-sponsored advanced persistent threat group conducting global cyber espionage operations. The organization recently deployed malicious campaigns using nested SSH and TOR tunnel infrastructure to establish covert remote access channels. Attackers distribute ZIP archives containing weaponized LNK files via spearphishing emails, which extract and execute payloads that create scheduled tasks disguised as legitimate software. The attack establishes dual-encrypted anonymous tunnels using obfs4 protocol to bypass deep packet inspection, while mapping sensitive ports (SMB/445, RDP/3389) to Onion domains for persistent backdoor access. The campaign leverages sophisticated anti-analysis techniques including sandbox detection, file disguise, and process masquerading to evade detection and maintain long-term unauthorized control over compromised systems for intelligence collection.

    Pulse ID: 69f1f50a5410ca637c84368c
    Pulse Link: otx.alienvault.com/pulse/69f1f
    Pulse Author: AlienVault
    Created: 2026-04-29 12:09:46

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #BackDoor #CyberSecurity #Email #Espionage #InfoSec #LNK #OTX #Onion #OpenThreatExchange #Phishing #RAT #RDP #SMB #SSH #Sandworm #SpearPhishing #Worm #ZIP #bot #AlienVault

  28. Analysis of Attack Activities Using SSH+TOR Tunnels to Achieve Covert Persistence

    APT-C-13 (Sandworm), also known as FROZENBARENTS, is a state-sponsored advanced persistent threat group conducting global cyber espionage operations. The organization recently deployed malicious campaigns using nested SSH and TOR tunnel infrastructure to establish covert remote access channels. Attackers distribute ZIP archives containing weaponized LNK files via spearphishing emails, which extract and execute payloads that create scheduled tasks disguised as legitimate software. The attack establishes dual-encrypted anonymous tunnels using obfs4 protocol to bypass deep packet inspection, while mapping sensitive ports (SMB/445, RDP/3389) to Onion domains for persistent backdoor access. The campaign leverages sophisticated anti-analysis techniques including sandbox detection, file disguise, and process masquerading to evade detection and maintain long-term unauthorized control over compromised systems for intelligence collection.

    Pulse ID: 69f1f50a5410ca637c84368c
    Pulse Link: otx.alienvault.com/pulse/69f1f
    Pulse Author: AlienVault
    Created: 2026-04-29 12:09:46

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #BackDoor #CyberSecurity #Email #Espionage #InfoSec #LNK #OTX #Onion #OpenThreatExchange #Phishing #RAT #RDP #SMB #SSH #Sandworm #SpearPhishing #Worm #ZIP #bot #AlienVault

  29. Analysis of Attack Activities Using SSH+TOR Tunnels to Achieve Covert Persistence

    APT-C-13 (Sandworm), also known as FROZENBARENTS, is a state-sponsored advanced persistent threat group conducting global cyber espionage operations. The organization recently deployed malicious campaigns using nested SSH and TOR tunnel infrastructure to establish covert remote access channels. Attackers distribute ZIP archives containing weaponized LNK files via spearphishing emails, which extract and execute payloads that create scheduled tasks disguised as legitimate software. The attack establishes dual-encrypted anonymous tunnels using obfs4 protocol to bypass deep packet inspection, while mapping sensitive ports (SMB/445, RDP/3389) to Onion domains for persistent backdoor access. The campaign leverages sophisticated anti-analysis techniques including sandbox detection, file disguise, and process masquerading to evade detection and maintain long-term unauthorized control over compromised systems for intelligence collection.

    Pulse ID: 69f1f50a5410ca637c84368c
    Pulse Link: otx.alienvault.com/pulse/69f1f
    Pulse Author: AlienVault
    Created: 2026-04-29 12:09:46

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #BackDoor #CyberSecurity #Email #Espionage #InfoSec #LNK #OTX #Onion #OpenThreatExchange #Phishing #RAT #RDP #SMB #SSH #Sandworm #SpearPhishing #Worm #ZIP #bot #AlienVault

  30. Analysis of Attack Activities Using SSH+TOR Tunnels to Achieve Covert Persistence

    APT-C-13 (Sandworm), also known as FROZENBARENTS, is a state-sponsored advanced persistent threat group conducting global cyber espionage operations. The organization recently deployed malicious campaigns using nested SSH and TOR tunnel infrastructure to establish covert remote access channels. Attackers distribute ZIP archives containing weaponized LNK files via spearphishing emails, which extract and execute payloads that create scheduled tasks disguised as legitimate software. The attack establishes dual-encrypted anonymous tunnels using obfs4 protocol to bypass deep packet inspection, while mapping sensitive ports (SMB/445, RDP/3389) to Onion domains for persistent backdoor access. The campaign leverages sophisticated anti-analysis techniques including sandbox detection, file disguise, and process masquerading to evade detection and maintain long-term unauthorized control over compromised systems for intelligence collection.

    Pulse ID: 69f1f50a5410ca637c84368c
    Pulse Link: otx.alienvault.com/pulse/69f1f
    Pulse Author: AlienVault
    Created: 2026-04-29 12:09:46

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #BackDoor #CyberSecurity #Email #Espionage #InfoSec #LNK #OTX #Onion #OpenThreatExchange #Phishing #RAT #RDP #SMB #SSH #Sandworm #SpearPhishing #Worm #ZIP #bot #AlienVault

  31. Attack Activity Analysis Using SSH+TOR Tunnels for Covert Persistence

    APT-C-13 (Sandworm), also known as FROZENBARENTS, is a state-sponsored advanced persistent threat group conducting global cyber espionage targeting government agencies, diplomatic departments, energy enterprises, and research organizations. Recently detected samples reveal the group's use of nested SSH and TOR tunnel architecture to establish covert communication channels. The attack begins with spear-phishing emails delivering malicious LNK files disguised as PDF documents. Upon execution, the payload deploys TOR hidden services mapping internal ports (SMB/445, RDP/3389) to onion domains, while SSH services with public key authentication provide encrypted remote access. The malware employs obfs4 protocol to obfuscate TOR traffic, evading deep packet inspection. Persistence is achieved through scheduled tasks masquerading as legitimate applications like Opera GX and Dropbox, establishing an anonymous shadow management infrastructure for sustained intelligence collection.

    Pulse ID: 69f06b1eeeb1fca735cb0bb8
    Pulse Link: otx.alienvault.com/pulse/69f06
    Pulse Author: AlienVault
    Created: 2026-04-28 08:09:02

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #Dropbox #Email #Espionage #Government #InfoSec #LNK #Malware #OTX #Onion #OpenThreatExchange #Opera #PDF #Phishing #RDP #SMB #SSH #Sandworm #SpearPhishing #Worm #bot #AlienVault

  32. Attack Activity Analysis Using SSH+TOR Tunnels for Covert Persistence

    APT-C-13 (Sandworm), also known as FROZENBARENTS, is a state-sponsored advanced persistent threat group conducting global cyber espionage targeting government agencies, diplomatic departments, energy enterprises, and research organizations. Recently detected samples reveal the group's use of nested SSH and TOR tunnel architecture to establish covert communication channels. The attack begins with spear-phishing emails delivering malicious LNK files disguised as PDF documents. Upon execution, the payload deploys TOR hidden services mapping internal ports (SMB/445, RDP/3389) to onion domains, while SSH services with public key authentication provide encrypted remote access. The malware employs obfs4 protocol to obfuscate TOR traffic, evading deep packet inspection. Persistence is achieved through scheduled tasks masquerading as legitimate applications like Opera GX and Dropbox, establishing an anonymous shadow management infrastructure for sustained intelligence collection.

    Pulse ID: 69f06b1eeeb1fca735cb0bb8
    Pulse Link: otx.alienvault.com/pulse/69f06
    Pulse Author: AlienVault
    Created: 2026-04-28 08:09:02

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #Dropbox #Email #Espionage #Government #InfoSec #LNK #Malware #OTX #Onion #OpenThreatExchange #Opera #PDF #Phishing #RDP #SMB #SSH #Sandworm #SpearPhishing #Worm #bot #AlienVault

  33. Attack Activity Analysis Using SSH+TOR Tunnels for Covert Persistence

    APT-C-13 (Sandworm), also known as FROZENBARENTS, is a state-sponsored advanced persistent threat group conducting global cyber espionage targeting government agencies, diplomatic departments, energy enterprises, and research organizations. Recently detected samples reveal the group's use of nested SSH and TOR tunnel architecture to establish covert communication channels. The attack begins with spear-phishing emails delivering malicious LNK files disguised as PDF documents. Upon execution, the payload deploys TOR hidden services mapping internal ports (SMB/445, RDP/3389) to onion domains, while SSH services with public key authentication provide encrypted remote access. The malware employs obfs4 protocol to obfuscate TOR traffic, evading deep packet inspection. Persistence is achieved through scheduled tasks masquerading as legitimate applications like Opera GX and Dropbox, establishing an anonymous shadow management infrastructure for sustained intelligence collection.

    Pulse ID: 69f06b1eeeb1fca735cb0bb8
    Pulse Link: otx.alienvault.com/pulse/69f06
    Pulse Author: AlienVault
    Created: 2026-04-28 08:09:02

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #Dropbox #Email #Espionage #Government #InfoSec #LNK #Malware #OTX #Onion #OpenThreatExchange #Opera #PDF #Phishing #RDP #SMB #SSH #Sandworm #SpearPhishing #Worm #bot #AlienVault

  34. Attack Activity Analysis Using SSH+TOR Tunnels for Covert Persistence

    APT-C-13 (Sandworm), also known as FROZENBARENTS, is a state-sponsored advanced persistent threat group conducting global cyber espionage targeting government agencies, diplomatic departments, energy enterprises, and research organizations. Recently detected samples reveal the group's use of nested SSH and TOR tunnel architecture to establish covert communication channels. The attack begins with spear-phishing emails delivering malicious LNK files disguised as PDF documents. Upon execution, the payload deploys TOR hidden services mapping internal ports (SMB/445, RDP/3389) to onion domains, while SSH services with public key authentication provide encrypted remote access. The malware employs obfs4 protocol to obfuscate TOR traffic, evading deep packet inspection. Persistence is achieved through scheduled tasks masquerading as legitimate applications like Opera GX and Dropbox, establishing an anonymous shadow management infrastructure for sustained intelligence collection.

    Pulse ID: 69f06b1eeeb1fca735cb0bb8
    Pulse Link: otx.alienvault.com/pulse/69f06
    Pulse Author: AlienVault
    Created: 2026-04-28 08:09:02

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #Dropbox #Email #Espionage #Government #InfoSec #LNK #Malware #OTX #Onion #OpenThreatExchange #Opera #PDF #Phishing #RDP #SMB #SSH #Sandworm #SpearPhishing #Worm #bot #AlienVault

  35. Attack Activity Analysis Using SSH+TOR Tunnels for Covert Persistence

    APT-C-13 (Sandworm), also known as FROZENBARENTS, is a state-sponsored advanced persistent threat group conducting global cyber espionage targeting government agencies, diplomatic departments, energy enterprises, and research organizations. Recently detected samples reveal the group's use of nested SSH and TOR tunnel architecture to establish covert communication channels. The attack begins with spear-phishing emails delivering malicious LNK files disguised as PDF documents. Upon execution, the payload deploys TOR hidden services mapping internal ports (SMB/445, RDP/3389) to onion domains, while SSH services with public key authentication provide encrypted remote access. The malware employs obfs4 protocol to obfuscate TOR traffic, evading deep packet inspection. Persistence is achieved through scheduled tasks masquerading as legitimate applications like Opera GX and Dropbox, establishing an anonymous shadow management infrastructure for sustained intelligence collection.

    Pulse ID: 69f06b1eeeb1fca735cb0bb8
    Pulse Link: otx.alienvault.com/pulse/69f06
    Pulse Author: AlienVault
    Created: 2026-04-28 08:09:02

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #Dropbox #Email #Espionage #Government #InfoSec #LNK #Malware #OTX #Onion #OpenThreatExchange #Opera #PDF #Phishing #RDP #SMB #SSH #Sandworm #SpearPhishing #Worm #bot #AlienVault

  36. Same Suspect Linked to Pair of Lincoln Business Burglaries | KLIN

    Lincoln Police believe one man is responsible for two business burglaries early April 15. Officers first responded to…
    #UnitedStates #US #USA #america #business #Huskers #lincoln #LNK #Nebraska #News #radio #unitedstatesofamerica
    europesays.com/2933201/

  37. I'm going to need an electrician for a couple projects around the house in the near future. Any recommendations, #LNK?

  38. It's great that #LNK is giving folks more options for selling and purchasing food. This latest news instantly made me think of Grillwalker. Do you remember him? He sold German-style brats outside The Cookie Company 25ish years ago. I loved that man's sausage.

    nebraskapublicmedia.org/es/new

  39. There are some new signs restricting on-street parking near the Capitol. They are common sense restrictions that should have been in place long ago, but they will likely catch folks off guard. Pay attention! That "lucky find" may now be an illegal parking spot. #LNK

  40. I am not sure what is up with our local #GamesWorkshop Warhammer store. I have stopped by during posted business hours 4 times, and they were closed each time. The signage had different explanations: vacation, illness, training, etc.

    I am sure GW wants my money. What gives?

    #LNK #Warhammer #BloodBowl

  41. I'm surprised I haven't heard more of a fuss about this proposal to allow non-residents to vote in #LNK elections. It's an astonishing empowerment of mostly white, wealthy people over city residents who are more likely to be not those two things. nebraskaexaminer.com/2026/03/2