VectorStealer Malware steals Sensitive Information via RDP Hijacking and Phishing Attacks

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary VectorStealer is a malware that steals .rdp files through phishing emails, can be generated for USD 63 in Bitcoin, exfiltrates stolen information through SMTP, Discord, or Telegram, and uses the KGB...

RDPHijack-BOF - Cobalt Strike Beacon Object File (BOF) That Uses WinStationConnect API To Perform Local/Remote RDP Session Hijacking

Cobalt Strike Beacon Object File BOF that uses WinStationConnect API to perform local/remote RDP session hijacking. With a valid access token / kerberos ticket e.g., golden ticket of the session owner, you will be able to hijack the session remotely without dropping any beacon/tool on the target...

Hackers for Hire: Adversaries Employ ‘Cyber Mercenaries’

A for-hire cybercriminal group is feeling the talent-drought in tech just like the rest of the sector and has resorted to recruiting so-called “cyber-mercenaries” to carry out specific illicit hacks that are part of larger criminal campaigns. Dubbed Atlas Intelligence Group A.I.G., the cybergang...

Local Windows Admins Can Hijack Sessions Without Credentials

A researcher has exposed how attackers with local admin privileges could use native command-line Windows tools to hijack other users’ sessions without credentials. Researcher Alexander Korznikov on Friday published a report in which he describes how he could, locally and remotely via Remote Deskt...