It begins with a Discord user downloading a malicious Python application, Cross-Platform Bridges.zip. Initially, links to the malware were sent to targets via direct message with the malware hosted on Google Drive.

The activities of Sandman suggest espionage motivations, with a focus on telecommunications providers and a potential connection to a private contractor or mercenary group.

The CapraRAT mobile RAT hidden within these YouTube-themed apps gives the attacker control over various data on infected Android devices, including recording audio and video, collecting messages and call logs, and modifying files.

Unlike other recent macOS malware, MetaStealer relies on social engineering tactics to persuade victims to launch malicious payloads, often disguised as legitimate files or software.

A recent investigation by cybersecurity firm SentinelLabs has revealed that North Korean hackers have targeted a Russian missile engineering organization called NPO Mashinostroyeniya.

Analysis of the infrastructure linked to the JumpCloud intrusion reveals patterns consistent with previous DPRK-linked campaigns, highlighting their unique tactics and techniques.

According to SentinelOne researchers, Geacon was a project that first surfaced on GitHub four years ago as a Go implementation of Cobalt Strike Beacon. Despite being widely forked, it was not being deployed against macOS targets until recently.

SentinelLabs has observed ongoing attacks from Kimsuky, a North Korean state-sponsored APT that has a long history of targeting organizations across Asia, North America, and Europe.

SentinelLabs has been tracking a recently disclosed cluster of malicious Office documents that distribute Crimson RAT, used by the APT36 group (aka Transparent Tribe) targeting the education sector.

Recently linked campaigns reveal that Winter Vivern has targeted Polish government agencies, the Ukraine Ministry of Foreign Affairs, the Italy Ministry of Foreign Affairs, and individuals within the Indian government.