The attackers leverage Go-based malware, deploying a modular toolkit that includes injectors, loaders, and multiple backdoors.
Lotuslite acts as a backdoor that communicates with command-and-control servers over HTTPS using dynamic DNS services.
The sanctions target Euromore and Pravfond, both accused of spreading narratives that challenge the legitimacy of EU institutions and justifying Russiau2019s war against Ukraine.
Acting as a negotiator for five victim organizations, Angelo Martino shared sensitive details with BlackCat operators, allowing them to extract higher ransom payments.
SystemBC is a malware tool used to establish covert communications and maintain persistence inside compromised networks.
The attackers exploited vulnerabilities in the systemu2019s cross-chain verification layer, known as the Decentralized Verifier Network (DVN).
The US-based firm said the entry point was the compromised Context.ai tool used by an employee.
