ChaosBot surfaced in late September 2025 as a sophisticated Rust-based backdoor targeting enterprise networks. Initial investigations revealed that threat actors gained entry by exploiting compromised CiscoVPN credentials coupled with over-privileged Active Directory service accounts. Once inside, ChaosBot was stealthily deployed via side-loading techniques using the legitimate Microsoft Edge component identity_helper.exe from the C:\Users\Public\Libraries directory. The […]
The post New Chaosbot Leveraging CiscoVPN and Active Directory Passwords to Execute Network Commands appeared first on Cyber Security News.
This article has been indexed from Cyber Security News
Read the original article: