Category: FortiGuard Labs Threat Research

Cyber Fallout After the Strikes: Signal, Noise, and What Comes Next

Following U.S.-Israeli strikes on Iran, FortiGuard Labs has not yet observed large-scale cyber retaliation. However, we observed that regional cyber activity is rising. Organizations should take action to strengthen cyber hygiene, rotate credentials, and reduce exposure.        This article has…

Read more →

Unmasking Agent Tesla: A Deep Dive into a Multi-Stage Campaign

FortiGuard Labs provides a technical breakdown of a multi-stage Agent Tesla campaign, from phishing and encrypted scripts to in-memory execution, process hollowing, and data exfiltration        This article has been indexed from FortiGuard Labs Threat Research Read the original article:…

Read more →

Massive Winos 4.0 Campaigns Target Taiwan

FortiGuard Labs analyzes Winos 4.0 (ValleyRat) campaigns targeting Taiwan, detailing phishing lures, DLL sideloading, BYOVD abuse, and evolving attacker infrastructure        This article has been indexed from FortiGuard Labs Threat Research Read the original article: Massive Winos 4.0 Campaigns Target…

Read more →

Interlock Ransomware: New Techniques, Same Old Tricks

An in-depth analysis of an Interlock ransomware intrusion, detailing new malware tooling, defense evasion techniques, and high-ROI detection strategies.        This article has been indexed from FortiGuard Labs Threat Research Read the original article: Interlock Ransomware: New Techniques, Same Old…

Read more →

Unveiling the Weaponized Web Shell EncystPHP

FortiGuard Labs analyzes EncystPHP, a stealthy web shell exploiting CVE-2025-64328 in FreePBX environments to enable remote command execution, persistence, and long-term system compromise        This article has been indexed from FortiGuard Labs Threat Research Read the original article: Unveiling the…

Read more →

Inside a Multi-Stage Windows Malware Campaign

FortiGuard Labs analysis of a multi-stage Windows malware campaign that abuses trusted platforms to disable defenses, deploy RATs, and deliver ransomware.        This article has been indexed from FortiGuard Labs Threat Research Read the original article: Inside a Multi-Stage Windows…

Read more →

New Remcos Campaign Distributed Through Fake Shipping Document

FortiGuard Labs analyzes a phishing campaign delivering a fileless Remcos RAT via malicious Word templates, CVE-2017-11882 exploitation, and in-memory execution.        This article has been indexed from FortiGuard Labs Threat Research Read the original article: New Remcos Campaign Distributed Through…

Read more →

UDPGangster Campaigns Target Multiple Countries

FortiGuard Labs uncovers UDPGangster campaigns linked to MuddyWater, using macro-laden phishing lures, evasion techniques, and UDP backdoors to target multiple countries        This article has been indexed from FortiGuard Labs Threat Research Read the original article: UDPGangster Campaigns Target Multiple…

Read more →

New eBPF Filters for Symbiote and BPFdoor Malware

FortiGuard Labs discovered new Symbiote and BPFDoor variants exploiting eBPF filters to enhance stealth through IPv6 support, UDP traffic, and dynamic port hopping for covert C2 communication.        This article has been indexed from FortiGuard Labs Threat Research Read the…

Read more →

ShadowV2 Casts a Shadow Over IoT Devices | FortiGuard Lab

ShadowV2, a new Mirai-based botnet targeting IoT devices, surfaced during the recent AWS outage. FortiGuard Labs examines its propagation, DDoS capabilities, and global footprint.        This article has been indexed from FortiGuard Labs Threat Research Read the original article: ShadowV2…

Read more →

Cloud Abuse at Scale

FortiGuard Labs analyzes TruffleNet, a large-scale campaign abusing AWS SES with stolen credentials and linked to Business Email Compromise (BEC).        This article has been indexed from FortiGuard Labs Threat Research Read the original article: Cloud Abuse at Scale

Read more →