command-and-control
-
Kaspersky: Tomiris APT increasingly uses Telegram and Discord as command-and-control channels
Kaspersky researchers reported that the Tomiris threat actor has targeted diplomatic and government entities, increasingly using public services like Telegram and Discord as command-and-control channels and deploying multi-language implants and open-source C2 frameworks.
-
Researchers detail use of Tuoni C2 in attack on U.S. real-estate firm
Researchers said attackers used the Tuoni C2 framework in a mid-October 2025 intrusion attempt against a U.S. real-estate firm, employing social engineering, PowerShell downloaders, BMP steganography and in-memory execution; the campaign was detected and blocked.
-
Kaspersky outlines ‘PassiveNeuron’ campaign using bespoke implants and Cobalt Strike
Kaspersky has reported a sustained espionage campaign named PassiveNeuron that has targeted government, financial and industrial servers across Asia, Africa and Latin America since mid-2024, using bespoke implants Neursite and NeuralExecutor alongside Cobalt Strike; the activity remains unattributed.
