Deno
-
LeakNet adopts ClickFix via compromised websites and runs Deno in memory
ReliaQuest’s technical report says LeakNet now uses ClickFix fake CAPTCHA pages on compromised sites to trick users and a Deno-based in-memory loader. Post-compromise steps include DLL side-loading, PsExec lateral movement and S3 exfiltration.
-
Iran-linked MuddyWater embeds Dindoor backdoor in multiple U.S. corporate networks
Iran-linked MuddyWater deployed a Dindoor backdoor across multiple U.S. corporate networks, including banks and an airport, and used cloud utilities in suspected data exfiltration attempts, with success unconfirmed.
