PRO version should also randomly pick tactics from the MITRE ATT&CK framework for a given threat actor 😅

ESET Protect process tree visualization showing the execution chain of the Axios supply-chain compromise on Windows.

ESET Inspect killed the Axios compromise execution chain on Windows straight out-of-the-box. Renaming PowerShell is a terrible tradecraft if it was intended as EDR evasion. "Renamed PowerShell Execution [D0411]" is a simple yet solid EDR indicator.

#BREAKING #ESETresearch provides technical details on #DynoWiper, a data‑wiping malware used in a data‑destruction incident on December 29, 2025, affecting a company in Poland’s energy sector. www.welivesecurity.com/en/eset-rese... 1/5

LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan ESET researchers discovered a China-aligned APT group, LongNosedGoblin, which uses Group Policy to deploy cyberespionage tools across networks of governmental institutions.

#ESETresearch has discovered a new 🇨🇳-aligned APT group, #LongNosedGoblin. This group focuses on cyberespionage and targets mainly governmental entities in Southeast Asia and Japan. www.welivesecurity.com/en/eset-rese... 1/7

#ESETresearch discovered unique toolset, QuietEnvelope, targeting the MailGates email protection system of Taiwanesw co OpenFind. The toolset was uploaded in an archive, named spam_log.7z, to VirusTotal from Taiwan. It contains Perl scripts, 3 stealthy backdoors, argument runner, and misc files. 1/8

#ESETresearch has identified two campaigns targeting Android users in the 🇦🇪. The campaigns, which are still ongoing, distribute previously undocumented spyware impersonating #Signal and #ToTok via deceptive websites. www.welivesecurity.com/en/eset-rese... 1/6

#ESETresearch has discovered #HybridPetya ransomware on VirusTotal: a UEFI-compatible copycat of the infamous Petya/NotPetya malware. HybridPetya is capable of bypassing UEFI Secure Boot on outdated systems. www.welivesecurity.com/en/eset-rese... 1/8

#ESETResearch has discovered the first known AI-powered ransomware, which we named #PromptLock. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes 1/7

Bootkitty: Analyzing the first UEFI bootkit for Linux ESET's discovery of the first UEFI bootkit designed for Linux sendss an important message: UEFI bootkits are no longer confined to Windows systems alone.

#ESETresearch reveals the first Linux UEFI bootkit, Bootkitty. It disables kernel signature verification and preloads two ELFs unknown during our analysis. Also discovered, a possibly related unsigned LKM – both were uploaded to VT early this month. www.welivesecurity.com/en/eset-rese... 🧵

RomCom exploits Firefox and Windows zero days in the wild ESET Research details the analysis of a previously unknown vulnerability in Mozilla products exploited in the wild and another previously unknown Microsoft Windows vulnerability, combined in a zero-cl...

#ESETresearch discovered an #exploit targeting Firefox and Windows zero days, used in the wild by Russia-aligned #RomCom. Browsing a specially crafted web page runs arbitrary code with the privileges of the user, compromising the PC. www.welivesecurity.com/en/eset-rese...

The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access In early February 2022, notably just ahead of the Russian invasion of Ukraine, Volexity made a discovery that led to one of the most fascinating and complex incident investigations Volexity had ever w...

@volexity.com’s latest blog post describes in detail how a Russian APT used a new attack technique, the “Nearest Neighbor Attack”, to leverage Wi-Fi networks in close proximity to the intended target while the attacker was halfway around the world. 
 
Read more here: www.volexity.com/blog/2024/11...

BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA In July 2024, Volexity identified exploitation of a zero-day credential disclosure vulnerability in Fortinet’s Windows VPN client that allowed credentials to be stolen from the memory of the client’s ...

@volexity.bsky.social has published a blog post detailing variants of LIGHTSPY & DEEPDATA malware discovered in the summer of 2024, including exploitation of a vulnerability in FortiClient to extract credentials from memory. Read more here: www.volexity.com/blog/2024/11...