Notable Threat Actor Activity

  • TAG-140, a threat group linked to Pakistan, has been observed targeting Indian government, defence, and rail sectors using a modified version of the DRAT remote access trojan (DRAT V2). The campaign involves spear-phishing and the deployment of the new RAT variant for persistent access and data exfiltration.

Trends, Tools, or Tactics of Interest

  • The Caracal rootkit, written in Rust and leveraging eBPF, has been released for stealthy post-exploitation. Caracal enables the hiding of BPF programs, maps, and processes on compromised systems, enhancing evasion capabilities for attackers and red teamers.
  • Analysis of SSH and Telnet honeypot data has revealed attackers experimenting with new and varied usernames in brute-force attempts, indicating ongoing evolution in credential-stuffing tactics.
  • The Flipper Zero device continues to demonstrate a wide range of offensive security capabilities, including RFID/NFC cloning, signal replay attacks, and wireless protocol analysis, maintaining its popularity among both security professionals and hobbyists.