My colleagues discovered new samples of the custom malware #GraphicalNeutrino and a new strain of malware with very similar characteristics named #GraphicalProton by #BlueBravo (a threat activity overlapping with #APT29 or Midnight Blizzard). For more details, also on how and which legitimate internet services (LIS) are increasingly being abuse, check out the report: https://go.recordedfuture.com/hubfs/reports/cta-2023-0727-1.pdf

My colleagues identified staging infrastructure from #BlueBravo (activity overlapping with #APT29 and NOBELIUM) hosting #GraphicalNeutrino malware within a malicious ZIP file. Besides using a compromised website as part of the lure operation, the use of #Notion for C2 is particularly interesting: https://www.recordedfuture.com/bluebravo-uses-ambassador-lure-deploy-graphicalneutrino-malware