Our CERT is releasing a new research into UNC2465, a ransomware affiliate actively distributing Qilin across Europe 🇪🇺.

A TLP:RED version of this research was presented during @botconf
2026.

https://www.orangecyberdefense.com/global/blog/cert-news/smoking-out-an-affiliate-smokedham-qilin-a-few-google-ads-and-some-bossware

UNC2465 primarily relies on malvertising to distribute the SmokedHam backdoor. By pivoting on its delivery infrastructure, we identified a large number of spoofed software like RVTools, @hornetsecurity
, Angry IP Scanner, Remote Desktop Manager...

UNC2465 also relies on bossware like ControlioNet and Teramindco to further blend malicious actions with normal activity and avoid detection.

IOCs are available here:

https://github.com/cert-orangecyberdefense/cti/blob/main/smokedham/iocs

#CTI #ThreatIntel #SmokedHam #UNC2465 #ransomware #Qilin #rvtools #bossware

An article written by my colleague, Marine Pichon, I think it is worth a read if your interested by the Qilin ransomware operation.

https://research.cert.orangecyberdefense.com/smokedham/smoking_out_an_affiliate.pdf

#qilin #cti #UNC2465 #ThreatIntel #smokedham

#FoodPic: a simple but hearty specialty of my wife’s home region of #Allgäu in southern #Germany: #HeißeSeelen (literally “hot souls”).

It’s a rich and hearty bread roll called a #Seele, cut in half, spread with #mustard, layered with #smokedham or #Leberkäs and #Bergkäse (#mountaincheese like #Gruyère or #Appenzell) and #onions, then roasted in the oven for a few minutes to melt the #cheese. A tasty and hearty #sandwich!

#cooking #kochen #germanfood #deutscheküche #foodie #food