Capstone Technologies Group

APT37 abusing .LNK files with GitHub-based C2 in targeted campaign against South Korean organizations and supply chain partners. Malicious shortcuts execute PowerShell, deploy XenoRAT for remote access and keylogging. Detection challenge: legitimate GitHub traffic masks command execution. Fortinet researchers identified deliberate targeting of financial services, defense contractors, critical infrastructure handling sensitive government contracts. #APT37...

https://bit.ly/4vdNa42

Apr 6 at 1:38pmSocialPost