Sophistication or missed opportunity?
Join Justin Lentz (Solis Security) and Nicole Fishbein (Intezer) at VB2025 in Berlin as they unpack an unusual case of long-term zero-day exploitation.
π Sept 26 | 11:00β11:30 | Green Room
Find out more about this talk πhttps://tinyurl.com/mudadsjb
We are incredibly proud to have assisted Europol πͺπΊ in a global operation against the notorious pro-Russian #hacktivist group #NoName057(16) π₯³
Over the years, NoName057(16) has carried out thousands of #DDoS attacks against websites of western organisations and national critical infrastructure ποΈ , aiming to spread pro-Russian ideology π·πΊ and stir up distrust and uncertainty in the western hemisphere π π΅βπ«
The offenders targeted Ukraine and supporting countries, including many EU Member States. Between 14 and 17 July, a joint international operation, known as Eastwood and coordinated by Europol, targeted the pro-Russian cybercrime network NoName057(16). The actions led to the shutdown of several hundred servers worldwide, while the group's central server infrastructure was taken offline.
2025-07-15 (Tuesday): Tracking #SmartApeSG
The SmartApeSG script injected into page from compromised website leads to #ClickFix style fake verification page. ClickFix-ing you way through this leads to a #NetSupportRAT infection.
Compromised site (same as yesterday):
- medthermography[.]com
URLs for ClickFix style fake verification page:
- warpdrive[.]top/jjj/include.js
- warpdrive[.]top/jjj/index.php?W11WzmLj
- warpdrive[.]top/jjj/buffer.js?409a8bdbd9
Running the script for NetSupport RAT:
- sos-atlanta[.]com/lal.ps1
- sos-atlanta[.]com/lotu.zip?l=4773
#NetSupport RAT server (same as yesterday):
- 185.163.45[.]87:443
Your research deserves a global stage. The Last-Minute CFP is now open!
Weβre excited to open our Call for Last-Minute Papers for hot and emerging topics! Nowβs your chance to share new insights, research, or case studies with the global security community.
π Donβt wait, submit before 24 August
abuse.ch 
Brad