In November 2024, Microsoft Incident Response researchers uncovered a novel remote access trojan (RAT) they named StilachiRAT that demonstrates sophisticated techniques to evade detection, persist in the target environment, and exfiltrate sensitive data.
Analysis of the StilachiRAT’s WWStartupCtrl64.dll module that contains the RAT capabilities revealed the use of various methods to steal information from the target system, such as credentials stored in the browser, digital wallet information, data stored in the clipboard, as well as system information. Microsoft has not yet attributed StilachiRAT to a specific threat actor or geolocation. Based on Microsoft’s current visibility, the malware does not exhibit widespread distribution at this time.
Read more…
Source: Microsoft
Related:
- Cloud Atlas activity in the first half of 2025: what changed
December 19, 2025
Known since 2014, the Cloud Atlas group targets countries in Eastern Europe and Central Asia. Infections occur via phishing emails containing a malicious document that exploits an old vulnerability in the Microsoft Office Equation Editor process (CVE-2018-0802) to download and execute malicious code. In this report, Kaspersky researchers describe the infection chain and tools that the ...
- CVE-2025-37164: Critical unauthenticated RCE affecting Hewlett Packard Enterprise OneView
December 19, 2025
On December 17, 2025, Hewlett Packard Enterprise (HPE) published an advisory for CVE-2025-37164, a CVSS 10.0 vulnerability in HPE OneView. The vulnerability, which was reported to HPE by security researcher Nguyen Quoc Khanh, facilitates unauthenticated remote code execution (RCE) on versions of HPE OneView before 11.0. Defenders are advised to prioritize upgrading to version 11.0 ...
- CISA and Partners Release Update to Malware Analysis Report BRICKSTORM Backdoor
December 19, 2025
Today, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency, and Canadian Centre for Cyber Security released an update to the Malware Analysis Report BRICKSTORM Backdoor with indicators of compromise (IOCs) and detection signatures for additional BRICKSTORM samples. This update provides information on additional samples, including Rust-based samples. These samples demonstrate advanced persistence and defense ...
- UK Foreign Office was victim of cyberattack
December 19, 2025
The UK Foreign Office was hacked in October, a minister has admitted, raising fears that thousands of confidential documents and data may have been compromised. While ministers are “pretty confident” that visa applicants’ details have not been accessed, they have admitted that they are not confident about the identity of the hacker. Sources told The Sun ...
- FBI: Senior U.S. Officials Continue to be Impersonated in Malicious Messaging Campaign
December 19, 2025
This is an update to Public Service Announcement I-051525-PSA, released May 15, 2025, which can be found here. Activity dating back to 2023 reveals malicious actors have impersonated senior U.S. state government, White House, and Cabinet level officials, as well as members of Congress to target individuals, including officials’ family members and personal acquaintances. If ...
- Police arrest suspect over Microsoft 365 cyber attack
December 19, 2025
The Nigeria Police Force National Cybercrime Centre (NPF-NCCC) has apprehended a suspected cyber fraudster linked to coordinated attacks on Microsoft 365 email platforms used by corporate organisations. The arrest followed an intelligence-led investigation triggered by credible information from Microsoft Corporation in the United States, conveyed through the Federal Bureau of Investigation (FBI). The intelligence exposed the ...