In fall 2024, UNK_CraftyCamel leveraged a compromised Indian electronics company to target fewer than five organizations in the United Arab Emirates with a malicious ZIP file that leveraged multiple polyglot files to eventually install a custom Go backdoor dubbed Sosano.
Proofpoint uses the UNK_ designator to define clusters of activity that are still developing and have not been observed enough to receive a numerical TA designation. Delivery and infection chain analysis In late October 2024, UNK_CraftyCamel actors leveraged access to a compromised email account belonging to the Indian electronics company INDIC Electronics to send malicious email messages. The emails contained URLs pointing to the actor-controlled domain indicelectronics[.]net, which mimics the legitimate INDIC electronics domain.
Read more…
Source: Proofpoint
Related:
- Google Releases Security Update for Chrome
November 18, 2025
Google has released security updates for Chrome to address two high severity vulnerabilities in the V8 JavaScript engine. CVE-2025-13223 – Type Confusion in V8 – High severity – Google is aware an exploit exists in the wild. CVE-2025-13224 – Type Confusion in V8 – High severity Read more… Source: NHS Digital Sign up for the Cyber Security Review Newsletter The latest ...
- Digital Doppelgangers: Anatomy of Evolving Impersonation Campaigns Distributing Gh0st RAT
November 14, 2025
Palo Alto Unit 42 researchers have identified two interconnected malware campaigns active throughout 2025, using large-scale brand impersonation to deliver Gh0st remote access Trojan (RAT) variants to Chinese-speaking users. From the first campaign to the second, the adversary advanced from simple droppers to complex, multi-stage infection chains that misuse legitimate, signed software to bypass modern defenses. ...
- Fortinet Releases Security Advisory for Relative Path Traversal Vulnerability Affecting FortiWeb Products
November 14, 2025
CISA is aware of exploitation of a newly disclosed vulnerability, CVE-2025-64446, in Fortinet FortiWeb, a web application firewall. This vulnerability affects the following FortiWeb versions:1 8.0.0 through 8.0.1 7.6.0 through 7.6.4 7.4.0 through 7.4.9 7.2.0 through 7.2.11 7.0.0 through 7.0.11 CVE-2025-64446 is a relative path traversal vulnerability CWE-23: Relative Path Traversal that may allow an unauthenticated ...
- Threat Landscape of the Building and Construction Sector Part Two: Ransomware
November 14, 2025
The construction sector is increasingly vulnerable to ransomware attacks in 2025 due to its complex ecosystem and distinctive operational challenges. Construction projects typically involve a web of contractors, subcontractors, suppliers, and consultants, collaborating through shared digital platforms and exchanging sensitive documents such as blueprints, contracts, and timelines. While essential for project delivery, this interconnectedness creates numerous ...
- Uncovering a Multi-Stage Phishing Kit Targeting Italy’s Infrastructure
November 13, 2025
Phishing remains one of the most persistent and adaptive threats in cybersecurity. It is common and widespread for cybercriminals to impersonate reputable IT companies in phishing campaigns, exploiting the trust these brands have built and thus targeting both affected companies and their customers. What began as simple social engineering has matured into a complex criminal economy ...
- Europol: End of the game for cybercrime infrastructure: 1025 servers taken down
November 13, 2025
Between 10 and 13 November 2025, the latest phase of Operation Endgame was coordinated from Europol’s headquarters in The Hague. The actions targeted one of the biggest infostealers Rhadamanthys, the Remote Access Trojan VenomRAT, and the botnet Elysium, all of which played a key role in international cybercrime. Authorities took down these three large cybercrime enablers. ...