4 articles tagged with "Initial Access Broker"
GreyNoise traces Ivanti EPMM exploitation to bulletproof hosting on PROSPERO network. Defenders find dormant webshells—signs of initial access broker activity.
Security researchers expose an active campaign using layered evasion techniques to deliver Remcos RAT through MSBuild abuse and .NET Reactor-protected loaders.
Multi-stage malware campaign uses text-based stagers and living-off-the-land binaries to deliver Remcos RAT to enterprise targets.
GreyNoise researchers uncover coordinated campaign exploiting 767 CVEs across 47 technology stacks. Hong Kong-based infrastructure generated 98% of attack traffic on Christmas Day.