Ransomware Group AtomSilo Returns After 5 Year Absence

I'd like to thank my coauthors Adrian Schipor, Victor Vrabie, Marius Baciu, and Martin Zugec for their invaluable contributions to this research. 

TL;DR - The "Korean Leaks" campaign showcases a sophisticated supply chain attack against South Korea's financial sector. This operation combined the capabilities of a major Ransomware-as-a-Service (RaaS) group, Qilin, with potential involvement from North Korean state-affiliated actors (Moonstone Sleet) leveraging Managed Service Provider (MSP) compromise as the initial access vector. 

I'd like to thank my coauthors Adrian Schipor and Martin Zugec for their invaluable contributions to this research. 

I'd like to thank my coauthors, Victor Vrabie, Adrian Schipor, and Martin Zugec, for their invaluable contributions to this research. TL;DR A Chinese APT group compromised a Philippine military company using a new, fileless malware framework called EggStreme. This multi-stage toolset achieves persistent, low-profile espionage by injecting malicious code directly into memory and leveraging DLL sideloading to execute payloads. The core component, EggStremeAgent, is a full-featured backdoor that enables extensive system reconnaissance, lateral movement, and data theft via an injected keylogger.