AryStinger Botnet Uses Intranet Scanning and Traffic Tunneling to Hide Attacker Activity
A newly analyzed botnet family, AryStinger, weaponizes long‑neglected routers and NAS appliances to build a stealthy reconnaissance and relay infrastructure ...
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
48 articles found
A newly analyzed botnet family, AryStinger, weaponizes long‑neglected routers and NAS appliances to build a stealthy reconnaissance and relay infrastructure ...
AryStinger hijacks outdated routers via old flaws, turning 4,300+ devices into a stealth network for reconnaissance and intrusion support. On March 12, 2026,...
A new malware family is turning forgotten home routers into a distributed reconnaissance and proxy network, not the DDoS botnet these devices usually end up ...
Azure AD Graph Activity Logs land in Elastic with full ECS parsing. Detect ROADrecon and AADInternals enumeration with ready-to-use detection rules.
A recent engagement demonstrates how persuasive pretexts and careful reconnaissance let attackers bypass technical controls by exploiting human trust at the ...
Two new Ransomware-as-a-Service (RaaS) entrants publicly recruited affiliates, underscoring a rapid reconsolidation of the ransomware market and a sharpening...
Modat has launched native Passive DNS intelligence in Magnify, its internet intelligence platform, unifying IP, device fingerprint, certificate, and passive ...
A botnet made up of compromised small office and Internet of Things devices has grown into a larger reconnaissance network capable of rapidly identifying vul...
JDY botnet scans SOHO/IoT devices globally to map services and targets, especially US military networks. Lumen’s Black Lotus Labs reported the resurgence of ...
A significant resurgence of the JDY botnet, a covert reconnaissance network tied to China-nexus threat activity.
Initially flagged as part of the KV-botnet, JDY has evolved into an independent reconnaissance capability following the U.S.
Cybersecurity researchers have warned of a "resurgence and expansion" of JDY, a covert network associated with China-nexus state-sponsored threat actors.
The JDY botnet, a malware network previously associated with Chinese threat actors like Volt Typhoon, has significantly expanded its targeting scope and reco...
Learn how to investigate AI activity in Microsoft 365 Copilot and Azure AI services using a structured, telemetry-driven approach. This playbook helps securi...
The group is leveraging Telegram to enlist "patriotic volunteers," offering cryptocurrency rewards for participating in various cyber activities, including D...
In this Help Net Security video, Amit Gautam, CTO at Abluva, explains the security risks that autonomous AI agents bring into enterprise environments. He ope...
Reconstructing distributed denial of service (DDoS) attack traffic used to mean combining data from multiple sources after the fact. AWS Shield Advanced atta...
A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details...
Websites have spent years collecting information about visitors through browser fingerprinting, tracking scripts, and other techniques designed to identify d...
A malicious fake RVTools installer is abusing a legitimately issued Sectigo code‑signing certificate to slip past Microsoft Defender SmartScreen and many end...