Threat Research

    Stealth in Layers: Unmasking the Loader Used in Targeted Email Campaigns

    Our labs are tracking a sophisticated commodity loader used by multiple advanced threat actors. The campaign shows strong regional and sector focus, targeting Manufacturing and Government entities. Affected regions include Italy, Finland, and Saudi Arabia. Attackers use multiple infection vectors, such as weaponized Office files, malicious SVGs, and ZIPs with LNK shortcuts....
    12/25/2025  0
    Read More »

    Uncovering a Multi-Stage Phishing Kit Targeting Italy's Infrastructure

    A highly automated, multi-stage phishing kit has been uncovered impersonating the major Italian IT provider Aruba S.p.A., a company central to Italy’s digital infrastructure. The kit uses CAPTCHA filtering, data pre-filling, and Telegram-based exfiltration to steal credentials and payment information efficiently and stealthily....
    11/19/2025  0
    Read More »

    Analysis of Remcos RAT Deployed in Italy with a GLS-themed ClickFix Campaign

    A GLS-themed ClickFix social-engineering campaign in Italy delivered the Remcos RAT by tricking users into manually running malicious commands. ClickFix campaigns have risen over the past year because manual execution helps attackers evade AV, sandbox, and EDR detection....
    11/12/2025  0
    Read More »

    Multilayered Email Attack: How a PDF Invoice and Geo-Fencing Led to RAT Malware

    The IR team recently identified a new email campaign distributing a Remote Access Trojan (RAT) targeting organizations in Spain, Italy, and Portugal. The attackers use the serviciodecorreo email service, which is authorized for multiple domains and passes SPF checks....
    5/9/2025  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.