Since at least July 2023, a threat group tracked as CL-CRI-1014 has been targeting financial institutions across Africa. These attackers use open-source tools like PoshC2, Chisel, and Classroom Spy to establish remote access and create communication tunnels. They forge file signatures by mimicking legitimate software to evade detection....