Cado Security Labs have identified a Python Remote Access Tool (RAT) named Triton RAT. The open source RAT is available on GitHub and allows users to remotely access and control a system using Telegram. 

As cloud adoption continues to grow, so does the sophistication of cloud-based threats. Cado Security Labs' 2024 Threat Report provides a look at emerging cyber threats, evolving attack techniques, and key vulnerabilities that have been discovered and observed over the past year. Here, we offer a sneak peek into the report’s major findings and what they mean for cloud security.

Cado Security Labs have identified a malware campaign targeting the Royal Thai Police. The campaign uses seemingly legitimate documents with FBI content to deliver a shortcut file that eventually results in Yokai backdoor being executed and persisting on the victim system. The activity observed in this campaign is consistent with the Chinese APT group Mustang Panda.

Endpoint Detection & Response (EDR) is frequently used by organizations as the first line of defense against cyber attacks. EDR platforms monitor organizations’ endpoints (servers, employee laptops, etc) and detect and contain malicious activity running where possible. In this blog, we will be exploring a ransomware attack in a lab environment, using payloads inspired from real attacks.