The Trigona threat actor continues to target MS-SQL servers through brute-force and dictionary attacks, exploiting weak credentials. They use CLR Shell for additional payloads and employ various tools like BCP, Curl, Bitsadmin, and PowerShell to install malware. The attackers utilize remote control tools such as AnyDesk, RDP, and possibly Teramind. New scanner malware written in Rust targets RDP and MS-SQL services. The threat actor also uses tools like SpeedTest and a custom StressTester. Various privilege escalation and file manipulation tools are employed. To protect against these attacks, administrators should use complex passwords, regularly update security software, and implement firewalls to control access to database servers.