216.73.217.80

A Deep Dive into Water Arsenal and Infrastructure

· Published 29/03/2025 10:29 · Modified 31/03/2025 10:26

Export JSON

Essential information

Published
29/03/2025 10:29
Modified
31/03/2025 10:26
Tags
2025-03-29 CVE-2025-26633 backdoor c&c darkwisp encrypthub stealer lolbins msc eviltwin powershell rhadamanthys silentprism stealc stealer zero-day
Related entities
1 intrusion sets (apt), 16 techniques (mitre), 5 malware, 3 others

Description

Water Gamayun, a suspected Russian threat actor, exploits the vulnerability () to compromise systems and exfiltrate data. The group uses custom payloads like variants, and backdoors, as well as known malware like and . Their delivery methods include malicious provisioning packages, signed .msi files, and Windows MSC files. The attackers employ techniques such as and encrypted communications to evade detection. Their infrastructure includes C&C servers for managing infected systems and exfiltrating data. The campaign highlights the group's adaptability and sophistication in cyber espionage operations.

External references