216.73.217.80

CPU-Z & HWMonitor, cpuid.com, Watering Hole Attack

· Published 13/04/2026 08:47 · Modified 13/04/2026 09:16

Export JSON

Essential information

Published
13/04/2026 08:47
Modified
13/04/2026 09:16
Tags
2026-04-13 cpu-z cpuid.com cryptbase.dll dll sideloading hwmonitor stx rat supply chain compromise watering hole attack
Related entities
16 observables, 20 techniques (mitre), 2 malware, 11 others

Description

On April 9, 2026, the website was compromised in a lasting approximately 19 hours. Download URLs for legitimate system administration tools , , Pro, and Perfmonitor 2 were replaced with links to malicious sites distributing trojanized versions. The malicious installers contained legitimate signed executables paired with DLL files named that exploited for C2 communication and payload delivery. Attackers reused infrastructure and code from a March 2026 fake FileZilla campaign, including the as the final payload. Over 150 victims were identified globally, primarily individuals but including organizations in retail, manufacturing, consulting, telecommunications and agriculture sectors. The attack demonstrated poor operational security with reused indicators enabling rapid detection.

External references