Fake Tech Support Delivers Havoc Command & Control
Essential information
- Published
- 05/03/2026 12:32
- Modified
- 05/03/2026 15:20
- Tags
- 2026-03-05 dll sideloading evasion techniques havoc havoc c2 havoc demon lateral movement remote monitoring tools social engineering syscalls
- Related entities
- 11 observables, 1 techniques (mitre), 2 malware, 6 others
Description
A sophisticated cyber attack campaign combines social engineering and advanced malware techniques. Attackers pose as IT support to gain initial access, then deploy a modified version of the Havoc C2 framework. The malware uses DLL sideloading, indirect syscalls, and custom loaders to evade detection. After compromising the initial system, the attackers rapidly move laterally, establishing persistence through scheduled tasks and legitimate remote monitoring tools. The campaign demonstrates a blend of human-centric initial access methods and advanced technical evasion techniques, highlighting the need for comprehensive security measures spanning user awareness and technical controls.