216.73.217.80

Rainbow Hyena strikes again: new backdoor and shift in tactics

· Published 15/07/2025 20:39 · Modified 16/07/2025 08:15

Export JSON

Essential information

Published
15/07/2025 20:39
Modified
16/07/2025 08:15
Tags
2025-07-15 backdoor lnk files phantomremote phishing rainbow hyena
Related entities
1 intrusion sets (apt), 14 techniques (mitre), 1 malware, 3 others

Description

A new campaign targeting healthcare and IT organizations in Russia has been attributed to the cluster. The attackers used compromised email addresses to distribute malicious attachments, including polyglot files and mimicking legitimate documents. A new custom-built called was identified, capable of system information gathering and command execution. The campaign demonstrates a shift in tactics, with threat actors abandoning traditional malicious documents in favor of alternative formats. The sophistication of the tools and techniques suggests a move towards more conventional illicit activities such as espionage and financial gain.

External references