Trusted DesignActivity involving BlueHammer, RedSun, and UnDefend tooling from the Nightmare-Eclipse proof-of-concept repository was observed during a live intrusion investigation. The malicious binaries were staged in user-writable directories including Pictures and Downloads folders, with execution attempts failing despite hands-on-keyboard reconnaissance activities. The threat actor demonstrated unfamiliarity with the tools, misspelling command parameters and attempting non-functional flags. Initial access was traced to compromised FortiGate SSL VPN credentials, with connections originating from Russia, Singapore, and Switzerland. A Go-based tunneling agent dubbed BeigeBurrow was deployed for persistent access, beaconing to attacker infrastructure over port 443 using HashiCorp's yamux library for multiplexed reverse tunneling capabilities.
Created: 2026-04-21
Indicatorsは見つかっていない。
類似するPulseは見つかりませんでした。
事実ベースの脅威アクターは見つかりませんでした。
推論ベースの脅威アクターは見つかりませんでした。
このPulseに見つかったCVEはありません。