VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

OceanLotus deployed SPECTRALVIPER via FireAnt updates — attacks on investors and a construction company

OceanLotus поставлял SPECTRALVIPER через обновления FireAnt — атаки на инвесторов и стройкомпанию

Colleagues, a cybersecurity note: ESET observed OceanLotus campaigns.

Brief
- FireAnt updates (Metakit) delivered SPECTRALVIPER: version.xml lacked integrity checks, allowing a malicious loader to run.
- Access to a Vietnamese construction company (Nov 2024–Feb 2026): DLL side‑loading and injections into OneDrive.Sync.Service.exe.
- Tactics: selective delivery, C2 channels, and a shift toward internal reconnaissance.

Why it matters: unsigned updates and DLL side‑loading bypass defenses and compromise critical systems.

Recommended actions: verify update signatures, enforce integrity checks, detect DLL side‑loading, and patch public MSSQL servers.

Which mitigation should we prioritize?

#cybersecurity #supplychain #APT #detection

Latest comments

No comments yet.