thecyberexpress.com • 6d
Luxembourg State Workstations Targeted by Socgholish, Amadey, and StealC Malware
Luxembourg state workstations were targeted by a coordinated cyber-espionage campaign timed with the nation's National Day. Attackers utilized spear-phishing emails to deploy Socgholish (FakeUpdates) as an initial access broker, which subsequently loaded Amadey for persistence and StealC for credential exfiltration. The infection chain focused on harvesting administrative credentials and government metadata from public sector infrastructure. The campaign was neutralized through a global disruption operation led by Europol in collaboration with GovCERT.lu, CIRCL, and CERT-EU, resulting in the dismantling of the Amadey and StealC command-and-control (C2) infrastructure.
Links:thecyberexpress.com, Ic3, Malwarebytes, Proofpoint, Thehackernews, bleepingcomputer.com, Europol, Bitsight, Hackread, Bitdefender, Techradar, Today, Hcpn, Dexpose, Guichet, Circl, Cert, Securitymadein, Cyfirma, Research, En, Turkiyetoday, Timesofisrael, English, Tbsnews, Thekabultribune, Csis, Jpost, Operation-endgame, Exchange, Security Affairs, Infosecurity-magazine, Cisa, SecurityWeek, Dark Reading •