Abuse of Google Sheets API for stealthy Command and Control (C2)
Use of GRIDTIDE C-based backdoor
AI-augmented vulnerability research (expert persona prompting for binary analysis)
Compromise of web servers and edge systems for initial access
Privilege escalation via xapt binary (masquerading as Debian tool)
SSH lateral movement
Creation of malicious systemd services
URL-safe Base64 encoding for web filtering bypass