CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

TA415 (APT41) Abuses Velociraptor Forensic Tool for C2 Tunneling via Visual Studio Code

First reported
Last updated
2 unique sources, 2 articles

Summary

Hide ▲

Unknown threat actors, identified as TA415 (APT41), deployed the open-source Velociraptor forensic tool to download and execute Visual Studio Code, likely for command-and-control (C2) tunneling. The attack leveraged legitimate software and Windows utilities to minimize malware deployment and maintain a foothold in the target environment. The attackers used Cloudflare Workers domains for staging and additional payloads, and the incident highlights the evolving tactics of threat actors using legitimate tools for malicious purposes. The attack began with the use of the Windows msiexec utility to download an MSI installer from a Cloudflare Workers domain. Velociraptor was then used to establish contact with another Cloudflare Workers domain, facilitating the download and execution of Visual Studio Code with tunneling capabilities. This allowed for remote access and code execution, potentially leading to further malicious activities such as ransomware deployment. The phishing campaign targeted US government, think tank, and academic organizations involved in US-China relations, economic policy, and international trade. The attackers impersonated the US-China Business Council and John Moolenaar, Chair of the Select Committee on Strategic Competition between the US and the Chinese Communist Party. The phishing messages contained links to password-protected archives hosted on cloud services, which included a shortcut (LNK) file and a hidden subfolder. Launching the LNK file executed a batch script that downloaded the VSCode Command Line Interface (CLI) from Microsoft’s servers, created a scheduled task for persistence, and established a VS Code remote tunnel authenticated via GitHub. The script also collected system information and the contents of various user directories, sending it to the attackers.

Timeline

  1. 17.09.2025 15:59 1 articles · 6mo ago

    TA415 Conducts Phishing Campaign Impersonating US Lawmaker

    The phishing campaign targeted US government, think tank, and academic organizations involved in US-China relations, economic policy, and international trade. The attackers impersonated the US-China Business Council and John Moolenaar, Chair of the Select Committee on Strategic Competition between the US and the Chinese Communist Party. The phishing messages contained links to password-protected archives hosted on cloud services, which included a shortcut (LNK) file and a hidden subfolder. Launching the LNK file executed a batch script that downloaded the VSCode Command Line Interface (CLI) from Microsoft’s servers, created a scheduled task for persistence, and established a VS Code remote tunnel authenticated via GitHub. The script also collected system information and the contents of various user directories, sending it to the attackers. The script sent a VS Code remote tunnel verification code, allowing the attackers to access the victim’s computer remotely and execute arbitrary commands.

    Show sources
    Open in new tab
  2. 30.08.2025 15:06 2 articles · 7mo ago

    Velociraptor Abused for C2 Tunneling via Visual Studio Code

    Unknown threat actors, identified as TA415 (APT41), deployed the Velociraptor forensic tool to download and execute Visual Studio Code, likely for command-and-control (C2) tunneling. The attack leveraged legitimate software and Windows utilities to minimize malware deployment and maintain a foothold in the target environment. The attackers used Cloudflare Workers domains for staging and additional payloads, and the incident highlights the evolving tactics of threat actors using legitimate tools for malicious purposes. The attack began with the use of the Windows msiexec utility to download an MSI installer from a Cloudflare Workers domain. Velociraptor was then used to establish contact with another Cloudflare Workers domain, facilitating the download and execution of Visual Studio Code with tunneling capabilities. This allowed for remote access and code execution, potentially leading to further malicious activities such as ransomware deployment.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Supply chain compromise in Trivy scanner triggers CanisterWorm propagation across CI/CD pipelines

Supply chain compromise in Trivy scanner triggers CanisterWorm propagation across CI/CD pipelines, now expanding to encompass additional open-source ecosystems and attributed to multiple advanced threat actors. The TeamPCP threat group continues to monetize stolen supply chain secrets through partnerships with extortion groups including Lapsus$ and the Vect ransomware operation, with Wiz (Google Cloud) confirming collaboration and horizontal movement across cloud environments. Cisco’s internal development environment was breached using stolen Trivy-linked credentials via a malicious GitHub Action, resulting in the theft of over 300 repositories, including proprietary AI product code and data belonging to corporate customers such as banks, BPOs, and US government agencies. Attackers also abused stolen AWS keys across a subset of Cisco’s cloud accounts, with multiple threat actors observed participating in the breach. New developments include the compromise of the Axios NPM package, a top-10 JavaScript library with over 400 million monthly downloads, via malicious versions 0.27.5 and 0.28.0. The attack delivered a multi-platform RAT through a malicious dependency impersonating crypto-js, with operational sophistication including pre-staging, platform-specific payloads, and anti-forensic cleanup. Initial attribution suggested TeamPCP involvement, but Google attributed the incident to UNC1069, a suspected North Korean actor linked to Lazarus Group, indicating potential actor diversification or false-flag operations. The Axios compromise highlights escalating tradecraft in open-source supply chain attacks, distinct from opportunistic infections and suggesting a focus on access brokering or targeted espionage rather than indiscriminate data theft.

Open in new tab

TeamPCP escalates CanisterWorm campaign with geopolitical targeting and multi-vector attacks

TeamPCP has escalated its multi-vector CanisterWorm campaign into a broader geopolitically targeted operation, now compromising trusted PyPI packages to deliver credential-stealing malware with automated execution mechanisms. The group has targeted the LiteLLM and Telnyx Python packages (versions 1.82.7, 1.82.8, 4.87.1, and 4.87.2), embedding malware that harvests SSH keys, cloud credentials, Kubernetes secrets, database credentials, cryptocurrency wallets, TLS/SSL private keys, and bash history files before exfiltrating data to attacker-controlled infrastructure and establishing persistent backdoors. The campaign began as a supply-chain attack involving 47 compromised npm packages and the @teale.io/eslint-config variant, leveraging ICP canisters for decentralized C2 and persistence via masqueraded systemd services. It escalated to include GitHub repository hijacking (e.g., Aqua Security), Docker Hub compromise, and deployment of an infostealer, then pivoted to targeting CI/CD pipelines directly via GitHub Actions workflows (e.g., Checkmarx, Trivy) using stolen credentials. TeamPCP now compromises GitHub Actions workflows and Open VSX extensions to deploy the TeamPCP Cloud stealer, while refining destructive payloads targeting Iranian systems in Kubernetes environments with time-zone/locale-based wipers. Recent compromises of LiteLLM and Telnyx demonstrate rapid iteration and maturation of supply chain attack methodology, with evidence suggesting collaboration with the Vectr ransomware group for follow-on ransomware operations.

Open in new tab

Malicious npm Package Targets macOS Users with RAT and Credential Theft

A malicious npm package named "@openclaw-ai/openclawai" masquerades as an OpenClaw installer to deploy a remote access trojan (RAT) and steal sensitive data from macOS systems. The package, uploaded on March 3, 2026, has been downloaded 178 times and remains available. It targets system credentials, browser data, crypto wallets, SSH keys, Apple Keychain databases, and iMessage history, while also installing a persistent RAT with remote access capabilities and a SOCKS5 proxy. The malware uses social engineering to harvest system passwords and employs sophisticated persistence and command-and-control (C2) infrastructure. The package triggers its malicious logic via a postinstall hook, re-installing itself globally and displaying a fake command-line interface to mimic an OpenClaw installation. It then retrieves an encrypted second-stage payload from a C2 server, which is decoded and executed to continue running in the background. The malware also prompts users to grant Full Disk Access (FDA) to Terminal to access protected data. The second-stage payload is a comprehensive information stealer and RAT framework capable of persistence, data collection, browser decryption, C2 communication, and live browser cloning. Collected data is exfiltrated through multiple channels, including the C2 server, Telegram Bot API, and GoFile.io. The malware also monitors clipboard content for specific patterns related to private keys and cryptocurrency addresses. The impact of this malware is significant, as it can compromise sensitive user data and provide attackers with persistent access to infected systems. The sophisticated nature of the malware, including its use of social engineering and encrypted payload delivery, makes it a serious threat to macOS users.

Open in new tab

341 Malicious ClawHub Skills Target OpenClaw Users with Atomic Stealer

A security audit by Koi Security identified 341 malicious skills on ClawHub, a marketplace for OpenClaw users, which distribute Atomic Stealer malware to steal sensitive data from macOS and Windows systems. The campaign, codenamed ClawHavoc, uses social engineering tactics to trick users into installing malicious prerequisites. The skills masquerade as legitimate tools, including cryptocurrency utilities, YouTube tools, and finance applications. OpenClaw has added a reporting feature and partnered with VirusTotal to scan skills uploaded to ClawHub, providing an additional layer of security for the OpenClaw community. The malware targets API keys, credentials, and other sensitive data, exploiting the open-source ecosystem's vulnerabilities. The campaign coincides with a report from OpenSourceMalware, highlighting the same threat. The intersection of AI agent capabilities and persistent memory amplifies the risks, enabling stateful, delayed-execution attacks. New findings reveal almost 400 fake crypto trading add-ons in the project behind the viral Moltbot/OpenClaw AI assistant tool can lead users to install information-stealing malware. These addons, called skills, masquerade as cryptocurrency trading automation tools and target ByBit, Polymarket, Axiom, Reddit, and LinkedIn. The malicious skills share the same command-and-control (C2) infrastructure, 91.92.242.30, and use sophisticated social engineering to convince users to execute malicious commands which then steals crypto assets like exchange API keys, wallet private keys, SSH credentials, and browser passwords. Additionally, fake OpenClaw installers hosted on GitHub and promoted by Bing AI instructed users to run commands that deployed information stealers and proxy malware. Threat actors set up malicious GitHub repositories posing as OpenClaw installers, which were recommended by Bing in its AI-powered search results. The malicious repositories contained shell scripts paired with Mach-O executables identified as Atomic Stealer malware for macOS users. For Windows users, the threat actor delivered OpenClaw_x64.exe, which deployed multiple malicious executables, including Rust-based malware loaders and Vidar stealer. Another Windows executable delivered was the GhostSocks backconnect proxy malware, designed to convert users' machines into proxy nodes.

Open in new tab

RedVDS Cybercrime-as-a-Service Disrupted by Microsoft

Microsoft, in coordination with legal partners in the US and UK, has disrupted RedVDS, a cybercriminal subscription service that facilitated phishing and fraud campaigns. RedVDS offered cheap, effective, and disposable virtual computers running unlicensed software, enabling cybercriminals to operate anonymously. The service caused over $40 million in losses in the US alone since March 2025, with nearly 190,000 organizations worldwide affected. RedVDS utilized AI to tailor phishing and business email compromise (BEC) scams, including deepfake videos and voice cloning to impersonate individuals. The disruption involved legal action in the US and UK, supported by international law enforcement, including Europol. Microsoft emphasized the importance of reporting cybercrime to prevent future attacks and protect potential victims. RedVDS operated since 2019 and rented servers from third-party hosting providers across multiple countries. The service was used for various malicious activities, including credential theft, account takeovers, and real estate payment diversion scams. In one month, cybercriminals using RedVDS sent an average of 1 million phishing messages per day to Microsoft customers alone, compromising nearly 200,000 Microsoft accounts over the last four months. RedVDS was advertised as a way to 'increase your productivity and work from home with comfort and ease.' The service was first founded in 2017 and operated on Discord, ICQ, and Telegram. The website was launched in 2019. RedVDS provided a reseller panel to create sub-users and grant them access to manage the servers without having to share access to the main site. The service did not maintain activity logs, making it an attractive choice for illicit use. RedVDS was used to host a toolkit comprising both malicious and dual-use software, including mass spam/phishing email tools, email address harvesters, privacy and OPSEC tools, and remote access tools. RedVDS used a single Windows Server 2022 image to create cloned Windows instances, which were created on demand using Quick Emulator (QEMU) virtualization technology combined with VirtIO drivers. RedVDS's Terms of Service prohibited customers from using the service for sending phishing emails, distributing malware, transferring illegal content, scanning systems for security vulnerabilities, or engaging in denial-of-service (DoS) attacks.

Open in new tab