New year, new sector: Targeting India's startup ecosystem

Transparent Tribe, also known as APT36, has expanded its targeting to include India's startup ecosystem, particularly those in the cybersecurity domain. The group is using startup-oriented themed lure material delivered via ISO container-based files to deploy Crimson RAT. This campaign deviates from their typical government and defense targets, suggesting a shift in strategy towards companies providing open-source intelligence services and collaborating with law enforcement agencies. The attack chain involves spear-phishing emails, malicious LNK files, and batch scripts to execute the Crimson RAT payload. The malware employs extensive obfuscation techniques and uses a custom TCP protocol for command and control communications. This activity demonstrates the group's adaptation of proven tooling for new victim profiles while maintaining its core behavioral tactics, techniques, and procedures.

Pulse ID: 69836c616757ccfa9dcad92c
Pulse Link: https://otx.alienvault.com/pulse/69836c616757ccfa9dcad92c
Pulse Author: AlienVault
Created: 2026-02-04 15:57:21

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Email #Government #ICS #India #InfoSec #LNK #LawEnforcement #Malware #OTX #OpenThreatExchange #Phishing #RAT #RCE #SpearPhishing #TCP #TransparentTribe #bot #AlienVault

How many runways can you see for Lincoln airport (USA) ? : The answer is on https://www.bigorre.org/aero/meteo/klnk/en #lincolnairport #airport #lincoln #usa #klnk #lnk #aviation #avgeek vl

APT Attacks Target Indian Government Using SHEETCREEP, FIREPOWER, and MAILCREEP

A new campaign targeting Indian government entities was uncovered, utilizing three backdoors: SHEETCREEP, FIREPOWER, and MAILCREEP. These tools leverage legitimate cloud services like Google Sheets, Firebase, and Microsoft Graph API for command and control, enabling the attackers to blend in with normal traffic. The campaign, named Sheet Attack, employed PDFs and malicious LNK files as initial infection vectors. Evidence suggests the use of generative AI in malware development. While sharing similarities with APT36, the campaign's unique characteristics point to either a new Pakistan-linked group or an APT36 subgroup. The attackers demonstrated hands-on-keyboard activity and deployed additional payloads, including a document stealer, to selected targets.

Pulse ID: 697a42251f1b8af2c39201cc
Pulse Link: https://otx.alienvault.com/pulse/697a42251f1b8af2c39201cc
Pulse Author: AlienVault
Created: 2026-01-28 17:06:45

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #Cloud #CyberSecurity #Google #Government #ICS #India #InfoSec #LNK #Malware #Microsoft #OTX #OpenThreatExchange #PDF #Pakistan #RAT #bot #AlienVault

Aviation weather for Lincoln airport (USA) is “KLNK 271854Z 36012KT 10SM CLR M04/M14 A3041 RMK AO2 SLP317 T10441144” : See what it means on https://www.bigorre.org/aero/meteo/klnk/en #lincolnairport #airport #lincoln #usa #klnk #lnk #metar #aviation #aviationweather #avgeek vl

Malware MoonPeak Executed via LNK Files

In January 2026, IIJ observed malicious LNK files targeting Korean users to execute the MoonPeak malware, attributed to North Korean threat actors. The infection chain begins with a LNK file that runs an obfuscated PowerShell script, which checks for analysis environments, creates additional scripts, and sets up persistence. The second stage downloads and executes a payload from GitHub, which is actually the MoonPeak malware. MoonPeak is obfuscated using ConfuserEx and communicates with a C2 server. The campaign utilizes GitHub for hosting malware, a technique known as Living Off Trusted Sites (LOTS). This attack demonstrates the ongoing threat posed by North Korean actors targeting various countries and individuals worldwide.

Pulse ID: 69777a203745e70e7425106f
Pulse Link: https://otx.alienvault.com/pulse/69777a203745e70e7425106f
Pulse Author: AlienVault
Created: 2026-01-26 14:28:48

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #GitHub #InfoSec #Korea #LNK #Malware #NorthKorea #OTX #OpenThreatExchange #PowerShell #RAT #Rust #bot #AlienVault

#LNK used to pride itself on its trails being cleared of snow before the streets, yet I see the trails remain snow-covered 48 hours later. What's the deal? Are our trails no longer a priority?

LNKファイルを介して実行されるマルウェアMoonPeak – IIJ Security Diary

Pulse ID: 69776c301b84e1c0aef9fa84
Pulse Link: https://otx.alienvault.com/pulse/69776c301b84e1c0aef9fa84
Pulse Author: CyberHunter_NL
Created: 2026-01-26 13:29:20

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #LNK #OTX #OpenThreatExchange #bot #CyberHunter_NL

MoonPeak Malware Executed via LNK Files

Pulse ID: 697487644efb5e211115bd86
Pulse Link: https://otx.alienvault.com/pulse/697487644efb5e211115bd86
Pulse Author: cryptocti
Created: 2026-01-24 08:48:36

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #LNK #Malware #OTX #OpenThreatExchange #bot #cryptocti

If you are also taking the day of or sick tomorrow there are some bills going up next week that could really use some testimony https://outnebraska.org/bill-tracker/ #LNK #nebraska #LincolnNebraska

KONNI Adopts AI to Generate PowerShell Backdoors

A North Korea-linked threat actor known as KONNI has been observed conducting a phishing campaign targeting software developers and engineering teams, particularly those with blockchain expertise. The campaign uses AI-generated PowerShell backdoors and targets a broader range of countries in the APAC region. The infection chain begins with a Discord-hosted link downloading a ZIP archive containing a PDF lure and a malicious LNK file. The LNK file deploys additional components, including the AI-generated PowerShell backdoor. The backdoor employs various anti-analysis techniques and establishes persistence through scheduled tasks. This campaign demonstrates KONNI's evolution in tactics and tooling, including the adoption of AI-assisted malware development.

Pulse ID: 69726ae65cfcf0a192c03c35
Pulse Link: https://otx.alienvault.com/pulse/69726ae65cfcf0a192c03c35
Pulse Author: AlienVault
Created: 2026-01-22 18:22:30

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#APAC #BackDoor #BlockChain #CyberSecurity #Discord #ICS #InfoSec #Konni #Korea #LNK #Malware #NorthKorea #OTX #OpenThreatExchange #PDF #Phishing #PowerShell #RAT #ZIP #bot #developers #AlienVault

I have mixed feelings! The fans can be quite loud sometimes, but the mill brings in train cars and I love to look at the graffiti. Here is a picture of the mill from the other side, with the firefighters practice grounds in the foreground.

I wonder if celerion will buy the land. #LNK

I just learned gooch's mill will shut down. Here's a picture I took of it from my porch a few days ago near sunrise #LNK

ADM shutting down flour milling operation in #LNK – by Matt Olberding at Nebraska Public Media: https://nebraskapublicmedia.org/en/news/news-articles/adm-shutting-down-flour-milling-operation-in-lincoln/

Operation Covert Access: Weaponized LNK-Based Spear-Phishing Targeting Argentina's Judicial Sector to Deploy a Covert RAT

A sophisticated spear-phishing campaign targeting Argentina's judicial sector has been uncovered. The operation uses a multi-stage infection chain to deploy a stealthy Remote Access Trojan (RAT). Attackers exploit trust in court communications by using authentic-looking judicial decoy documents. The campaign employs a weaponized LNK file, a BAT-based loader script, and a covert Rust-based RAT to establish persistent access within judicial environments. The malware performs extensive anti-VM and anti-debug checks, collects system information, and establishes resilient C2 connections. It supports various malicious activities including persistence, file transfer, data harvesting, encryption, and privilege escalation. The campaign demonstrates high operational sophistication and aims to gain long-term access to sensitive legal and institutional data.

Pulse ID: 696f41524ac07b77da95e91c
Pulse Link: https://otx.alienvault.com/pulse/696f41524ac07b77da95e91c
Pulse Author: AlienVault
Created: 2026-01-20 08:48:18

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Encryption #InfoSec #LNK #Malware #OTX #OpenThreatExchange #Phishing #RAT #RemoteAccessTrojan #Rust #SpearPhishing #Trojan #bot #AlienVault

Operation Nomad Leopard: Targeted Spear-Phishing Campaign Against Government Entities in Afghanistan

A threat group is targeting Afghan government employees using a fake lure mimicking an official government document. The campaign, named Operation Nomad Leopard, uses a malicious ISO file containing a PDF decoy, LNK file, and the FALSECUB malware. The infection chain involves executing the LNK file to display the PDF and run the malware, which establishes persistence and connects to a command and control server. The malware performs system reconnaissance, file enumeration, and data exfiltration. The threat actor, believed to be regionally focused with low-to-moderate sophistication, uses GitHub for malware distribution and has connections to Pakistan. The campaign demonstrates careful attention to detail in creating convincing lures and leverages legitimate platforms for malicious purposes.

Pulse ID: 696f420d629a255b3d84814e
Pulse Link: https://otx.alienvault.com/pulse/696f420d629a255b3d84814e
Pulse Author: AlienVault
Created: 2026-01-20 08:51:25

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Afghanistan #CyberSecurity #GitHub #Government #InfoSec #LNK #Malware #Mimic #OTX #OpenThreatExchange #PDF #Pakistan #Phishing #RAT #SpearPhishing #bot #AlienVault

Operation Poseidon: Spear-Phishing Attacks Abusing Google Ads Redirection Mechanisms

Operation Poseidon is a sophisticated spear-phishing campaign attributed to the Konni APT group. The attackers exploit Google Ads redirection mechanisms to bypass security filters and user awareness. They compromise poorly secured WordPress sites for malware distribution and C2 infrastructure. The campaign uses social engineering tactics, impersonating North Korean human rights organizations and financial institutions. Malware is delivered through LNK files disguised as PDF documents, executing AutoIt scripts that load EndRAT variants. The attackers employ advanced evasion techniques, including email content padding and abuse of legitimate advertising URLs. The campaign demonstrates evolving tactics and infrastructure reuse consistent with previous Konni activities.

Pulse ID: 696d289962926b96a6584416
Pulse Link: https://otx.alienvault.com/pulse/696d289962926b96a6584416
Pulse Author: AlienVault
Created: 2026-01-18 18:38:17

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Autoit #CyberSecurity #DRat #Email #Google #GoogleAds #ICS #InfoSec #Konni #Korea #LNK #Malware #NorthKorea #OTX #OpenThreatExchange #PDF #Phishing #RAT #RDP #SMS #SocialEngineering #SpearPhishing #Word #Wordpress #bot #AlienVault

Ignite Lincoln is having a BOGO sale through the 19th. $10 for two people to enjoy a fun night of storytelling. I have attended both as a speaker and as an audience member and I highly recommend it. #LNK

Use code BOGO17 at checkout. https://www.tickettailor.com/events/ignitelincoln/1845476

A friend filed a claim with the City of #LNK after a street tree limb crushed her car during one of last year's storms. Those claims are *rarely* approved. Yesterday she found out they're paying her claim! I can't say for sure, but I suspect her history of reporting the tree's problems to the City via UPLNK helped. It was known (via her reports) that the tree had a history of dropping limbs and showing signs of being unhealthy.

Lesson? Use UPLNK and make (reasonable) claims when appropriate.

Guys. GUYS. https://nebraska.tv/news/local/lancaster-county-unveils-winning-designs-for-new-voting-stickers #LNK