FortiGuard Labs Threat Research

DPRK-Related Campaigns with LNK and GitHub C2

Thu, 2 Apr 2026 13:00:00 +0000

Analysis of DPRK-linked LNK-based attacks using GitHub as covert C2 infrastructure, detailing multi-stage PowerShell execution, persistence mechanisms, and data exfiltration techniques targeting Windows environments.

Cyber Fallout After the Strikes: Signal, Noise, and What Comes Next

Wed, 4 Mar 2026 17:00:00 +0000

Following U.S.-Israeli strikes on Iran, FortiGuard Labs has not yet observed large-scale cyber retaliation. However, we observed that regional cyber activity is rising. Organizations should take action to strengthen cyber hygiene, rotate credentials, and reduce exposure.

Unmasking Agent Tesla: A Deep Dive into a Multi-Stage Campaign

Wed, 25 Feb 2026 14:00:00 +0000

FortiGuard Labs provides a technical breakdown of a multi-stage Agent Tesla campaign, from phishing and encrypted scripts to in-memory execution, process hollowing, and data exfiltration

Massive Winos 4.0 Campaigns Target Taiwan

Fri, 20 Feb 2026 14:00:00 +0000

FortiGuard Labs analyzes Winos 4.0 (ValleyRat) campaigns targeting Taiwan, detailing phishing lures, DLL sideloading, BYOVD abuse, and evolving attacker infrastructure

Deep Dive into New XWorm Campaign Utilizing Multiple-Themed Phishing Emails

Tue, 10 Feb 2026 14:00:00 +0000

FortiGuard Labs details a new XWorm RAT campaign using multi-language phishing emails, Excel exploits (CVE-2018-0802), HTA execution, and fileless .NET techniques to gain full remote control of Windows systems

Interlock Ransomware: New Techniques, Same Old Tricks

Thu, 29 Jan 2026 14:00:00 +0000

An in-depth analysis of an Interlock ransomware intrusion, detailing new malware tooling, defense evasion techniques, and high-ROI detection strategies.

Unveiling the Weaponized Web Shell EncystPHP

Wed, 28 Jan 2026 14:00:00 +0000

FortiGuard Labs analyzes EncystPHP, a stealthy web shell exploiting CVE-2025-64328 in FreePBX environments to enable remote command execution, persistence, and long-term system compromise

Inside a Multi-Stage Windows Malware Campaign

Tue, 20 Jan 2026 14:00:00 +0000

FortiGuard Labs analysis of a multi-stage Windows malware campaign that abuses trusted platforms to disable defenses, deploy RATs, and deliver ransomware.

New Remcos Campaign Distributed Through Fake Shipping Document

Wed, 14 Jan 2026 14:00:00 +0000

FortiGuard Labs analyzes a phishing campaign delivering a fileless Remcos RAT via malicious Word templates, CVE-2017-11882 exploitation, and in-memory execution.

Uncovering Hidden Forensic Evidence in Windows: The Mystery of AutoLogger-Diagtrack-Listener.etl

Tue, 9 Dec 2025 14:00:00 +0000

FortiGuard IR uncovers forensic insights in Windows AutoLogger-Diagtrack-Listener.etl, a telemetry artefact with untapped investigative value.