Major U.S.-based real-estate company hit by network compromise
Incident
Summary
Hide ▲
Show ▼
A major U.S.-based real-estate company faced an attempted cyber intrusion in mid-October 2025 that relied on Microsoft Teams impersonation and a staged PowerShell delivery chain. The attack sought to run TuoniAgent.dll for remote control through the Tuoni C2 framework, but it was ultimately unsuccessful. The intrusion matters because it combined social engineering, steganography, and in-memory execution to increase stealth.
Related Happenings
MuddyWater Microsoft Teams social-engineering campaign with Chaos ransomware decoy
Campaign
First: 06.05.2026 16:02
Last: 06.05.2026 16:02
Sources 1
About this happening:
The **MuddyWater** campaign used **Microsoft Teams** social engineering and a **Chaos ransomware** decoy to gain access, steal credentials, and establish persistence. The operatio...
MuddyWater Microsoft Teams social-engineering campaign with Chaos ransomware decoy
CampaignAbout this happening: The **MuddyWater** campaign used **Microsoft Teams** social engineering and a **Chaos ransomware** decoy to gain access, steal credentials, and establish persistence. The operatio...
GoBruteforcer botnet brute-forces exposed Linux servers with a more capable mid-2025 variant
Malware Activity
First: 08.01.2026 19:30
Last: 08.01.2026 19:30
Sources 1
About this happening:
**GoBruteforcer** is actively brute-forcing **Linux servers exposed to the internet**, creating a broad risk of compromise, **data theft** and **botnet expansion**. The operation...
GoBruteforcer botnet brute-forces exposed Linux servers with a more capable mid-2025 variant
Malware ActivityAbout this happening: **GoBruteforcer** is actively brute-forcing **Linux servers exposed to the internet**, creating a broad risk of compromise, **data theft** and **botnet expansion**. The operation...
Tuoni C2 targeted intrusion attempt against US real estate company
Malware Activity
First: 18.11.2025 16:45
Last: 18.11.2025 16:45
Sources 1
About this happening:
The **Tuoni C2 framework** was used in a targeted intrusion attempt against a **major US real estate company** in **October 2025**, showing how attackers are combining **social en...
Tuoni C2 targeted intrusion attempt against US real estate company
Malware ActivityAbout this happening: The **Tuoni C2 framework** was used in a targeted intrusion attempt against a **major US real estate company** in **October 2025**, showing how attackers are combining **social en...
PhantomCaptcha WebSocket RAT PowerShell delivery chain
Malware Activity
First: 24.10.2025 15:15
Last: 24.10.2025 15:15
Sources 1
About this happening:
**PhantomCaptcha** delivered a **WebSocket RAT** on **October 8** through a **multi-stage PowerShell** chain that let operators run commands, exfiltrate data, and load more malwar...
PhantomCaptcha WebSocket RAT PowerShell delivery chain
Malware ActivityAbout this happening: **PhantomCaptcha** delivered a **WebSocket RAT** on **October 8** through a **multi-stage PowerShell** chain that let operators run commands, exfiltrate data, and load more malwar...
RedNovember (Storm-2077) public-PoC espionage campaign
Campaign
First: 24.09.2025 04:00
Last: 24.09.2025 04:00
Sources 1
About this happening:
**RedNovember** is a suspected **Chinese state-sponsored** campaign also tracked as **Storm-2077** that targeted **perimeter appliances** of high-profile organizations globally be...
RedNovember (Storm-2077) public-PoC espionage campaign
CampaignAbout this happening: **RedNovember** is a suspected **Chinese state-sponsored** campaign also tracked as **Storm-2077** that targeted **perimeter appliances** of high-profile organizations globally be...
Timeline
-
18.11.2025 16:00 2 articles · 6mo ago
Major U.S.-based real-estate company hit by network compromise
Initial DisclosureThe intrusion started with a **Microsoft Teams impersonation** lure in **mid-October 2025** that was meant to get an employee to run a **PowerShell** command. That opening move was designed to establish access before the staged payload delivery began.
Show sources
- Researchers Detail Tuoni C2's Role in an Attempted 2025 Real-Estate Cyber Intrusion — thehackernews.com — 18.11.2025 16:00
- Researchers Detail Tuoni C2's Role in an Attempted 2025 Real-Estate Cyber Intrusion — thehackernews.com — 18.11.2025 16:00