Tuoni C2 Framework Used in Unsuccessful Real-Estate Cyber Intrusion

First reported

18.11.2025 16:00

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

In mid-October 2025, an unknown threat actor attempted to infiltrate a major U.S.-based real-estate company using the Tuoni C2 framework. The attack involved social engineering via Microsoft Teams impersonation for initial access, followed by a multi-stage payload delivery using steganography to conceal the final payload within a bitmap image. The attack ultimately failed but highlighted the misuse of red teaming tools for malicious purposes. The Tuoni C2 framework, first released in early 2024, is advertised as an advanced tool for security professionals, with a free Community Edition available on GitHub. The attack demonstrated signs of AI assistance in code generation, evident from the scripted comments and modular structure of the initial loader.

Timeline

18.11.2025 16:00 1 articles · 23h ago

Tuoni C2 Framework Used in Unsuccessful Real-Estate Cyber Intrusion
In mid-October 2025, an unknown threat actor attempted to infiltrate a major U.S.-based real-estate company using the Tuoni C2 framework. The attack involved social engineering via Microsoft Teams impersonation for initial access, followed by a multi-stage payload delivery using steganography to conceal the final payload within a bitmap image. The attack ultimately failed but highlighted the misuse of red teaming tools for malicious purposes.
Show sources

Researchers Detail Tuoni C2's Role in an Attempted 2025 Real-Estate Cyber Intrusion — thehackernews.com — 18.11.2025 16:00
Open in new tab

Information Snippets

The attack unfolded in mid-October 2025, targeting a major U.S.-based real-estate company.
First reported: 18.11.2025 16:00

1 source, 1 article
Show sources
- Researchers Detail Tuoni C2's Role in an Attempted 2025 Real-Estate Cyber Intrusion — thehackernews.com — 18.11.2025 16:00
The threat actor likely used social engineering via Microsoft Teams impersonation for initial access.
First reported: 18.11.2025 16:00

1 source, 1 article
Show sources
- Researchers Detail Tuoni C2's Role in an Attempted 2025 Real-Estate Cyber Intrusion — thehackernews.com — 18.11.2025 16:00
The attack involved a multi-stage payload delivery using steganography to conceal the final payload within a bitmap image.
First reported: 18.11.2025 16:00

1 source, 1 article
Show sources
- Researchers Detail Tuoni C2's Role in an Attempted 2025 Real-Estate Cyber Intrusion — thehackernews.com — 18.11.2025 16:00
The final payload executed 'TuoniAgent.dll,' which connected to a C2 server ('kupaoquan[.]com').
First reported: 18.11.2025 16:00

1 source, 1 article
Show sources
- Researchers Detail Tuoni C2's Role in an Attempted 2025 Real-Estate Cyber Intrusion — thehackernews.com — 18.11.2025 16:00
The Tuoni C2 framework, first released in early 2024, is advertised as an advanced tool for security professionals.
First reported: 18.11.2025 16:00

1 source, 1 article
Show sources
- Researchers Detail Tuoni C2's Role in an Attempted 2025 Real-Estate Cyber Intrusion — thehackernews.com — 18.11.2025 16:00
The attack demonstrated signs of AI assistance in code generation, evident from the scripted comments and modular structure of the initial loader.
First reported: 18.11.2025 16:00

1 source, 1 article
Show sources
- Researchers Detail Tuoni C2's Role in an Attempted 2025 Real-Estate Cyber Intrusion — thehackernews.com — 18.11.2025 16:00