Tuoni C2 targeted intrusion attempt against US real estate company
Malware Activity
Summary
Hide ▲
Show ▼
The Tuoni C2 framework was used in a targeted intrusion attempt against a major US real estate company in October 2025, showing how attackers are combining social engineering, steganography, and in-memory execution to evade detection. The chain used Microsoft Teams impersonation and a malicious PowerShell loader to stage the payload. Morphisec said its AMTD blocked the attack pre-execution.
Related Happenings
MuddyWater Microsoft Teams social-engineering campaign with Chaos ransomware decoy
Campaign
First: 06.05.2026 16:02
Last: 06.05.2026 16:02
Sources 1
About this happening:
The **MuddyWater** campaign used **Microsoft Teams** social engineering and a **Chaos ransomware** decoy to gain access, steal credentials, and establish persistence. The operatio...
MuddyWater Microsoft Teams social-engineering campaign with Chaos ransomware decoy
CampaignAbout this happening: The **MuddyWater** campaign used **Microsoft Teams** social engineering and a **Chaos ransomware** decoy to gain access, steal credentials, and establish persistence. The operatio...
DCRat delivered through PowerShell and MSBuild in PHALT#BLYX
Malware Activity
First: 06.01.2026 14:13
Last: 06.01.2026 14:13
Sources 1
About this happening:
**SHADOW#REACTOR** is a **multi-stage Windows malware campaign** that uses **obfuscated VBS**, **PowerShell**, **wscript.exe**, **MSBuild.exe**, and in-memory loaders to stealthil...
DCRat delivered through PowerShell and MSBuild in PHALT#BLYX
Malware ActivityAbout this happening: **SHADOW#REACTOR** is a **multi-stage Windows malware campaign** that uses **obfuscated VBS**, **PowerShell**, **wscript.exe**, **MSBuild.exe**, and in-memory loaders to stealthil...
Major U.S.-based real-estate company hit by network compromise
Incident
First: 18.11.2025 16:00
Last: 18.11.2025 16:00
Sources 1
About this happening:
A **major U.S.-based real-estate company** faced an attempted **cyber intrusion** in **mid-October 2025** that relied on **Microsoft Teams impersonation** and a staged **PowerShel...
Major U.S.-based real-estate company hit by network compromise
IncidentAbout this happening: A **major U.S.-based real-estate company** faced an attempted **cyber intrusion** in **mid-October 2025** that relied on **Microsoft Teams impersonation** and a staged **PowerShel...
ChaosBot Rust backdoor using Discord C2 and phishing delivery
Malware Activity
First: 13.10.2025 08:12
Last: 13.10.2025 08:12
Sources 1
About this happening:
**ChaosBot** is a newly disclosed **Rust-based backdoor** that gives operators **reconnaissance** and **arbitrary command execution** on compromised hosts, increasing the risk of...
ChaosBot Rust backdoor using Discord C2 and phishing delivery
Malware ActivityAbout this happening: **ChaosBot** is a newly disclosed **Rust-based backdoor** that gives operators **reconnaissance** and **arbitrary command execution** on compromised hosts, increasing the risk of...
UNC5221 BRICKSTORM espionage campaign targeting U.S. legal, SaaS, BPO, and technology firms
Campaign
First: 24.09.2025 17:33
Last: 24.09.2025 17:33
Sources 1
About this happening:
**UNC5221** is running a **BRICKSTORM** espionage campaign that has maintained access in victim networks for an average of **393 days** and has been active since **March 2025**. G...
UNC5221 BRICKSTORM espionage campaign targeting U.S. legal, SaaS, BPO, and technology firms
CampaignAbout this happening: **UNC5221** is running a **BRICKSTORM** espionage campaign that has maintained access in victim networks for an average of **393 days** and has been active since **March 2025**. G...
Timeline
-
18.11.2025 16:45 2 articles · 6mo ago
Tuoni C2 targeted intrusion attempt against US real estate company
Initial DisclosureThe intrusion appears to have started with a **Microsoft Teams impersonation** that convinced an employee to run a **malicious PowerShell one-liner**. That initial execution step fetched the next-stage script and prepared the payload delivery chain.
Show sources
- AI-Enhanced Tuoni Framework Targets Major US Real Estate Firm — www.infosecurity-magazine.com — 18.11.2025 16:45
- AI-Enhanced Tuoni Framework Targets Major US Real Estate Firm — www.infosecurity-magazine.com — 18.11.2025 16:45