Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

SHADOW#REACTOR Remcos RAT delivery campaign

Campaign
First reported
Last updated
Happening score
H score 39
1 unique sources, 1 articles

Summary

Hide ▲

The SHADOW#REACTOR campaign now matters because it uses a multi-stage Windows attack chain to deliver Remcos RAT and maintain persistent, covert remote access. The operation appears broad and opportunistic, with focus on enterprise and small-to-medium business environments. Its design combines layered stagers and LOLBin abuse to make execution harder to spot and disrupt.

Related Happenings

VENOM closed-access PhaaS operating model limits researcher visibility

Threat Actor Meta
First: 10.04.2026 00:37 Last: 10.04.2026 00:37 Sources 1

About this happening: **VENOM** is operating as a **closed-access phishing-as-a-service** platform, reducing researcher visibility while supporting **underground credential theft**. The service targets...

Open Happening

GPUBreach GPU Rowhammer research enables GDDR6 page-table corruption and privilege escalation

Technical Analysis
First: 07.04.2026 00:44 Last: 07.04.2026 00:44 Sources 1

About this happening: **GPUBreach** research shows **Rowhammer** bit flips in **GDDR6** can corrupt **GPU page tables**, creating a path to **arbitrary GPU memory read/write** and potential **full syst...

Open Happening

SPLITDROP, TWINTASK, TWINTALK, and GHOSTFORM multi-stage malware deployment

Malware Activity
First: 05.03.2026 14:01 Last: 05.03.2026 14:01 Sources 1

About this happening: A **Windows malware** set composed of **SPLITDROP**, **TWINTASK**, **TWINTALK**, and **GHOSTFORM** was deployed across **two infection chains**, expanding the operation’s command,...

Open Happening

Silver Dragon assessed within the APT41 umbrella

Threat Actor Meta
First: 04.03.2026 10:14 Last: 04.03.2026 10:14 Sources 1

About this happening: **Silver Dragon** is now assessed to operate within the **APT41 umbrella**, sharpening attribution for a cluster active against **Europe**, **Southeast Asia**, and **government en...

Open Happening

Fake IT support Havoc campaign

Campaign
First: 03.03.2026 19:15 Last: 03.03.2026 19:15 Sources 1

About this happening: A **fake IT support** campaign is using **email spam**, phone-based social engineering, and **Havoc C2** to gain initial access, putting targeted organizations at risk of **data e...

Open Happening

Timeline

  1. 13.01.2026 11:08 2 articles · 4mo ago

    SHADOW#REACTOR Remcos RAT campaign disclosed

    Initial Disclosure

    Researchers disclosed SHADOW#REACTOR, a broad and opportunistic Windows campaign that targets enterprise and small-to-medium business environments by chaining an obfuscated VBS launcher, wscript.exe, PowerShell, a .NET Reactor–protected loader, and MSBuild.exe to deploy Remcos RAT and maintain persistent covert access; no evidence links the activity to a known threat group.

    Show sources
    Open in new tab