Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

LOTUSLITE backdoor delivered via DLL side-loading and C2 beaconing

Malware Activity
First reported
Last updated
Happening score
H score 16
1 unique sources, 1 articles

Summary

Hide ▲

The LOTUSLITE backdoor was delivered as a malicious DLL through DLL side-loading, giving the implant a foothold for beaconing, remote tasking, and data exfiltration. The malware matters because it also supports Windows Registry-based persistence and remote cmd.exe execution.

Related Happenings

FDMTP 3.2.5.1 modular backdoor activity in Asia-Pacific and Japan

Malware Activity
First: 14.05.2026 18:00 Last: 14.05.2026 18:00 Sources 1

About this happening: An updated **FDMTP backdoor** variant is active in a **months-long espionage operation** against **Asia-Pacific and Japan** networks, increasing the risk of stealthy remote access...

Open Happening

LotusLite backdoor delivered via DLL sideloading

Malware Activity
First: 21.04.2026 15:00 Last: 21.04.2026 15:00 Sources 1

About this happening: The **LotusLite** backdoor is being delivered through **malicious files** and **DLL sideloading**, creating a remote-access malware activity that supports **espionage**. The opera...

Open Happening

Slopoly backdoor used in Interlock ransomware intrusion

Malware Activity
First: 12.03.2026 22:01 Last: 12.03.2026 22:01 Sources 1

About this happening: The **Slopoly** backdoor was identified in an **Interlock ransomware** intrusion after it kept a compromised server active for **more than a week** and enabled **data theft**. It...

Open Happening

ClickFix DNS-based nslookup staging campaign

Campaign
First: 15.02.2026 16:10 Last: 15.02.2026 16:10 Sources 1

About this happening: The **ClickFix** campaign has added **DNS-based staging** that uses **nslookup** in the **Windows Run dialog** to fetch and run a second-stage payload, making malicious execution...

Open Happening

Microsoft silently patches in Windows LNK files remote code execution flaw (CVE-2025-9491)

Vulnerability
First: 12.02.2026 23:01 Last: 12.02.2026 23:01 Sources 1

About this happening: **Windows LNK shortcut files** remain the focus of this vulnerability thread: **CVE-2025-9491** / **ZDI-CAN-25373** is being used in **September-October 2025** spear-phishing atta...

Open Happening

Timeline

  1. 16.01.2026 12:27 2 articles · 4mo ago

    Mustang Panda-linked LOTUSLITE campaign targets U.S. government and policy entities

    Initial Disclosure

    Researchers disclosed a Mustang Panda-linked campaign targeting U.S. government and policy entities with Venezuela-themed spear phishing that delivered the LOTUSLITE backdoor as the malicious DLL kugou.dll inside a ZIP archive and launched it through DLL side-loading. The implant uses Windows WinHTTP APIs to beacon to a hard-coded C2 server, supports remote cmd.exe tasking and data exfiltration, and can establish persistence through Windows Registry modifications; successful compromise of the targets was not confirmed.

    Show sources
    Open in new tab