World Leaks RustyRocket malware activity
Malware Activity
Summary
Hide ▲
Show ▼
The World Leaks extortion group has added RustyRocket, a new Rust malware that helps it maintain persistence and exfiltrate data from victim networks. The tool targets Microsoft Windows and Linux, hides activity with encrypted tunnels, and can proxy traffic to blend into normal operations. Its stealth makes the group's extortion attacks harder to detect and disrupt.
Related Happenings
CL-UNK-1068 Asia critical-infrastructure cyberespionage campaign
Campaign
First: 09.03.2026 14:05
Last: 09.03.2026 14:05
Sources 1
About this happening:
The **CL-UNK-1068** espionage campaign is active across **Asia**, putting **aviation, energy, government, law enforcement, pharmaceuticals, technology, and telecommunications** or...
CL-UNK-1068 Asia critical-infrastructure cyberespionage campaign
CampaignAbout this happening: The **CL-UNK-1068** espionage campaign is active across **Asia**, putting **aviation, energy, government, law enforcement, pharmaceuticals, technology, and telecommunications** or...
UAT-9244 TernDoor, PeerTime, and BruteEntry malware activity
Malware Activity
First: 06.03.2026 01:19
Last: 06.03.2026 01:19
Sources 1
About this happening:
A **China-linked** malware cluster has been using **TernDoor**, **PeerTime**, and **BruteEntry** to compromise **telecommunication providers in South America** and turn infected s...
UAT-9244 TernDoor, PeerTime, and BruteEntry malware activity
Malware ActivityAbout this happening: A **China-linked** malware cluster has been using **TernDoor**, **PeerTime**, and **BruteEntry** to compromise **telecommunication providers in South America** and turn infected s...
Geta RAT, Ares RAT, and DeskRAT cross-platform credential-theft activity
Malware Activity
First: 11.02.2026 16:52
Last: 11.02.2026 16:52
Sources 1
About this happening:
**Geta RAT**, **Ares RAT**, and **DeskRAT** are being deployed across **Windows and Linux** in phishing-led intrusions that enable **credential theft**, **persistent access**, and...
Geta RAT, Ares RAT, and DeskRAT cross-platform credential-theft activity
Malware ActivityAbout this happening: **Geta RAT**, **Ares RAT**, and **DeskRAT** are being deployed across **Windows and Linux** in phishing-led intrusions that enable **credential theft**, **persistent access**, and...
APT36 / SideCopy phishing-led campaign targeting Indian defense organizations
Campaign
First: 11.02.2026 16:52
Last: 11.02.2026 16:52
Sources 1
About this happening:
A **phishing-led** **APT36 / SideCopy** campaign is targeting **Indian defense and government-aligned organizations**, using cross-platform **RATs** to steal sensitive data and ke...
APT36 / SideCopy phishing-led campaign targeting Indian defense organizations
CampaignAbout this happening: A **phishing-led** **APT36 / SideCopy** campaign is targeting **Indian defense and government-aligned organizations**, using cross-platform **RATs** to steal sensitive data and ke...
VoidLink Linux C2 malware activity
Malware Activity
First: 09.02.2026 17:25
Last: 09.02.2026 17:25
Sources 1
About this happening:
**VoidLink** is an operational **Linux C2 framework** used by **UAT-9921** as a **post-compromise tool** against **technology and financial services** targets. Cisco Talos says th...
VoidLink Linux C2 malware activity
Malware ActivityAbout this happening: **VoidLink** is an operational **Linux C2 framework** used by **UAT-9921** as a **post-compromise tool** against **technology and financial services** targets. Cisco Talos says th...
Timeline
-
12.02.2026 15:30 2 articles · 3mo ago
Accenture discloses RustyRocket in World Leaks operations
Initial DisclosureAccenture Cybersecurity research disclosed that World Leaks had added RustyRocket, a custom Rust malware, to its operations. The tool targets Microsoft Windows and Linux, maintains persistence on victim networks, and uses heavily obfuscated, multi-layered encrypted tunnels plus a pre-encrypted runtime configuration to steal data and proxy traffic while blending into normal activity.
Show sources
- World Leaks Ransomware Group Adds Stealthy, Custom Malware ‘RustyRocket’ to Attacks — www.infosecurity-magazine.com — 12.02.2026 15:30
- World Leaks Ransomware Group Adds Stealthy, Custom Malware ‘RustyRocket’ to Attacks — www.infosecurity-magazine.com — 12.02.2026 15:30