Bulwark Black LLC

Infostealer Infection Unmasks DPRK Operative Behind Polyfill.io Supply Chain Attack and US Crypto Exchange Infiltration

acint1 month ago03 mins

In a stunning example of operational security failure, a North Korean cyber operative was unmasked after infecting their own machine with a LummaC2 infostealer—revealing definitive evidence linking them to both the catastrophic Polyfill.io supply chain attack and deep infiltration of a US cryptocurrency exchange. Key Findings According to a detailed forensic analysis by Hudson Rock…

KadNap Botnet Hijacks 14,000+ ASUS Routers Using Novel Kademlia DHT Protocol for Stealth C2

acint1 month ago03 mins

A newly discovered botnet called KadNap is turning ASUS routers and edge networking devices into covert proxies for cybercriminal operations. Since August 2025, the malware has infected over 14,000 devices across the globe, with researchers from Black Lotus Labs (Lumen Technologies) revealing a sophisticated command-and-control (C2) infrastructure that leverages a customized version of the Kademlia…

Iranian Handala Hacktivists Deploy Wiper Malware Against Medical Device Giant Stryker

acint1 month ago02 mins

Iran-linked hacktivist group Handala has claimed responsibility for a devastating wiper malware attack against Stryker Corporation, a Fortune 500 medical technology company with over 53,000 employees and $22.6 billion in annual sales. Attack Scale and Impact According to Handala’s claims and corroborating employee reports, the attack resulted in: 50 terabytes of critical data exfiltrated 200,000+…

FortiGate Devices Exploited as Network Entry Points for Service Account Credential Theft

acint1 month ago03 mins

Cybersecurity researchers have uncovered a sophisticated campaign where threat actors are weaponizing FortiGate Next-Generation Firewall (NGFW) appliances as entry points to breach victim networks. The activity, documented by SentinelOne, targets healthcare, government, and managed service provider environments. How FortiGate Integration Becomes a Vulnerability FortiGate appliances often integrate directly with Active Directory (AD) and Lightweight Directory…

Iranian MOIS Cyber Actors Embrace Criminal Ecosystem: From Rhadamanthys to Ransomware Affiliates

acint1 month ago03 mins

A new Check Point Research report reveals that Iranian Ministry of Intelligence and Security (MOIS)-linked threat actors are increasingly engaging with the cybercrime ecosystem, moving beyond mere imitation to directly leveraging criminal tools, services, and affiliate-style relationships in support of state objectives. Key Findings The research highlights a significant evolution in Iranian cyber operations, where…

BlackSanta EDR Killer Campaign Targets HR Departments Through Weaponized Resume Files

acint1 month ago03 mins

A year-long malware campaign targets HR departments through weaponized resume files, deploying the previously undocumented BlackSanta EDR killer that disables endpoint security tools at the kernel level.

Seedworm APT Deploys Dindoor and Fakeset Backdoors Inside US Critical Infrastructure Networks

acint1 month ago03 mins

Iran’s Seedworm APT group (also known as MuddyWater) has established persistent access inside the networks of multiple US organizations since early February 2026, deploying two previously unknown malware implants as geopolitical tensions between the US and Iran escalate. New Backdoor Arsenal: Dindoor and Fakeset Joint research from Symantec and Carbon Black has identified Seedworm activity…

60+ Pro-Iranian Hacktivist Groups Activate AI-Enabled ICS Attacks Following US-Israel Strikes

acint1 month ago03 mins

In the largest single-event activation of Iranian-aligned cyber actors ever documented, more than 60 pro-Iranian hacktivist groups became active on Telegram within hours of the February 28 US-Israel military strikes on Iran. Armed with AI tools and targeting over 40,000 internet-exposed control systems in the United States, these groups represent a dangerous new dimension of…

Iranian Cyber Threats Intensify: APT Groups and Hacktivists Target U.S. and Allied Infrastructure

acint1 month ago1 month ago03 mins

Executive Summary As hostilities between Iran and the U.S./Israeli-led coalition escalate, threat intelligence indicates Iranian-aligned cyber actors pose an elevated near-term risk to organizations across North America and allied nations. These actors have a well-documented history of espionage, credential theft, disruptive attacks, and high-visibility “hacktivist” operations targeting U.S. and allied interests. The Iranian Cyber Threat…

Seedworm APT Targets US Banks and Airports with New Dindoor and Fakeset Backdoors

acint1 month ago03 mins

Iranian state-sponsored hackers have maintained persistent access inside multiple US critical infrastructure networks since early February 2026, establishing footholds that security researchers warn could enable devastating attacks amid escalating geopolitical tensions in the Middle East. MuddyWater Returns with New Malware Arsenal Symantec and Carbon Black researchers have attributed the activity to Seedworm (also known as…