Two closely related espionage campaigns targeting Cambodian government organizations that abuse a legitimate VMware-signed binary to sideload a custom loader dubbed NIGHTFORGE, which in turn deploys a Havoc Demon implant in memory. TRU attributes both operations to a previously unreported cluster it calls Khmer Shadow, based on targeting, lure construction and shared infrastructure; the activity […]

The post Hackers Abuse VMware-Signed Binary to Deploy NIGHTFORGE Loader appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.