Computer Weekly

Iranian APT seen exploiting GitHub repository as C2 mechanism

An Iranian advanced persistent threat (APT) group associated with the operation tracked as Cobalt Mirage has turned to GitHub as a means to operate its latest custom malware, known as Drokbk, using a ...
Dark Reading

Iranian APT Targets US With Drokbk Spyware via GitHub

A subgroup of the state-backed Iranian threat actor Cobalt Mirage is using a new custom malware dubbed "Drokbk" to attack a variety of US organizations, using GitHub as a "dead-drop resolver." ...
Threat Post

Lazarus APT Uses Windows Update to Spew Malware

The group once again dangled fake job opportunities at engineers in a spear-phishing campaign that used Windows Update as a living-off-the-land technique and GitHub as a C2. Lazarus Group is using ...