CyberNews: 02/09/2025 Edition
Today’s roundup
- Ukrainian Network FDN3 Launches Massive Brute-Force Attacks on SSL VPN and RDP Devices
- Silver Fox Exploits Microsoft-Signed WatchDog Driver to Deploy ValleyRAT Malware
- Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets
Summary
Ukrainian autonomous system FDN3 (AS211736) conducted widespread brute-force and password spraying attacks against SSL VPN and RDP devices from June to July 2025, according to French cybersecurity firm Intrinsec. The Ukraine-based network targeted critical authentication infrastructure, with researchers linking it to broader malicious campaigns. Silver Fox attackers weaponized a Microsoft-signed driver (amsdk.sys v1.0.600) from WatchDog Anti-malware in BYOVD attacks to disable security tools, deploying ValleyRAT malware on compromised systems. A malicious npm package named nodejs-smtp, masquerading as the legitimate nodemailer library, was found injecting code into Atomic and Exodus cryptocurrency wallet applications on Windows, having been downloaded 347 times before detection.