Today’s roundup

• Ukrainian Network FDN3 Launches Massive Brute-Force Attacks on SSL VPN and RDP Devices
• Silver Fox Exploits Microsoft-Signed WatchDog Driver to Deploy ValleyRAT Malware
• Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets

Summary

Ukrainian autonomous system FDN3 (AS211736) conducted widespread brute-force and password spraying attacks against SSL VPN and RDP devices from June to July 2025, according to French cybersecurity firm Intrinsec. The Ukraine-based network targeted critical authentication infrastructure, with researchers linking it to broader malicious campaigns. Silver Fox attackers weaponized a Microsoft-signed driver (amsdk.sys v1.0.600) from WatchDog Anti-malware in BYOVD attacks to disable security tools, deploying ValleyRAT malware on compromised systems. A malicious npm package named nodejs-smtp, masquerading as the legitimate nodemailer library, was found injecting code into Atomic and Exodus cryptocurrency wallet applications on Windows, having been downloaded 347 times before detection.