<ciso brief/>
Tag Banner

All news with #antsword tag

all tags →

Wed, October 8, 2025

Threat actors repurpose open-source monitor as beacon

#Active Exploitation #Backdoor Found #Nezha #Ghost RAT #AntSword #Web Shell #DGA

⚠️ Attackers linked to China turned a benign open-source network monitoring agent into a remote access beacon using log poisoning and a tiny web shell. Huntress says they installed the legitimate Nezha RMM via a poisoned phpMyAdmin log and then deployed Ghost RAT for deeper persistence. The intrusion affected more than 100 hosts across Taiwan, Japan, South Korea, and Hong Kong and was contained in August 2025.

read more →