CyberSecurityBoard
Sponsor Register Login

New Stealthy ResolverRAT With Advanced in-memory Execution Techniques

A newly identified remote access trojan (RAT) dubbed ResolverRAT has emerged as a significant threat to global enterprises, leveraging advanced in-memory execution and multi-layered evasion techniques to bypass traditional security measures. Morphisec said in a report shared with Cyber Security News that the most recent attack wave was observed on March 10, 2025, underscoring its active deployment in sophisticated cyberespionage campaigns. The attack targeting healthcare and pharmaceutical organizations, this malware family employs runtime resource resolution, encrypted payloads, and certificate-pinned command-and-control (C2) infrastructure to maintain stealth. ResolverRAT’s loader uses AES-256 encryption with keys stored as obfuscated integers, decrypted at runtime via the .NET System.Security.Cryptography namespace. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. This technique evades security tools monitoring traditional injection vectors by bypassing Win32 API calls and file system operations. Morphisec advocates for Automated Moving Target Defense (AMTD), which preemptively disrupts attack chains by randomizing memory layouts and blocking unauthorized code execution. As threat actors refine their evasion capabilities, organizations must adopt proactive defense mechanisms capable of neutralizing advanced persistent threats before they establish footholds. The emergence of ResolverRAT highlights the escalating sophistication of cyber threats leveraging runtime dynamics and cryptographic obfuscation. Continuous monitoring of phishing trends and investment in behavioral analysis technologies will be critical to mitigating risks posed by such stealthy malware families. Registry keys and file paths are obfuscated via XOR operations, and the malware maintains a fallback hierarchy to ensure persistence even if some methods fail. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. Examples include Hindi-language lures referencing “जाँच प्रक्रिया में दर्ज किए गए दस्तावेज़” (“Documents recorded during the investigation process”) and Italian emails titled “Documento per confermare la violazione del copyright”.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 14 Apr 2025 16:55:19 +0000


Cyber News related to New Stealthy ResolverRAT With Advanced in-memory Execution Techniques

New ResolverRAT malware targets pharma and healthcare orgs worldwide - "This resource resolver hijacking represents malware evolution at its finest – utilizing an overlooked .NET mechanism to operate entirely within managed memory, circumventing traditional security monitoring focused on Win32 API and file system ...
1 week ago Bleepingcomputer.com
New Stealthy ResolverRAT With Advanced in-memory Execution Techniques - A newly identified remote access trojan (RAT) dubbed ResolverRAT has emerged as a significant threat to global enterprises, leveraging advanced in-memory execution and multi-layered evasion techniques to bypass traditional security measures. ...
1 week ago Cybersecuritynews.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
How To Implementing MITRE ATT&CK In SOC Workflows - A Step-by-Step Guide - By understanding the framework, mapping your current capabilities, developing targeted detection and response strategies, and integrating ATT&CK into your tools and processes, you can build a proactive, threat-informed defense that evolves ...
2 days ago Cybersecuritynews.com
Using Memory Forensics Tools To Enhance Advanced Incident Response - By combining proper tools, trained personnel, and well-defined procedures, organizations can leverage memory forensics to significantly enhance their incident response capabilities and improve their overall security posture against increasingly ...
4 days ago Cybersecuritynews.com
20 Best Endpoint Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive endpoint security against many threats.The user interface may overwhelm some users.Machine learning for real-time threat detection.Integration with existing systems may be complex.A central management ...
2 weeks ago Cybersecuritynews.com
Purple teaming and the role of threat categorization - Red team assessment, penetration testing, and even purple team assessments are all designed to answer these questions. As attacks get more complex, these assessments struggle to provide comprehensive answers. These assessment services typically test ...
1 year ago Helpnetsecurity.com
Using Threat Intelligence To Combat Advanced Persistent Threats (APTs) - By incorporating threat intelligence feeds into security operations, organizations gain valuable insights into the tactics, techniques, and procedures (TTPs) used by known APT groups. Modern platforms integrate contextual intelligence feeds, helping ...
1 week ago Cybersecuritynews.com
Cybersecurity Weekly Recap: Key Updates on Attacks, Vulnerabilities, & Data Breaches - A critical flaw (CVE-2025-24813) in Apache Tomcat allows attackers to take control of servers or steal sensitive data via malicious file uploads. We’ll also review recent regulatory developments, such as the European Union’s General Data ...
2 weeks ago Cybersecuritynews.com CVE-2025-24813 Qilin
20 Best Remote Monitoring Tools - 2025 - What is Good ?What Could Be Better ?Strong abilities to keep an eye on devices and systems.Some parts may take time to figure out.It gives you tools for remote control and troubleshooting.There could be more ways to change things.Lets you automate ...
3 weeks ago Cybersecuritynews.com
CISA's Flags Memory-Unsafe Code in Major Open Source Projects - A comprehensive new study has unearthed fresh details on the extensive and troubling use of memory-unsafe code in major open source software projects. The chances that fresh insight on a long known issue will spur any immediate changes to the ...
9 months ago Darkreading.com
Why Is an Australian Footballer Collecting My Passwords? The Various Ways Malicious JavaScript Can Steal Your Secrets - Unit 42 researchers have observed threat actors using malicious JavaScript samples to steal sensitive information by abusing popular survey sites, low-quality hosting and web chat APIs. In this article, we'll describe some of the tactics used by ...
1 year ago Unit42.paloaltonetworks.com
Flipping the BEC funnel: Phishing in the age of GenAI - For years, phishing was just a numbers game: A malicious actor would slap together an extremely generic email and fire it out to thousands of recipients in the hope that a few might take the bait. Common among these new techniques was a shift towards ...
1 year ago Helpnetsecurity.com
East Texas hospital network can't receive ambulances because of potential cybersecurity incident - GetTime();if(!(u<=a&&d<=l throw new RangeError("Invalid interval");return r.inclusive?u<=l&&d<=a:ut||isNaN(t. Step):1;if(s<1||isNaN(s throw new RangeError("`options. Step):1;if(l<1||isNaN(l throw new RangeError("`options. GetTime()<=n throw new ...
1 year ago Cnn.com
10 Best Event Monitoring Tools in 2025 - What Could Be Better?Offers alerting and notification options that can be changed based on conditions already set.Offers a lot of ways to keep track of different IT components, services, and applications.Nagios can send out too many alerts and make ...
1 month ago Cybersecuritynews.com
New NKAbuse malware abuses NKN blockchain for stealthy comms - A new Go-based multi-platform malware identified as 'NKAbuse' is the first malware abusing NKN technology for data exchange, making it a stealthy threat. NKN is a relatively new decentralized peer-to-peer network protocol leveraging blockchain ...
1 year ago Bleepingcomputer.com
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks - Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet, that uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for ...
10 months ago Microsoft.com
How to Track Advanced Persistent Threats (APT) Using Threat Intelligence Lookup Tool - – Exploitation of zero-day vulnerabilities or watering hole attacks (compromising websites frequented by the target).Establishing a Foothold– Attackers deploy malware to create backdoors or tunnels for undetected movement within the ...
2 months ago Cybersecuritynews.com APT41
New York's cyber chief on keeping cities and states safe from cyberattacks | The Record from Recorded Future News - And so we think that that'll continue to evolve the security posture of New York State in a way that first and foremost provides the public good, which is, if a government service is not secure, it can't be considered reliable. We're ...
3 weeks ago Therecord.media
CISA Report Finds Most Open-Source Projects Contain Memory-Unsafe Code - More than half of open-source projects contain code written in a memory-unsafe language, a report from the U.S.'s Cybersecurity and Infrastructure Security Agency has found. Memory-unsafe means the code allows for operations that can corrupt memory, ...
9 months ago Techrepublic.com
10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
1 month ago Cybersecuritynews.com
Hackers use Citrix Bleed flaw in attacks on govt networks worldwide - Threat actors are leveraging the 'Citrix Bleed' vulnerability, tracked as CVE-2023-4966, to target government, technical, and legal organizations in the Americas, Europe, Africa, and the Asia-Pacific region. Researchers from Mandiant report that four ...
1 year ago Bleepingcomputer.com CVE-2023-4966 CVE-2023-3966
Turkish hackers Sea Turtle expand attacks to Dutch ISPs, telcos - The Turkish state-backed cyber espionage group tracked as Sea Turtle has been carrying out multiple spying campaigns in the Netherlands, focusing on telcos, media, internet service providers, and Kurdish websites. Previously, Sea Turtle, also known ...
1 year ago Bleepingcomputer.com
Cybersecurity Weekly Recap: Latest on Attacks, Vulnerabilities, & Data Breaches - A critical SSRF vulnerability in Microsoft Power Platform’s SharePoint connector allowed attackers to impersonate users and access sensitive data. Ivanti patched a critical command injection vulnerability in its Cloud Services Appliance (CSA), ...
2 months ago Cybersecuritynews.com CVE-2025-0108 CVE-2024-53704 CVE-2024-52875 CVE-2023-20198 CVE-2023-20273 Winnti Group
New Stealthy Malware 'Waiting Thread Hijacking' Technique Bypasses Modern Defenses - Unlike traditional thread hijacking, which requires suspending and resuming threads using easily monitored APIs like SuspendThread and ResumeThread, WTH targets threads already in a waiting state, eliminating the need for suspicious thread ...
1 week ago Cybersecuritynews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)