CyberSecurityBoard
Sponsor Register Login

New Stealthy ResolverRAT With Advanced in-memory Execution Techniques

A newly identified remote access trojan (RAT) dubbed ResolverRAT has emerged as a significant threat to global enterprises, leveraging advanced in-memory execution and multi-layered evasion techniques to bypass traditional security measures. Morphisec said in a report shared with Cyber Security News that the most recent attack wave was observed on March 10, 2025, underscoring its active deployment in sophisticated cyberespionage campaigns. The attack targeting healthcare and pharmaceutical organizations, this malware family employs runtime resource resolution, encrypted payloads, and certificate-pinned command-and-control (C2) infrastructure to maintain stealth. ResolverRAT’s loader uses AES-256 encryption with keys stored as obfuscated integers, decrypted at runtime via the .NET System.Security.Cryptography namespace. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. This technique evades security tools monitoring traditional injection vectors by bypassing Win32 API calls and file system operations. Morphisec advocates for Automated Moving Target Defense (AMTD), which preemptively disrupts attack chains by randomizing memory layouts and blocking unauthorized code execution. As threat actors refine their evasion capabilities, organizations must adopt proactive defense mechanisms capable of neutralizing advanced persistent threats before they establish footholds. The emergence of ResolverRAT highlights the escalating sophistication of cyber threats leveraging runtime dynamics and cryptographic obfuscation. Continuous monitoring of phishing trends and investment in behavioral analysis technologies will be critical to mitigating risks posed by such stealthy malware families. Registry keys and file paths are obfuscated via XOR operations, and the malware maintains a fallback hierarchy to ensure persistence even if some methods fail. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. Examples include Hindi-language lures referencing “जाँच प्रक्रिया में दर्ज किए गए दस्तावेज़” (“Documents recorded during the investigation process”) and Italian emails titled “Documento per confermare la violazione del copyright”.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 14 Apr 2025 16:55:19 +0000


Cyber News related to New Stealthy ResolverRAT With Advanced in-memory Execution Techniques

New ResolverRAT malware targets pharma and healthcare orgs worldwide - "This resource resolver hijacking represents malware evolution at its finest – utilizing an overlooked .NET mechanism to operate entirely within managed memory, circumventing traditional security monitoring focused on Win32 API and file system ...
1 day ago Bleepingcomputer.com
New Stealthy ResolverRAT With Advanced in-memory Execution Techniques - A newly identified remote access trojan (RAT) dubbed ResolverRAT has emerged as a significant threat to global enterprises, leveraging advanced in-memory execution and multi-layered evasion techniques to bypass traditional security measures. ...
1 day ago Cybersecuritynews.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
20 Best Endpoint Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive endpoint security against many threats.The user interface may overwhelm some users.Machine learning for real-time threat detection.Integration with existing systems may be complex.A central management ...
1 week ago Cybersecuritynews.com
Purple teaming and the role of threat categorization - Red team assessment, penetration testing, and even purple team assessments are all designed to answer these questions. As attacks get more complex, these assessments struggle to provide comprehensive answers. These assessment services typically test ...
1 year ago Helpnetsecurity.com
Cybersecurity Weekly Recap: Key Updates on Attacks, Vulnerabilities, & Data Breaches - A critical flaw (CVE-2025-24813) in Apache Tomcat allows attackers to take control of servers or steal sensitive data via malicious file uploads. We’ll also review recent regulatory developments, such as the European Union’s General Data ...
1 week ago Cybersecuritynews.com CVE-2025-24813 Qilin
20 Best Remote Monitoring Tools - 2025 - What is Good ?What Could Be Better ?Strong abilities to keep an eye on devices and systems.Some parts may take time to figure out.It gives you tools for remote control and troubleshooting.There could be more ways to change things.Lets you automate ...
2 weeks ago Cybersecuritynews.com
CISA's Flags Memory-Unsafe Code in Major Open Source Projects - A comprehensive new study has unearthed fresh details on the extensive and troubling use of memory-unsafe code in major open source software projects. The chances that fresh insight on a long known issue will spur any immediate changes to the ...
9 months ago Darkreading.com
East Texas hospital network can't receive ambulances because of potential cybersecurity incident - GetTime();if(!(u<=a&&d<=l throw new RangeError("Invalid interval");return r.inclusive?u<=l&&d<=a:ut||isNaN(t. Step):1;if(s<1||isNaN(s throw new RangeError("`options. Step):1;if(l<1||isNaN(l throw new RangeError("`options. GetTime()<=n throw new ...
1 year ago Cnn.com
Why Is an Australian Footballer Collecting My Passwords? The Various Ways Malicious JavaScript Can Steal Your Secrets - Unit 42 researchers have observed threat actors using malicious JavaScript samples to steal sensitive information by abusing popular survey sites, low-quality hosting and web chat APIs. In this article, we'll describe some of the tactics used by ...
1 year ago Unit42.paloaltonetworks.com
Flipping the BEC funnel: Phishing in the age of GenAI - For years, phishing was just a numbers game: A malicious actor would slap together an extremely generic email and fire it out to thousands of recipients in the hope that a few might take the bait. Common among these new techniques was a shift towards ...
1 year ago Helpnetsecurity.com
10 Best Event Monitoring Tools in 2025 - What Could Be Better?Offers alerting and notification options that can be changed based on conditions already set.Offers a lot of ways to keep track of different IT components, services, and applications.Nagios can send out too many alerts and make ...
1 month ago Cybersecuritynews.com
New NKAbuse malware abuses NKN blockchain for stealthy comms - A new Go-based multi-platform malware identified as 'NKAbuse' is the first malware abusing NKN technology for data exchange, making it a stealthy threat. NKN is a relatively new decentralized peer-to-peer network protocol leveraging blockchain ...
1 year ago Bleepingcomputer.com
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks - Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet, that uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for ...
10 months ago Microsoft.com
CISA Report Finds Most Open-Source Projects Contain Memory-Unsafe Code - More than half of open-source projects contain code written in a memory-unsafe language, a report from the U.S.'s Cybersecurity and Infrastructure Security Agency has found. Memory-unsafe means the code allows for operations that can corrupt memory, ...
9 months ago Techrepublic.com
New York's cyber chief on keeping cities and states safe from cyberattacks | The Record from Recorded Future News - And so we think that that'll continue to evolve the security posture of New York State in a way that first and foremost provides the public good, which is, if a government service is not secure, it can't be considered reliable. We're ...
2 weeks ago Therecord.media
How to Track Advanced Persistent Threats (APT) Using Threat Intelligence Lookup Tool - – Exploitation of zero-day vulnerabilities or watering hole attacks (compromising websites frequented by the target).Establishing a Foothold– Attackers deploy malware to create backdoors or tunnels for undetected movement within the ...
2 months ago Cybersecuritynews.com APT41
10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
1 month ago Cybersecuritynews.com
Hackers use Citrix Bleed flaw in attacks on govt networks worldwide - Threat actors are leveraging the 'Citrix Bleed' vulnerability, tracked as CVE-2023-4966, to target government, technical, and legal organizations in the Americas, Europe, Africa, and the Asia-Pacific region. Researchers from Mandiant report that four ...
1 year ago Bleepingcomputer.com CVE-2023-4966 CVE-2023-3966
Turkish hackers Sea Turtle expand attacks to Dutch ISPs, telcos - The Turkish state-backed cyber espionage group tracked as Sea Turtle has been carrying out multiple spying campaigns in the Netherlands, focusing on telcos, media, internet service providers, and Kurdish websites. Previously, Sea Turtle, also known ...
1 year ago Bleepingcomputer.com
Cybersecurity Weekly Recap: Latest on Attacks, Vulnerabilities, & Data Breaches - A critical SSRF vulnerability in Microsoft Power Platform’s SharePoint connector allowed attackers to impersonate users and access sensitive data. Ivanti patched a critical command injection vulnerability in its Cloud Services Appliance (CSA), ...
1 month ago Cybersecuritynews.com CVE-2025-0108 CVE-2024-53704 CVE-2024-52875 CVE-2023-20198 CVE-2023-20273 Winnti Group
Understanding the New SEC Rules for Disclosing Cybersecurity Incidents - The U.S. Securities and Exchange Commission recently announced its new rules for public companies regarding cybersecurity risk management, strategy, governance, and incident exposure. "Currently, many public companies provide cybersecurity disclosure ...
1 year ago Feeds.dzone.com
New Stealthy Malware 'Waiting Thread Hijacking' Technique Bypasses Modern Defenses - Unlike traditional thread hijacking, which requires suspending and resuming threads using easily monitored APIs like SuspendThread and ResumeThread, WTH targets threads already in a waiting state, eliminating the need for suspicious thread ...
12 hours ago Cybersecuritynews.com
HijackLoader With New Modules to Hide Functions & Detect Malware Analysis - This method manipulates the stack frames to hide malicious activity by replacing actual return addresses with addresses from legitimate system DLLs, making it difficult for security tools to identify suspicious function calls. Zscaler researchers ...
2 weeks ago Cybersecuritynews.com
Year in Malware 2023: Recapping the major cybersecurity stories of the past year - Botnets kept coming back from the dead, ransomware actors found new ways to make money through data theft extortion and threat actors and malware who have been around for more than a decade find ways to stay relevant. After Microsoft blocked macros ...
1 year ago Blog.talosintelligence.com CVE-2023-44487 Lazarus Group Rhysida

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)