posted
updated
We examine how Kaspersky Anti Targeted Attack detects the network activity of AdaptixC2 agents across HTTP/S, TCP, SMB, and other protocols, and how EDR solutions identify post-exploitation activities on a host.
![On April 9, 2026, the website cpuid[.]com, hosting installers for popular system administration software CPU-Z, HWMonitor (HWMonitor Pro) and Perfmonitor 2, was compromised. We observed that starting from approximately April 9, 15:00 UTC, until about April 10, 10:00 UTC, the legitimate download URLs for installers of that software have been replaced with URLS to the following malicious websites:](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2026/04/10145014/pingpongsuperman_CPU_is_burning_ultra_detailed_sharp_focus_8k_495f9cb6-fa56-4ea8-ad14-88d8c7c8805a_3-gigapixel-redefine-creative-2x-800x450.jpeg){kind=tracking}
posted
updated UPD
In April 2026, cpuid.com delivered trojanized CPU-Z and HWMonitor installers with STX RAT. 150+ victims in Brazil, Russia, China.
Kaspersky researchers analyze updated CoolClient backdoor and new tools and scripts used in HoneyMyte (aka Mustang Panda or Bronze President) APT campaigns, including three variants of a browser data stealer.
Kaspersky discloses a 2025 HoneyMyte (aka Mustang Panda or Bronze President) APT campaign, which uses a kernel-mode rootkit to deliver and protect a ToneShell backdoor.
Kaspersky GReAT experts analyze the Evasive Panda APT’s infection chain, including shellcode encrypted with DPAPI and RC5, as well as the MgBot implant.
Kaspersky expert describes new malicious tools employed by the Cloud Atlas APT, including implants of their signature backdoors VBShower, VBCloud, PowerShower, and CloudAtlas.
