<![CDATA[Our CERT is releasing a new research into UNC2465, a ransomware affiliate actively distributing Qilin across Europe 🇪🇺.]]>

<![CDATA[Our CERT is releasing a new research into UNC2465, a ransomware affiliate actively distributing Qilin across Europe 🇪🇺.]]>Our CERT is releasing a new research into UNC2465, a ransomware affiliate actively distributing Qilin across Europe

A TLP:RED version of this research was presented during @botconf
2026.

https://www.orangecyberdefense.com/global/blog/cert-news/smoking-out-an-affiliate-smokedham-qilin-a-few-google-ads-and-some-bossware

UNC2465 primarily relies on malvertising to distribute the SmokedHam backdoor. By pivoting on its delivery infrastructure, we identified a large number of spoofed software like RVTools, @hornetsecurity
, Angry IP Scanner, Remote Desktop Manager...

UNC2465 also relies on bossware like ControlioNet and Teramindco to further blend malicious actions with normal activity and avoid detection.

IOCs are available here:

https://github.com/cert-orangecyberdefense/cti/blob/main/smokedham/iocs

#CTI #ThreatIntel #SmokedHam #UNC2465 #ransomware #Qilin #rvtools #bossware

]]>https://board.circlewithadot.net/topic/eebd5525-1c4e-42b2-8a6b-36c8c25b7046/our-cert-is-releasing-a-new-research-into-unc2465-a-ransomware-affiliate-actively-distributing-qilin-across-europe-.RSS for NodeFri, 15 May 2026 02:38:22 GMTTue, 05 May 2026 10:35:11 GMT60