Security Advisories

 FatalRAT has significant re-purposing potential for intellectual property theft, corporate espionage, and disruption in sectors like government, finance, and technology. Its ability to evade detection and exploit vulnerabilities means it could easily target other industries globally. This makes it a growing threat, as it can be adjusted to target regions and sectors outside of its current focus. Given its evolving nature, FatalRAT poses a major risk not just to Chinese-speaking targets, but to global organizations. Its capabilities underline the critical need for robust cybersecurity and proactive threat defenses to protect against such highly adaptable threats. 

Silent Lynx, an Advanced Persistent Threat (APT) group first identified in early 2025, has been observed orchestrating highly targeted cyber operations against government entities, financial institutions, and think tanks in Kyrgyzstan and Turkmenistan. Their reach extends beyond these borders, infiltrating organizations across Eastern Europe and other Central Asian nations, with a particular emphasis on entities engaged in economic policymaking and the banking sector.  Demonstrating a high degree of operational sophistication, Silent Lynx employs a meticulously crafted, multi-stage attack strategy. Their arsenal includes ISO-based infection chains, C++ developed loaders, obfuscated PowerShell scripts, and resilient Golang implants—each component designed to evade traditional security measures while maintaining persistent access to compromised systems.  Notably, the group's reliance on Telegram bots for command-and-control (C2) operations, coupled with the strategic use of decoy documents tailored to regional interests, underscores their espionage-driven objectives within Central Asia and nations under the UN Special Programme for the Economies of Central Asia (SPECA). The complexity of these campaigns poses significant detection and mitigation challenges for targeted organizations. Given the evolving nature of Silent Lynx’s tactics, CyberStash anticipates that their operations will expand to additional regions in the near future.

 First identified in late 2024, NonEuclid is an advanced Remote Access Trojan (RAT) specifically designed to target Windows systems. Actively promoted on underground channels such as Discord and YouTube, it is distributed through spear-phishing campaigns and the exploitation of software vulnerabilities, making it a versatile and highly effective tool for cybercriminals.What sets NonEuclid apart is its ability to evade robust security measures, including the Anti-Malware Scan Interface (AMSI) and User Account Control (UAC). This capability enables it to execute a range of malicious activities, including data exfiltration, keylogging, and facilitating ransomware attacks. The sophisticated nature of this malware poses a significant threat to both individuals and organisations, underscoring the critical need for proactive and layered cybersecurity defences. By leveraging advanced evasion techniques, NonEuclid poses a critical risk to organisations relying solely on Microsoft Defender for endpoint security.While Microsoft Defender provides baseline protection, its effectiveness can be undermined by NonEuclid’s ability to bypass key defences, such as the Anti-Malware Scan Interface (AMSI) and User Account Control (UAC). This leaves endpoints vulnerable to data exfiltration, keylogging, and ransomware attacks, potentially leading to significant financial and reputational damage.To mitigate these risks, organisations must adopt a multi-layered security approach that combines robust endpoint detection…