PhantomCaptcha Cyberattack Targets Humanitarian Groups

Cyber Security News by CyberSum.net

Published on October 23, 2025 at 03:00 PM

8 sources

A highly coordinated cyberattack, codenamed PhantomCaptcha, targeted major humanitarian and government groups supporting war relief efforts. The attack, launched on October 8th, 2025, involved fake emails and a tricky captcha trap to deploy a remote access trojan. The attackers spent six months preparing, suggesting skilled operators. The campaign had similarities with COLDRIVER, a threat group linked to a certain intelligence agency. The attack used a multi-stage WebSocket-based RAT, capable of giving attackers remote control over victims' computers to steal data. The attackers' meticulous planning and swift takedown indicate a high level of operational planning. The researchers also found a potential link to a separate mobile campaign involving fake Android apps designed to steal personal information.

Also Read

BRONZE BUTLER Exploits Zero-Day in LANSCOPE Endpoint Manager

In mid-2025, Secureworks CTU researchers uncovered a sophisticated cyber campaign by the BRONZE BUTLER group, exploiting a zero-day vulnerability in Motex LANSCOPE Endpoint Manager. This campaign, which has been ongoing for over a decade, targets specific organizations and government entities. The vulnerability, CVE-2025-61932, allows remote attackers to execute arbitrary commands with SYSTEM privileges. The group used advanced malware like Gokcpdoor and Havoc, alongside legitimate tools for reconnaissance and data exfiltration. International cybersecurity authorities quickly responded, highlighting the severity of the threat.

By Cyber Security News by CyberSum.netOctober 31, 2025 at 06:00 PM