Qilin Ransomware Targets Windows via Remote Tools

Cyber Security News by CyberSum.net

Published on October 27, 2025 at 04:45 PM

4 sources

The Qilin ransomware group used Linux binaries on Windows to evade EDRs, steal backups, and disable defenses via BYOVD attacks. Trend Research found that the group deployed a Linux ransomware binary on Windows systems using legitimate remote tools, bypassing Windows defenses and EDRs. The attackers abused AnyDesk via ATERA RMM, ScreenConnect, and MeshCentral to evade detection, and used BYOVD for defense evasion. Attackers also stole Veeam backup credentials to block recovery. Trend Micro highlights that the cross-platform tactic bypasses Windows-focused security controls.

Also Read

New SesameOp Backdoor Malware Uses OpenAI API for C2

Microsoft security researchers have discovered a new backdoor malware named SesameOp that uses the OpenAI Assistants API for covert command-and-control (C2) communications. The malware, found during a July 2025 cyberattack investigation, allows attackers to gain persistent access and remotely manage compromised devices. SesameOp leverages legitimate cloud services to avoid detection, encrypts harvested information, and establishes persistence through internal web shells. Microsoft advises security teams to audit firewall logs, enable tamper protection, and monitor unauthorized connections to mitigate the impact.

By Cyber Security News by CyberSum.netNovember 4, 2025 at 03:00 AM