Malicious NuGet Packages Target Databases and Siemens PLCs

Cyber Security News by CyberSum.net

Published on November 8, 2025 at 06:00 PM

3 sources

Researchers discovered nine malicious NuGet packages designed to sabotage database operations and Siemens S7 industrial control systems. These packages, published under the developer name shanhai666, contain legitimate functionality alongside harmful code scheduled to activate between 2027 and 2028. The most dangerous package, Sharp7Extend, targets Siemens PLCs with dual sabotage mechanisms, including immediate process termination and delayed write corruption. Organizations are advised to audit their systems for these packages and assume compromise if found.

Also Read

DragonForce Ransomware Evolves with BYOVD Techniques

The Acronis Threat Research Unit has identified a new DragonForce ransomware variant that uses Bring Your Own Vulnerable Driver (BYOVD) techniques to disable security software. The updated malware addresses previous encryption flaws and showcases a dramatic evolution in technical sophistication. Originally emerging in 2023, DragonForce rebranded itself as a cartel, attracting affiliates with customizable encryptors and infrastructure access. The group has become more aggressive, increasing global victim postings and expanding collaborations. Its most prominent campaign involved a joint attack on a major retailer alongside the Scattered Spider intrusion group. Acronis notes the inclusion of an encrypted configuration file and the use of vulnerable drivers to forcibly kill antivirus and EDR software.

By Cyber Security News by CyberSum.netNovember 11, 2025 at 06:00 AM