talos · Crawled Jul 5, 2026

Close Encounters of the Human Kind

12 IoCs 1 Actors 1 Malware
Read original article ↗

AI Summary

Cisco Talos observed a large-scale credential-harvesting campaign targeting over 30,000 Fortinet devices across nearly 200 countries. The campaign leverages known vulnerabilities in Fortinet firewalls and VPN gateways to steal credentials and maintain persistent access. Additionally, fileless variants of Phantom Stealer malware are being used to target browser credentials, employing anti-analysis techniques to evade detection. These threats highlight ongoing exploitation of internet-facing infrastructure and the need for robust patching and multi-factor authentication.

AI-extracted · verify before operational use

Extracted Entities 2 found

Indicators of Compromise 12 extracted

Type Value Detail
SHA-256 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507 Details →
MD5 2915b3f8b703eb744fc54c81f4a9c67f Details →
Filename VID001.exe Details →
SHA-256 c0ad494457dcd9e964378760fb6aca86a23622045bca851d8f3ab49ec33978fe Details →
MD5 bf9672ec85283fdf002d83662f0b08b7 Details →
Filename f_000cd7.html Details →
SHA-256 9896a6fcb9bb5ac1ec5297b4a65be3f647589adf7c37b45f3f7466decd6a4a7f Details →
MD5 38de5b216c33833af710e88f7f64fc98 Details →
Filename SECOH-QAD.exe Details →
SHA-256 e60ab99da105ee27ee09ea64ed8eb46d8edc92ee37f039dbc3e2bb9f587a33ba Details →
MD5 dbd8dbecaa80795c135137d69921fdba Details →
Filename u992574.dll Details →