"Most of this week's threats didn't rely on new tricks. They relied on familiar systems behaving exactly as designed, just in the wrong hands. Ordinary files, routine services, and trusted workflows were enough to open doors without forcing them. What stands out is how little friction attackers now need. Some activity focused on quiet reach and coverage, others on timing and reuse. The emphasis wasn't speed or spectacle, but control gained through scale, patience, and misplaced trust."
"SpecterOps researcher Daniel Mayer has released a beacon object file ( BOF) - a compiled C program designed to run within the memory of a post-exploitation agent like Cobalt Strike Beacon - that interacts with the Windows Subsystem for Linux (WSL) by directly invoking the WSL COM service, avoiding process creation for "wsl.exe" entirely and allowing operators to list all installed WSL distributions and execute arbitrary commands on any WSL distribution that the BOF finds."
"A 33-year-old former IT consultant for Sweden's Armed Forces has been detained on suspicion of passing information to Russia's intelligence service, according to the Swedish Prosecution Authority. The suspected criminal activity took place throughout 2025 and until January 4, 2026, but Swedish authorities suspect the espionage may have been ongoing since 2022, when Russia launched its full-scale invasion of Ukraine. The suspect, who has denied any wrongdoing, worked as an IT consultant for the Swedish military from 2018 to 2022, per the AFP."
Most threats leveraged existing systems and trusted workflows rather than novel exploits, allowing ordinary files, routine services, and designed behaviors to enable access when misused. Attackers now require very little friction, favoring quiet reach, broad coverage, precise timing, and reuse over speed or spectacle. The strategic focus is on gaining control through scale, patience, and exploitation of misplaced trust. Concrete examples include a beacon object file that interacts with WSL via the COM service to avoid creating wsl.exe processes and a military-linked espionage investigation involving a former Swedish Armed Forces IT consultant suspected of passing information to Russia.
#wsl-abuse #beacon-object-file-bof #espionage-sweden-russia #trusted-workflow-exploitation #low-friction-attacks
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]