URL has been copied successfully!
STOCKSTAY Malware Uses WebSocket C2, RSA Encryption, and Environmental Keying for Stealth
URL has been copied successfully!

Collecting Cyber-News from over 60 sources

STOCKSTAY Malware Uses WebSocket C2, RSA Encryption, and Environmental Keying for Stealth


Tags: , , , , ,

Analysis of a .NET backdoor tracked as STOCKSTAY exposes a mature, modular espionage implant actively developed and deployed by the Russia-linked Turla cluster since at least December 2022. STOCKSTAY demonstrates several operational techniques designed to maximize stealth and survivability: secure WebSocket-based C2, asymmetric encryption using a 4096-bit RSA keypair, inter-component IPC, and environment-based keying of […] The post STOCKSTAY Malware Uses WebSocket C2, RSA Encryption, and Environmental Keying for Stealth appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

First seen on gbhackers.com

Jump to article: gbhackers.com/stockstay-malware-uses-websocket-c2/

Loading

Share via Email
Share on Facebook
Tweet on X (Twitter)
Share on Whatsapp
Share on LinkedIn
Share on Xing
Copy link

also interesting:

  1. Top 10 Cybersecurity Predictions for 2026
  2. Russian APT Turla Wields Novel Backdoor Malware Against Polish NGOs
  3. AI development pipeline attacks expand CISOs’ software supply chain risk
  4. China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures