A new security warning has been issued for Windows users following a rise in the “smoked ham” backdoor threat, traced back to a cybercriminal group called UNC2465.
This group, previously linked to the Darkside ransomware operation, continues to pose a serious risk by using new tactics to deploy malicious payloads.
The smoked ham backdoor, a type of malware, is being spread through phishing emails, malicious Google and Bing ads, and even services like Dropbox and Google Drive.
Once installed, the backdoor gives hackers access to the target’s network, allowing them to steal credentials and move laterally across systems using tools like Mimikatz.
Security researchers from Trac-Labs have warned that while the Darkside ransomware group may be disbanded, affiliates like UNC2465 remain active.
They are using legitimate tools to conduct reconnaissance and exploit Windows systems. This continues to make the landscape dangerous for both individuals and organizations.
While Microsoft, Google, and Dropbox have security measures in place to stop such attacks, cybercriminals constantly evolve, finding new ways to bypass defenses. Experts recommend that all users follow security best practices to safeguard against these ongoing threats.
