Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels

Overview

Cybersecurity researchers have discovered a remote access toolkit of Russian-origin that's distributed via malicious Windows shortcut (LNK) files that are disguised as private key folders. The CTRL toolkit, according to Censys, is custom-built using .NET and includes various executables" to facilitate credential phishing, keylogging, Remote Desktop Protocol (RDP) hijacking, and reverse tunneling

Organisations Involved

The following organisations are mentioned in relation to this incident: Files Hijacks, Remote Desktop Protocol, Toolkit Delivered, Tunnels
Cybersecurity.

Multi-Source Coverage

This event has been reported across multiple outlets:

• Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels — thehackernews

Sources: thehackernews. Aggregated by Cybernews Agency pipeline.