April 22, 2025 By Tushar Subhra Dutta
Cybersecurity experts have identified a sophisticated attack campaign exploiting Cloudflare’s tunnel infrastructure to distribute various remote access trojans (RATs).
The infrastructure, which has demonstrated remarkable resilience since February 2024, serves as a distribution platform for malicious files and trojans that enable attackers to gain unauthorized access to victims’ systems.
Security vendors including Forcepoint, Fortinet, Orange, and Proofpoint have documented this persistent threat, highlighting its evolving nature and growing impact on organizations worldwide.
The primary infection vector begins with deceptive phishing emails containing malicious attachments disguised as invoices or orders.
These emails often create false urgency and may include fabricated conversation threads with forged replies to appear legitimate.