PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks

2026-04-27

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

PhantomCore, a pro-Ukrainian hacktivist group, has been exploiting a chain of three TrueConf Server vulnerabilities (CVSS scores 7.5, 7.5, and 9.8) to breach Russian networks since September 2025.

•The attack chain bypasses authentication via insufficient access control, arbitrary file reading, and command injection vulnerabilities to execute remote commands on TrueConf servers.
•PhantomCore developed exploits for vulnerabilities with no prior public exploits, demonstrating significant research capabilities despite patches being released on August 27, 2025.
•Successful compromises enable lateral movement using custom tools (PhantomPxPigeon, PhantomSscp, MacTunnelRat) combined with public tools (Velociraptor, DumpIt, MemProcFS) for reconnaissance, credential harvesting, and persistence.
•The group establishes multiple communication channels including PHP-based web shells, SSH tunnels, and SOCKS proxies to maintain access and control compromised hosts.

PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

Building a safe, effective sandbox to enable Codex on Windows

Mitigate credential exposure in Windows environments with Boundary and Vault

Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation

[Webinar] Why Your AppSec Tools Miss the "Lethal Path" (and How to Fix It)