Russian hackers trojanize WebEx, Zoom apps to push Starland malware
Security researchers have identified a sophisticated malware campaign targeting corporate users through compromised WebEx and Zoom installation files.
Velocity
How fast coverage is spreading — measured hourly from article rate × source diversity. How this works →
The brief
A campaign linked to Russian threat actors is utilizing trojanized installers for popular business communication tools, WebEx and Zoom, to deploy the Starland remote access trojan (RAT). The operation also utilizes a bespoke WLDR command-and-control implant to facilitate the activity.
Coverage from BleepingComputer, IT Pro, Security Affairs, Intelligent CISO, and the Cisco Talos Blog emphasizes the deployment of the UAT-11795 threat group. Reports highlight that this financially motivated campaign is actively impacting organizations across the United States and Europe.
Future developments hinge on mitigation efforts by Cisco and other security entities. Coverage does not yet specify the total reach of the infection or the specific financial targets of the UAT-11795 group.
Synthesized by headlinez.news from the headlines below under a strict no-invention contract. Updated 11m ago.
Quick answers
What software is being exploited in this campaign?
The campaign uses trojanized installers for the business communication applications WebEx and Zoom.
What malware is associated with these attacks?
The attacks deploy the Starland remote access trojan and a bespoke WLDR command-and-control implant.
Who is behind the campaign?
Cisco Talos attributes the activity to a group identified as UAT-11795, reportedly based in Russia.
Coverage (5)
- Researchers warn of malware campaign using trojanised business software Intelligent CISO · 2d ago
- New Russian Campaign Uses Fake Webex and Zoom Installers to Deploy Starland RAT Security Affairs · 2d ago
- Cisco sounds alarm over new Russian malware campaign hitting firms in US and Europe IT Pro · 2d ago
- UAT-11795 deploys novel Starland RAT and bespoke WLDR C2 implant in financially motivated campaign Cisco Talos Blog · 2d ago
- Russian hackers trojanize WebEx, Zoom apps to push Starland malware BleepingComputer · 2d ago
Topics
Related trends
The Zoom hack that says, ‘Don’t record me’
Zoom users are seeking ways to block AI transcription tools as concerns grow over the pervasiveness of automated meeting recordings.
New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code
A critical remote code execution vulnerability identified as CVE-2026-63030, dubbed 'wp2shell', is impacting WordPress core systems.
Coca-Cola halts U.S. Fairlife milk production after cyberattack hits systems, company says
Coca-Cola has paused production for its Fairlife milk brand following a confirmed cyberattack on the company's systems.
GTA 6 Leaker Freed From Secure Hospital, But New Trial Awaits
Arion Kurtaj, the hacker behind the Grand Theft Auto 6 leak, has been released from a secure hospital and is now remanded in custody for a pending retrial.
Coca-Cola suspended production at its Fairlife dairy after a ransomware attack
Coca-Cola has paused all U.S. production of its Fairlife dairy brand following a ransomware attack that breached the company’s internal systems.
1Password now lets Claude sign in to websites without seeing your passwords
1Password and Anthropic have introduced a new integration allowing Claude AI agents to authenticate into websites without accessing underlying user credentials.