SECUINFRA Falcon Team
Digital Forensics & Incident Response experts
The SECUINFRA Falcon Team is specialized in the areas of Digital Forensics (DF) and Incident Response (IR). This includes classic host-based forensics, but also topics such as malware analysis or compromise assessment.
In addition to the activities for which we are responsible within the scope of customer orders, the Falcon team is also responsible for the operation, further development and research of various projects and topics in the DF/IR area. These include, for example, threat intelligence or the creation of detection rules based on Yara.
As part of an incident response operation, the SECUINFRA Falcon team identified an interesting malware sample codenamed "CommieLoader" masquerading as an application form.
CommieLoader installed a Cobalt Strike Beacon, which was used by the attacker for command-and-control communication
In March 2026, a previously unknown zero-day exploit was discovered in Adobe Reader that is being actively exploited via a specially crafted PDF document. Building on the initial findings of security researcher Haifei Li, this article provides a detailed analysis of the technical structure and functionality of the malicious PDF. It reveals a highly obfuscated attack chain featuring sophisticated obfuscation techniques, fingerprinting mechanisms, and unusual command-and-control communication via RSS feeds.
The incident showcased in this article was detected by the SECUINFRA Cyber Detection & Response Center (CDRC) as part of an MDR alert. The Falcon Team contributed relevant findings about the malware for handling and mitigation. This case serves as a good example of a complex "Clickfix"-style attack chain with steganographic elements.
The SECUINFRA Falcon team has investigated the “Nitrogen” ransomware variant. We discovered that significant parts of the implementation originate from the leaked source code of CONTI Ransomware.
A free survival game called "PirateFi" on the Steam online game store has been distributing the information-stealing malware Vidar to unsuspecting players. Last week, Valve removed a game from its online store because users raised concerns about malware warnings from anti-virus software after launching the game.
After removing the game, the SECUINFRA Falcon team analyzed the malware and determined that the game was an attempt to trick players into installing an infodump called "Vidar". As the game advertisement contained references to cryptocurrencies and blockchain technology, we believe this was a lure specifically targeting players interested in these topics.
Edge infrastructure, such as internet-exposed firewalls, routers, VPN-Gateways etc. are a common initial access target for cybercrime and espionage actors since these appliances are challenging to defend. According to the vulnerability discovery service LeakIx as many as 30 thousand internet-exposed Cisco devices may already have been compromised...
ENISA and CERT-EU warned about malicious activities against EU governments and businesses attributed to Chinese APTs.
In this news the SECUINFRA Falcon team informs about the current Epoch4 (E4) Cluster spam campaign and the threat it poses to businesses.
Today many businesses rely on virtualization technology to run and scale their infrastructure. One of the most popular Hypervisor systems on the market is VMware ESXi, which is regularly targeted in Ransomware attacks for the last 3+ years to increase damage to the victims IT systems.
Due to recent events, the SECUINFRA Falcon Team strongly recommends updating the firmware of VPN/remote access solutions from the manufacturers SonicWall, Fortinet and Citrix.