With the Unico DM v2, Unison Research makes it clear that evolution, not reinvention is the mission. Now positioned as the flagship power amplifier in the Unico lineup, the DM v2 arrives with a completely renewed, unmistakably Italian design that’s cleaner, more modern, and aligned with the brand’s new visual language—formally introduced alongside the Unico PRE v2. This isn’t a styling exercise for Instagram; it’s a cohesive rethink of how Unico components look, feel, and slot into a contemporary high-end system.
That design confidence isn’t coming out of nowhere. We’ve already spent serious time with Unison Research’s Triode 25 and Simply 845 integrated amplifiers, and both left a lasting impression. Price-sensitive shoppers need not apply, but for listeners who care more about musicality than spreadsheets, they remain two of the most compelling tube amplifiers in their class, combining drop-dead Italian industrial design with a command of tone, texture, and scale that many modern tube amps still struggle to get right. The Unico DM v2 builds on that legacy, just with more power, sharper tailoring, and zero interest in playing it safe.
There’s a clear design pivot happening here. Unison Research has long been celebrated for mixing real hardwoods with machined metal gear that looked handcrafted, tactile, and proudly old-world Italian. The Unico PRE v2 and DM v2don’t abandon that heritage, but they definitely reinterpret it. The lines are cleaner, the surfaces more restrained, and the overall presentation feels less romantic throwback and more contemporary confidence. Think less classic Sophia Loren, more modern Nicole Grimaudo; still unmistakably Italian, still elegant, just sharper, leaner, and very much living in the present rather than trading purely on nostalgia.
Unison Research Unico DM v2: Flagship Power Amplifier with a New Design Direction
The $10,999 USD Unico DM v2 is the new flagship power amplifier in Unison Research’s Unico series. Introduced alongside the Unico PRE v2, it reflects a clear shift in the company’s design language toward a more modern, restrained aesthetic while maintaining the hybrid tube/solid-state approach that has long defined the Unico line.
The chassis design is notably more contemporary than previous Unico models. The front panel is machined from a 15-mm-thick aluminum block, giving the amplifier a dense, solid feel, while the Midnight Black and Velvet Gold finishes emphasize its cleaner lines. A 2-mm aluminum top cover wraps around the enclosure, reinforcing both structural rigidity and visual continuity. Wooden accents remain, but they are used sparingly, serving as a reference to the original Unico logo rather than a dominant visual element. The Unison Research logo also functions as the power switch, integrating branding and operation in a subtle, functional way.
Advertisement
Internally, the Unico DM v2 is built around a dual-mono architecture. Each channel is powered by its own 750 VA encapsulated toroidal transformer, with potting and shielding used to reduce electromagnetic interference. This layout is intended to preserve channel separation and maintain consistency under load. When operated in bridged mono mode, the two power supplies are connected in parallel, increasing available current and output capability.
The amplifier uses a three-stage hybrid amplification circuit. The input stage operates in pure Class A and employs ECC82 / 12AU7 Gold Lion valves, providing the initial voltage gain. A solid-state intermediate stage buffers and adapts the signal for the output section. The power stage uses a complementary push-pull configuration with three parallel pairs of MOSFETs, designed to deliver sufficient current for demanding loudspeaker loads while remaining stable across a wide impedance range.
A key technical addition is A.S.H.A. (Class A-AB) technology, introduced for the first time in the Unico DM v2. This output-stage topology is designed to combine aspects of Class A operation at lower levels with the efficiency and thermal behavior of Class AB at higher power. According to Unison Research, this approach keeps distortion low and consistent up to maximum output while maintaining tonal balance and low-frequency control even at moderate listening levels.
In practical terms, the Unico DM v2 delivers 220 W into 8 ohms and 340 W into 4 ohms in stereo operation, with stability down to 2 ohms. In bridged mono mode, it provides 650 W continuous output into both 8-ohm and 4-ohm loudspeakers, allowing it to function as a high-power monoblock when required.
Advertisement
Connectivity is conventional and system-focused, with balanced XLR and unbalanced RCA inputs, a remote power-on trigger, and dual binding posts per channel to support bi-wiring. The Unico DM v2 is clearly aimed at listeners who want high output capability, a hybrid circuit design, and a more contemporary visual presentation from Unison Research, without departing from the brand’s established engineering principles.
Unison Research Unico PRE v2: Flagship Preamplifier with Expanded Functionality and a Modernized Look
The $7,499 USD Unico PRE v2 is the new flagship preamplifier in the Unison Research Unico series. Introduced alongside the Unico DM v2 power amplifier, it reflects the same shift toward a more contemporary design language while retaining the hybrid valve/solid-state approach that defines the Unico range. Rather than a cosmetic refresh, the PRE v2 represents a full redesign intended to improve usability, system flexibility, and overall consistency with modern audio systems.
Advertisement. Scroll to continue reading.
Visually, the Unico PRE v2 follows the same restrained, more architectural styling as the DM v2. The front panel is machined from a 15-mm-thick solid aluminum block, giving the unit a solid, precisely finished appearance. Midnight Black and Velvet Gold finishes highlight the cleaner lines and tighter detailing, while the 2-mm aluminum top coverwraps around the chassis to reinforce both rigidity and visual continuity. Wooden accents remain, but in a reduced, more symbolic role, referencing the original Unico logo rather than dominating the design. As with the DM v2, the Unison Research logo doubles as the power button, integrating branding and function in a straightforward way.
Volume control is handled by a high-quality integrated circuit using precision resistors, chosen to ensure accurate channel balance and consistent attenuation across the full range. The goal here is stability and repeatability rather than novelty, preserving signal integrity regardless of listening level.
Advertisement
Internally, the Unico PRE v2 has been completely reworked. The circuit remains faithful to zero global feedback and a dual-mono topology, design choices Unison Research has long associated with natural, unforced sound. The preamplifier uses a three-stage architecture, with the first stage built around a pair of ECC83 / 12AX7 Gold Lion valves operating in Class A. This stage establishes the preamp’s basic tonal character while maintaining low noise and low distortion. The following solid-state stages handle buffering and output duties, working in tandem with the valve section to maintain consistency and drive capability under a wide range of system conditions.
One of the Unico PRE v2’s strengths is its unusually broad connectivity. On the analog side, it offers three RCA line inputs, three XLR line inputs, a dedicated MM/MC phono input, and an additional Line In for system integration. Outputs include two RCA outputs for bi-amping, a balanced XLR output, an unfiltered dual subwoofer output, and Line Out connections for external processors or recording devices. A 12 V trigger output allows synchronized power control with compatible amplifiers and accessories.
Digital playback is handled by an integrated DAC based on the Sabre ES9018K2M converter. The DAC section uses a balanced output architecture designed to interface cleanly with the valve input stage, aiming for tonal consistency between digital and analog sources. Digital inputs include USB-B, two S/PDIF, and two optical Toslink connections, supporting PCM up to 384 kHz over USB, native DSD up to 256×, and DoP up to 128×, with S/PDIF and Toslink supporting resolutions up to 192 kHz.
The built-in phono stage uses passive RIAA equalization and high-precision components. It supports both MM and MC cartridges, with selectable load and gain settings accessible from the rear panel, making cartridge matching straightforward without internal adjustments.
Advertisement
In practical terms, the Unico PRE v2 is a fully balanced hybrid preamplifier with a solid-state output stage, moderate power consumption, and output voltage levels high enough to drive a wide range of power amplifiers without difficulty. It measures 45 × 43 × 14 cm and weighs 11 kg, placing it firmly in the full-size component category.
Overall, the Unico PRE v2 is less about spectacle and more about refinement—modernized styling, expanded connectivity, and a carefully updated circuit design intended to serve as a flexible control center for contemporary hybrid and high-power systems.
The Bottom Line
The Unico DM v2 separates itself with a high-power, dual-mono hybrid architecture and Unison Research’s new A.S.H.A. Class A-AB output stage, designed for real loudspeaker control rather than headline specs. The Unico PRE v2complements it as a fully balanced control center with a tube-based input stage, broad analog and digital connectivity, and a genuinely useful MM/MC phono stage with selectable load and gain. There’s no internal streamer and no Bluetooth, which feels deliberate—hinting that dedicated digital sources may not be far behind.
At $18,498 USD for the preamp and power amplifier alone—before speakers, sources, and cabling—this is a serious investment. Fidelity Imports represents a wide range of appropriately priced loudspeakers that would make sense with this combination. The takeaway is simple: new look, significantly more power, and pricing that reflects Unison Research’s move further upmarket.
The door sensor in its new enclosures. (Credit: Dillan Stock)
A common sight in ‘smart homes’, door sensors allow you to detect whether a door is closed or open, enabling the triggering of specific events. Unfortunately, most solutions for these sensors are relatively bulky and hard to miss, making them a bit of a eyesore. This was the case for [Dillan Stock] as well, who decided that he could definitely have a smart home, yet not have warts sticking out on every single doorframe and door. There’s also a video version of the linked blog post.
These door sensors tend to be very simple devices, usually just a magnet and a reed relay, the latter signaling a status change to the wireless transmitter or transceiver. Although [Dillan] had come across recessed door sensors before, like a Z-wave-based unit from Aeotec, this was a very poorly designed product with serious reliability issues.
That’s when [Dillan] realized that he could simply take the PCB from one of the Aqara T1 door sensors that he already had and stuff them into a similar 20 mm diameter form factor as that dodgy sensor unit. Basically this just stuffs the magnet and PCB from an existing wart-style sensor into a recessed form factor, making it a very straightforward hack, that only requires printing the housings for the Aqara T1 sensor and some intimate time between the door and a drill.
Apple has acknowledged that users may be encountering issues with iCloud services, Photos sync, or an outright outage with Find My on Tuesday afternoon.
Another services outage has affected users
Everything you do on an iPhone touches some kind of service, which can experience an outage from time to time. If you noticed that a file just won’t sync, or you can’t see your friend’s location, it’s because of an ongoing issue. According to Apple’s System Status page, various iCloud services began facing issues around 2:02 p.m. ET and Find My saw a full outage that began at 3:04 p.m. ET. Users attempting to utilize those features could encounter errors or endless loading. Continue Reading on AppleInsider | Discuss on our Forums
Discord is relying on algorithmic data analysis and third-party vendors to handle age verification, but it has clarified that not everyone will be met with explicit age checks.
Everyone is treated as a child on Discord until they try to access adult content
The latest update from Discord’s safety team seems to be a big step back from its earlier promise, though not much has actually changed. The controversial move will have everyone’s account set to teen by default, and while some will need to do age verification via face or ID scan, not everyone will. This “clarification” was issued after mass pushback about the moderation changes taking place on the social platform. Discord says it has used this system in the UK and Australia since the end of 2025 and is now rolling it out globally to meet regulatory requirements for online services. Continue Reading on AppleInsider | Discuss on our Forums
A team at the University of California, San Diego has redesigned how RRAM operates in an effort to accelerate the execution of neural network models. According to UCSD electrical engineer Duygu Kuzum, the approach could eventually enable a new class of local AI applications, assuming the technology’s remaining challenges can… Read Entire Article Source link
Google Search can make information easy to find, but it can also make your personal data surface in ways that feel invasive or even dangerous. This is why Google is rolling out new tools that give people more control over what shows up about them online.
The company says it is expanding its Search removal features to make it simpler to take down sensitive personal information and explicit images that never should have been public in the first place.
How to remove personal information from Search
Google’s “Results about you hub” can now help you find and remove search results that contain sensitive government-issued identification numbers. This includes things like passport numbers, driver’s license numbers, and other official ID info that could be misused if they appear online.
Google
To use this feature, you sign in to your Google account and select ‘Results about you,’ where you can fill out the information you want to track. Google will proactively scan Search for results that match your personal information and alert you if it finds something.
From there, you can review each result and request removal directly within the tool. You can also manually submit a removal request if you come across sensitive information yourself. Google says it will review these requests and remove results that violate its policies.
Advertisement
How to remove explicit images from Search
Google
Google is also simplifying the process for removing explicit images, especially those shared without consent. You can now request the removal of explicit images more easily, including submitting multiple images at once rather than filing separate requests.
Once an image is removed, Google will also offer an option to proactively filter out similar explicit images from future Search results, to prevent similar content from resurfacing.
Google
You can now track all your removal requests in one place through the Results about you hub, with email updates to keep you informed whenever the status changes.
Google also points out that removing information from Search does not erase it from the internet altogether, but it can still go a long way in protecting your privacy.
The update also comes as Google shuts down its dark web reports, which previously alerted users when their name, phone number, or email surfaced online in a data breach.
Google says those alerts did not always help people take meaningful action, something the new removal tools are designed to address.
Microsoft has released the Windows 10 KB5075912 extended security update to fix February 2026 Patch Tuesday vulnerabilities, including six zero-days, and continue rolling out replacements for expiring Secure Boot certificates.
If you are running Windows 10 Enterprise LTSC or are enrolled in the ESU program, you can install this update like normal by going into Settings, clicking on Windows Update, and manually performing a ‘Check for Updates.’
Windows 10 KB5075912 update Source: BleepingComputer
After installing this update, Windows 10 will be updated to build 19045.6937, and Windows 10 Enterprise LTSC 2021 will be updated to build 19044.6937.
What’s new in Windows 10 KB5075912
Microsoft is no longer releasing new features for Windows 10, and the KB5075912 update contains only security fixes and bug fixes introduced by previous security updates.
With today’s February 2026 Patch Tuesday, Microsoft has fixed 58 vulnerabilities, including six actively exploited zero-day flaws.
[Fonts] This update includes changes to Chinese fonts to meet GB18030-2022A compliance.
[OS Security (known issue)] Fixed: After installing the Windows security update released on or after January 13, 2026, some Secure Launch-capable PCs with Virtual Secure Mode (VSM) enabled are unable to shut down or enter hibernation. Instead, the device restarts.
[Folders] Fixed: This update fixes an issue that affects folder renaming with desktop.ini files in File Explorer. The LocalizedResourceName setting was ignored, so custom folder names did not show. Now, custom folder names appear as expected.
[Graphics] Fixed: A stability issue affecting certain graphics processing units (GPUs) configurations.
[Secure Boot] With this update, Windows quality updates include a broad set of targeting data that identifies devices and their ability to receive new Secure Boot certificates. Devices will receive the new certificates only after they show sufficient successful update signals, which helps ensure a safe and phased rollout.
Since June 2025, Microsoft has warned that multiple Windows Secure Boot certificates from 2011 are expiring in June 2026, and warned that if they are not updated, it would breach Secure Boot protections.
These certificates are used to validate Windows boot components, third-party bootloaders, and Secure Boot revocation updates, and if expired, could allow threat actors to bypass security protections.
Microsoft states that there are no known issues with this update.
Advertisement
Modern IT infrastructure moves faster than manual workflows can handle.
In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.
A newly documented Linux botnet named SSHStalker is using the IRC (Internet Relay Chat) communication protocol for command-and-control (C2) operations.
The protocol was invented in 1988, and its adoption peaked during the 1990s, becoming the main text-based instant messaging solution for group and private communication.
Technical communities still appreciate it for its implementation simplicity, interoperability, low bandwidth requirements, and no need for a GUI.
The SSHStalker botnet relies on classic IRC mechanics such as multiple C-based bots and multi-server/channel redundancy instead of modern C2 frameworks, prioritizing resilience, scale, and low cost over stealth and technical novelty.
According to researchers at threat intelligence company Flare, this approach extends to other characteristics of SSHStalker’s operation, like using noisy SSH scans, one-minute cron jobs, and a large back-catalog of 15-year old CVEs.
Advertisement
“What we actually found was a loud, stitched-together botnet kit that mixes old-school IRC control, compiling binaries on hosts, mass SSH compromise, and cron-based persistence. In other words scale-first operation that favors reliability over stealth,” Flare says.
The ‘infected machines’ IRC channel Source: Flare
SSHStalker achieves initial access through automated SSH scanning and brute forcing, using a Go binary that masquerades as the popular open-source network discovery utility nmap.
Compromised hosts are then used to scan for additional SSH targets, which resembles a worm-like propagation mechanism for the botnet.
Flare found a file with results from nearly 7,000 bot scans, all from January, and focused mostly on cloud hosting providers in Oracle Cloud infrastructure.
Once SSHStalker infects a host, it downloads the GCC tool for compiling payloads on the victim device for better portability and evasion.
Advertisement
The first payloads are C-based IRC bots with hard-coded C2 servers and channels, which enroll the new victim in the botnet’s IRC infrastructure.
Next, the malware fetches archives named GS and bootbou, which contain bot variants for orchestration and execution sequencing.
Persistence is achieved via cron jobs that run every 60 seconds, invoking a watchdog-style update mechanism that checks whether the main bot process is running and relaunches it if it is terminated.
The botnet also contains exploits for 16 CVEs targeting Linux kernel versions from the 2009-2010 era. This is used to escalate privileges after the earlier brute-forcing step grants access to a low-privileged user.
Advertisement
Attack chain overview Source: Flare
Regarding monetization, Flare noticed that the botnet performs AWS key harvesting and website scanning. It also includes cryptomining kits such as the high-performance Ethereum miner PhoenixMiner.
Distributed denial-of-service (DDoS) capabilities are also present, though the researchers noted they have not yet observed any such attacks. In fact, SSHStalker’s bots currently just connect to the C2 and then enter an idle state, suggesting testing or access hoarding for now.
Flare has not attributed SSHStalker to a particular threat group, though it noted similarities with the Outlaw/Maxlas botnet ecosystem and various Romanian indicators.
The threat intelligence company suggests placing monitoring solutions for compiler installation and execution on production servers, and alerts for IRC-style outbound connections. Cron jobs with short execution cycles from unusual paths are also big red flags.
Mitigation recommendations include disabling SSH password authentication, removing compilers from production images, enforcing egress filtering, and restricting execution from ‘/dev/shm.’
Advertisement
Modern IT infrastructure moves faster than manual workflows can handle.
In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.
An anonymous reader shares a report: In 1966, a beach-ball-size robot bounced across the moon. Once it rolled to a stop, its four petal-like covers opened, exposing a camera that sent back the first picture taken on the surface of another world. This was Luna 9, the Soviet lander that was the earliest spacecraft to safely touchdown on the moon. While it paved the way toward interplanetary exploration, Luna 9’s precise whereabouts have remained a mystery ever since.
That may soon change. Two research teams think they might have tracked down the long-lost remains of Luna 9. But there’s a catch: The teams do not agree on the location. “One of them is wrong,” said Anatoly Zak, a space journalist and author who runs RussianSpaceWeb.com and reported on the story last week. The dueling finds highlight a strange fact of the early moon race: The precise resting places of a number of spacecraft that crashed or landed on the moon in the run up to NASA’s Apollo missions are lost to obscurity. A newer generation of spacecraft may at last resolve these mysteries.
Luna 9 launched to the moon on Jan. 31, 1966. While a number of spacecraft had crashed into the lunar surface at that stage of the moon race, it was among the earliest to try what rocket engineers call a soft landing. Its core unit, a spherical suite of scientific instruments, was about two feet across. That size makes it difficult to spot from orbit. “Luna 9 is a very, very small vehicle,” said Mark Robinson, a geologist at the company Intuitive Machines, which has twice landed spacecraft on the moon.
Rivian’s R2 Prototype has hit road with early reviews, and it’s a capable electric SUV that truly delivers on the adventure promise without breaking the bank like its larger siblings do. The test rides were place on California highways, curvy back roads, and rocky off-road trails near Rivian’s Irvine headquarters. Most reviewers agree that the R2 retains the adventurous spirit of the larger R1 models while also making it more fun and approachable for daily driving.
The power comes from two motors, and this all-wheel drive configuration generates a 656 horsepower and 609 pound-feet of torque. It accelerates from 0 to 60 mph in around 3.6 seconds and feels robust even at highway speeds. In normal mode, the R2 runs largely on rear-wheel drive for improved fuel efficiency, but when necessary, it uses the front motor. Sport mode engages full all-wheel drive for a faster reaction.
✅【 Powerful Performance】Equipped with a 350W brushless motor, this adult electric scooter reaches 19MPH and handles 15° inclines with ease…
✅【Long-Lasting Battery】This e scooter has 19 miles max long range on a single 4-5 hours fast charge, making it ideal for everyday commutes…
✅ 【Safety First】Scooter stay protected with a drum brake + EABS electronic brake system for quick, stable stopping. The bright LED headlight…
The R2 handles quite well and stays grounded in corners. The steering feels natural and connected, with plenty of feedback that increases as you request more. Body control is outstanding, especially given the high ground clearance and all-terrain tyres with tall sidewalls. Roll remains well under control, and the chassis responds quickly and without drama. The R2 feels lighter on its feet because to its unibody structure, lower weight (about 4,850 to 5,000 pounds), and lower center of gravity. When cruising, the ride is nice, but when you push harder, it tightens up. Steel coil springs and semi-active dampers handle uneven roads with ease, providing an excellent balance between pavement and dirt.
Advertisement
Off-road performance stands up well on the trails it was tested on, with 9.6 inches of ground clearance and angles that allow you to tackle tough terrain with confidence. The long-travel suspension articulates well, and torque vectoring maintains traction without the use of typical locking differentials. When the wheels begin to spin, the brakes come into action, but there is some initial slip before they fully intervene.
Inside, the room is surprisingly generous for a tiny SUV. Tall adults may comfortably sit into the back seats, which provide 40.4 inches of legroom and headroom. The inside remains clutter-free, featuring a large central touchscreen and a smaller driver display. The haptic steering wheel on the column controls climate, drive modes, and other settings via rolling, tilting, and pushing actions, and the feedback is satisfactory, but they are currently working on adjusting the prototypes. There is plenty of storage space, ranging from dual gloveboxes to a flat-folding rear section that can accommodate a fitted mattress for overnight use. The low beltline and upright windows provide excellent visibility.
The EPA cycle shows a range of more than 300 miles, thanks to a compact battery pack and a well-designed interior. Filling up is also much faster than you’d think, with the R2 going from 10 to 80 percent in less than half an hour at a fast charging station, and with a native NACS port, it’s virtually ready to go at any Tesla Supercharger.
The price starts about $45,000, with dual-motor variants costing $50,000 or $55,000, depending on how specced out you want to get. The truth is, that puts the R2 in a really good position in the market; it’s like a true alternative to the more mainstream electric crossovers (Tesla Model Y), but with one significant bonus: you can actually take it off the beaten track and get a real rush of performance.
North Korean hackers are running tailored campaigns using AI-generated video and the ClickFix technique to deliver malware for macOS and Windows to targets in the cryptocurrency sector.
The threat actor’s goal is financial, as suggested by the role of the tools used in an attack on a fintech company investigated by Google’s Mandiant researchers.
During the response engagement, the researchers found seven distinct macOS malware families and attributed the attack to UNC1069, a threat group they’ve been tracking since 2018.
Infection chain
The attack had a strong social engineering component as the victim was contacted over the Telegram messaging service from a compromised account of an executive at a cryptocurrency company.
After building a rapport, the hackers shared a Calendly link that took the victim to a spoofed Zoom meeting page on the attacker’s infrastructure.
Advertisement
According to the target, the hackers showed a deepfake video of a CEO at another cryptocurrency company.
“Once in the ‘meeting,’ the fake video call facilitated a ruse that gave the impression to the end user that they were experiencing audio issues,” Mandiant researchers say.
Under this pretext, the attacker instructed the victim to troubleshoot the problems using commands present on a webpage. Mandiant found commands on the page for both Windows and macOS that would start the infection chain.
Huntress researchers documented a similar attack method in mid-2025 and attributed it to the BlueNoroff group, another North Korean adversary also known as Sapphire Sleet and TA44, that targeted macOS systems using a different set of payloads.
Advertisement
macOS malware
Mandiant researcher found evidence of AppleScript execution once the infection chain started, but could not recover the contents of the payload, followed by deploying a malicious Mach-O binary. In the next stage, the attacker executed seven distinct malware families:
WAVESHAPER – C++ backdoor that runs as a background daemon, collects host system information, communicates with C2 over HTTP/HTTPS using curl, and downloads and executes follow-on payloads.
HYPERCALL – Golang-based downloader that reads an RC4-encrypted configuration file, connects to C2 over WebSockets on TCP 443, downloads malicious dynamic libraries, and reflectively loads them into memory.
HIDDENCALL – Golang-based backdoor reflectively injected by HYPERCALL that provides hands-on keyboard access, supports command execution and file operations, and deploys additional malware.
SILENCELIFT – Minimal C/C++ backdoor that beacons host information and lock screen status to a hard-coded C2 server and can interrupt Telegram communications when executed with root privileges.
DEEPBREATH – Swift-based data miner deployed via HIDDENCALL that bypasses macOS TCC protections by modifying the TCC database to gain broad filesystem access and steals keychain credentials, browser data, Telegram data, and Apple Notes data.
SUGARLOADER – C++ downloader that uses an RC4-encrypted configuration to retrieve next-stage payloads and was made persistent via a manually created launch daemon.
CHROMEPUSH – C++ browser data miner deployed by SUGARLOADER that installs as a Chromium native messaging host masquerading as a Google Docs Offline extension and collects keystrokes, credentials, cookies, and optionally screenshots.
Overview of the attack chain Source: Mandiant
Of the malware found, SUGARLOADER has the most detections on the VirusTotal scanning platform, followed by WAVESHAPER, which is flagged by just two products. The rest are not present in the platform’s malware database.
Mandiant says that SILENCELIFT, DEEPBREATH, and CHROMEPUSH represent a new set of tooling for the threat actor.
The researchers describe as unusual the volume of malware deployed on a host against a single individual.
This confirms a targeted attack focused on collecting as much data as possible for two reasons: “cryptocurrency theft and fueling future social engineering campaigns by leveraging victim’s identity and data,” Mandiant says.
Advertisement
Since 2018, UNC1069 has demonstrated its ability to evolve by adopting new techniques and tools. In 2023, the bad actor switched to targets in the Web3 industry (centralized exchanges, developers, venture capital funds).
Last year, the threat actor changed its target to financial services and the cryptocurrency industry in verticals such as payments, brokerage, and wallet infrastructure.
Modern IT infrastructure moves faster than manual workflows can handle.
In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.
.jpg)
