Unknown threat actors compromised CPUID's website for less than 24 hours, replacing legitimate CPU-Z and HWMonitor download links with malicious ones. This led to the distribution of trojanized software leveraging DLL side-loading to deploy the STX RAT, an infostealer with HVNC capabilities.
Initial Access
Website Compromise
confirmed
Unknown threat actors compromised a 'secondary feature (basically a side API)' of CPUID's website (cpuid[.]com) for less than 24 hours, from April 9, 15:00 UTC, to April 10, 10:00 UTC.
Defender cut points
Implement robust API security measures including authentication and authorization controls.Conduct regular security audits and penetration testing on all web infrastructure and APIs.Deploy intrusion detection systems (IDS) to monitor for suspicious activity on web servers.
