Smoke Loader seen attacking Russian targets

Deployed public facing FirstWatch sensors are now detecting the smoke loader campaign attacking Russian end users. The C2 server is observed as calling back on port 1337 and has been active for several days.

Previously this activity was observed but not fully disclosed by Cisco Talos. It is believed that the activity is related to malicious word documents that have also been observed by Jigsaw Security sensors protecting mail servers.

See our daily report for additional information.


Contact: (800)447-2150 Ext. 1        To contact Jigsaw simply send a message in our chat window!

  • Facebook - Black Circle
  • Twitter - Black Circle

© 2017-2020 Jigsaw Security Enterprise Inc.

Jigsaw Security Enterprise Inc is a SDVOSB - Service Connected Disabled Veteran Owned Small Business