External Publication
Visit Post

Khmer Shadow Hackers Abuse VMware-Signed Binary to Deploy NIGHTFORGE Loader

VPN Central [Unofficial] June 16, 2026
Source
Acronis researchers have uncovered two espionage campaigns targeting Cambodian government organizations, with attackers using a legitimate VMware-signed binary to sideload a custom loader called NIGHTFORGE. The campaigns, tracked as Khmer Shadow by Acronis Threat Research Unit, focused on entities in Cambodia’s defense and public works sectors. Acronis assesses with moderate confidence that the activity supports […] The post Khmer Shadow Hackers Abuse VMware-Signed Binary to Deploy NIGHTFORGE Loader appeared first on VPN Central.

Discussion in the ATmosphere

Loading comments...