Khmer Shadow Hackers Abuse VMware-Signed Binary to Deploy NIGHTFORGE Loader
VPN Central [Unofficial]
June 16, 2026
Acronis researchers have uncovered two espionage campaigns targeting Cambodian government organizations, with attackers using a legitimate VMware-signed binary to sideload a custom loader called NIGHTFORGE. The campaigns, tracked as Khmer Shadow by Acronis Threat Research Unit, focused on entities in Cambodia’s defense and public works sectors. Acronis assesses with moderate confidence that the activity supports […]
The post Khmer Shadow Hackers Abuse VMware-Signed Binary to Deploy NIGHTFORGE Loader appeared first on VPN Central.
Discussion in the ATmosphere