🟠 High  |  Source: The Hacker News


Over 20 Brazilian government websites were compromised and weaponised as malware distribution points as part of an active campaign dubbed PhantomEnigma. Researchers at ANY.RUN uncovered previously unknown backdoor behaviour, hidden infrastructure, and multiple attack vectors tied to the campaign. The incident highlights the risk of trusted government domains being abused to bypass reputation-based security controls.

Security Architect’s Take: Review your organisation’s web filtering and threat intelligence feeds to ensure that government-domain URLs are not unconditionally trusted — apply the same inspection rigour to all traffic regardless of source domain reputation. Additionally, validate that your egress controls and DNS monitoring would detect beaconing to newly identified PhantomEnigma infrastructure.

Original advisory: 20+ Hijacked Government Websites Became
an Attack Channel