Web Scouter
Back to News
Security NewsHighIncidentunauthorized access

Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels

UnknownMar 30, 2026(about 3 hours ago)

A Russian-origin CTRL toolkit distributed via malicious LNK files hijacks RDP via FRP tunnels, enabling credential phishing and keylogging.

Cybersecurity researchers have discovered a remote access toolkit of Russian-origin that's distributed via malicious Windows shortcut (LNK) files that are disguised as private key folders. The CTRL toolkit, according to Censys, is custom-built using .NET and includes various executables" to facilitate credential phishing, keylogging, Remote Desktop Protocol (RDP) hijacking, and reverse tunneling

Related News

Russian APT Star Blizzard Adopts DarkSword iOS Exploit Kit

Unknownabout 1 hour ago

The State of Secrets Sprawl 2026: 9 Takeaways for CISOs

Unknownabout 1 hour ago

European Commission Reports Cyber Intrusion and Data Theft

Unknownabout 1 hour ago

Get Personalized Alerts

Track vendors and receive alerts when security incidents affect your supply chain.

What We Monitor

Security Incidents

Data breaches, ransomware, and unauthorized access

Vulnerabilities

CVEs and vendor security advisories

Compliance Updates

Regulatory changes and certification news

Legal News

Privacy laws and enforcement actions

Vendor Directory

Browse our directory of SaaS vendors with security documentation and compliance information.