Latest Insights

Silver Fox’s Dual-Pronged Strategy: Dissecting the ValleyRAT Distribution Campaign

The Silver Fox APT group employs a sophisticated, hybrid distribution strategy to maximize the reach of their custom-built ValleyRAT trojan, primarily aimed at Chinese-speaking victims. Rather than relying on a singly infection method, the group employs a multi-medium strategy to achieve both precision and scale. On one front, Silver Fox executes highly targeted phishing operations,…

25th March 2026

When Hospitality Software is Too Hospitable: an XSS Filter Bypass and a Curious SSRF in Oracle Hospitality OPERA (CVE-2026-21966, CVE-2026-21967)

Last autumn, while a typhoon hammered against the hotel windows, our offensive specialist found themselves locked into a different kind of storm – a pentest that refused to stay routine. What began as a run-of-the-mill exercise quickly spiralled into yet another thrilling adventure of vulnerability disclosure. This writeup walks through DarkLab’s discovery of a Cross-Site…

13th February 202616th February 2026

Reverse Engineering a Siemens Programmable Logic Controller for Funs and Vulns (CVE-2024-54089, CVE-2024-54090, & CVE-2025-40757)

Under the sweltering heat of the Hong Kong summer, we entered a looming building and kicked off what was supposed to be a simple penetration test. Little did we know, this ordeal would lead to panic-stricken emails, extra reports, and a few new CVEs. This is a tale of the unexpected discovery of three CVEs…

12th September 202516th February 2026

The Dark Side of SEO: Negative SEO Attacks Targeting Businesses in Asia

In June 2025, DarkLab discovered unusual search results indexed on a popular Hong Kong online platform. This led to our deep dive into another form of DNS abuse impacting legitimate entities; negative SEO. This form of SEO poisoning is known to be typically conducted by competitors as a means to damage reputation or ‘flood out’…

10th July 2025

Lurking Behind the Scenes: Keylogger Sites Impersonate Trusted Brokerage Firms for Account Takeover

In an era where digital security is rapidly evolving, cybercriminals are adapting just as quickly – finding new ways to exploit trust and user behaviour. Recent campaigns targeting stock trading accounts have revealed a critical truth: attackers are no longer just stealing credentials – they are orchestrating full account takeovers to commit high-impact financial fraud.…

6th June 202512th June 2025

Don’t do crime CRIME IS BAD – LockBit Ransomware Hacked, Exposing Operational Data

LockBit really can’t catch a break. Following a year of law enforcement disruptions and loss of affiliate base, the world mostly recently witnessed one of the most notorious Ransomware-as-a-Service (RaaS) gangs hit by yet another setback – they’ve been hacked. On a gloomy Thursday morning, our analysts awoke to news of LockBit’s hack – and…

12th May 202513th May 2025

Something went wrong. Please refresh the page and/or try again.

Dark Lab

Insights from Hong Kong's largest group of technical cyber security professionals.