Malware in Lisp? Now you’re just being cruel

#### [Research](/security/research/)**26** Malware in Lisp? Now you’re just being cruel============================================**26** Miscreants warming to Delphi, Haskell, and the like to evade detection———————————————————————-[Thomas Claburn](/Author/Thomas-Claburn ‘Read more by this author’) Sat 29 Mar 2025 // 10:50 UTC [](https://www.reddit.com/submit?url=https://www.theregister.com/2025/03/29/malware_obscure_languages/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dreddit&title=Malware%20in%20Lisp%3f%20Now%20you%27re%20just%20being%20cruel) [](https://twitter.com/intent/tweet?text=Malware%20in%20Lisp%3f%20Now%20you%27re%20just%20being%20cruel&url=https://www.theregister.com/2025/03/29/malware_obscure_languages/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dtwitter&via=theregister) [](https://www.facebook.com/dialog/feed?app_id=1404095453459035&display=popup&link=https://www.theregister.com/2025/03/29/malware_obscure_languages/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dfacebook) [](https://www.linkedin.com/shareArticle?mini=true&url=https://www.theregister.com/2025/03/29/malware_obscure_languages/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dlinkedin&title=Malware%20in%20Lisp%3f%20Now%20you%27re%20just%20being%20cruel&summary=Miscreants%20warming%20to%20Delphi%2c%20Haskell%2c%20and%20the%20like%20to%20evade%20detection) [](https://api.whatsapp.com/send?text=https://www.theregister.com/2025/03/29/malware_obscure_languages/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dwhatsapp) Malware authors looking to evade analysis are turning to less popular programming languages like Delphi or Haskell.Computer scientists affiliated with the University of Piraeus and Athena Research Center in Greece and Delft University of Technology in the Netherlands have taken a look at recent malware to better understand why some of it gets missed by static analysis — a software testing technique for understanding code without executing it.The authors — Theodoros Apostolopoulos, Vasilios Koutsokostas, Nikolaos Totosis, Constantinos Patsakis, and Georgios Smaragdakis — describe their findings in [a preprint paper](https://arxiv.org/abs/2503.19058) titled, ‘Coding Malware in Fancy Programming Languages for Fun and Profit.’ ![](https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/research&sz=300×50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z-hDXfmG1MmeiHcom2SKCwAAAI8&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0)There is [a lot of malware](https://portal.av-atlas.org/malware) — almost 26 million new instances of malicious code just in 2025, according to antivirus evaluators AV-TEST. And one of the main ways to identify bad code is static analysis. ![](https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/research&sz=300×50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z-hDXfmG1MmeiHcom2SKCwAAAI8&t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0) ![](https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/research&sz=300×50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z-hDXfmG1MmeiHcom2SKCwAAAI8&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0)Malware authors know this and many make an effort to obfuscate their code or to apply anti-sandboxing or anti-debugging techniques.One way to do so is simply to use a programming language that’s not widely used for malware, which tends to be written in C or C++. ![](https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/research&sz=300×50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z-hDXfmG1MmeiHcom2SKCwAAAI8&t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0)’For years, ransomware groups have been switching to newer, unconventional languages to make reverse engineering and detection more difficult,’ the authors observe. ‘Moreover, various threat actors have used this approach, employing a wide range of programming languages and techniques to obfuscate their malicious code.’They point to how security researchers hated Visual Basic 6 binaries due to the complexity of reverse engineering the software, the presence of a Lua obfuscation layer in the 2012 Flame malware, and the Grip virus, which contained a Brainfuck interpreter coded in Assembly to generate its keycodes, as examples.’Even though malware written in C continues to be the most prevalent, malware operators, primarily known threat groups such as APT29, increasingly include non-typical malware programming languages in their arsenal,’ they write.’For instance, APT29 recently used Python in their Masepie malware against Ukraine, while in their Zebrocy malware, they used a mixture of Delphi, Python, C#, and Go. Likewise, Akira ransomware shifted from C++ to Rust, BlackByte ransomware shifted from C# to Go, and Hive was ported to Rust.’To some extent, this is simply a variation on security through obscurity — when fewer people are familiar with a given language, less manual detection can be expected and automated tools will have fewer samples.But automated detection mechanisms based on signatures of identified malware won’t work when the malware has been rewritten in a different language. And some languages like Haskell and Lisp, the researchers note, employ an execution model that differs from malware developed in C. Others, like Dart and Go, may add a large number of functions to the executable as part of their standard environment, making even simple programs complicated.To better understand why certain languages resist analysis better than others, the authors examined a set of almost 400,000 Windows executables from Malware Bazaar.* [Oracle JDK 24 appears in rare alignment of version and feature count](https://www.theregister.com/2025/03/18/oracle_jdk_24/)* [C++ creator calls for help to defend programming language from ‘serious attacks’](https://www.theregister.com/2025/03/02/c_creator_calls_for_action/)* [Linux royalty backs adoption of Rust for kernel code, says its rise is inevitable](https://www.theregister.com/2025/02/21/linux_c_rust_debate_continues/)* [Time to make C the COBOL of this century](https://www.theregister.com/2025/02/18/c_opinion/)They found not only that the programming language used affects the malware detection rate but also that the choice of compiler makes a difference. ‘While one would expect less used programming languages, e.g. Rust and Nim, to have worse detection rates because the sparsity of samples would not allow the creation of robust rules, the use of non-widely used compilers, e.g. Pelles C, Embarcadero Delphi, and Tiny C, has a more substantial impact on the detection rate,’ they state.After looking at a more limited dataset focused on APTs (advanced persistent threats), the researchers say it’s clear that over time, APT authors have diversified their choice of programming languages and compilers.One of the ways the boffins examined malware differences across programming languages involved assessing how well the binaries resisted shellcode pattern matching — the process of looking for malicious sets of instructions.The results showed significant variations across languages and underscored why malware is easier to find in more common languages. ‘Samples written in languages such as C and C++ retained, usually, all shellcode bytes in sequential order or had a fixed gap between the bytes, leading to relatively straightforward detection,’ the authors say. ‘However, other languages demonstrated significant byte fragmentation and variations in memory layout, complicating static detection.’They cite Rust, Phix, Lisp, and Haskell as languages that distribute shellcode bytes irregularly or in non-obvious ways.There are other reasons that less popular languages can make malware more difficult to identify, such as the complexity of the executed functions, the number of indirect calls and jumps executed, and the number of threads spawned.’Malware is predominantly written in C/C++ and is compiled with Microsoft’s compiler,’ the authors conclude. ‘However … our work practically shows that by shifting the codebase to another, less used programming language or compiler, malware authors can significantly decrease the detection rate of their binaries but simultaneously increase the reverse engineering effort of the malware analysts.’Thus, the authors argue, code in less popular programming languages deserves more attention in the security community and more relevant detection tools. ® **Get our** [Tech Resources](https://whitepapers.theregister.com/) Share [](https://www.reddit.com/submit?url=https://www.theregister.com/2025/03/29/malware_obscure_languages/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dreddit&title=Malware%20in%20Lisp%3f%20Now%20you%27re%20just%20being%20cruel) [](https://twitter.com/intent/tweet?text=Malware%20in%20Lisp%3f%20Now%20you%27re%20just%20being%20cruel&url=https://www.theregister.com/2025/03/29/malware_obscure_languages/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dtwitter&via=theregister) [](https://www.facebook.com/dialog/feed?app_id=1404095453459035&display=popup&link=https://www.theregister.com/2025/03/29/malware_obscure_languages/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dfacebook) [](https://www.linkedin.com/shareArticle?mini=true&url=https://www.theregister.com/2025/03/29/malware_obscure_languages/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dlinkedin&title=Malware%20in%20Lisp%3f%20Now%20you%27re%20just%20being%20cruel&summary=Miscreants%20warming%20to%20Delphi%2c%20Haskell%2c%20and%20the%20like%20to%20evade%20detection) [](https://api.whatsapp.com/send?text=https://www.theregister.com/2025/03/29/malware_obscure_languages/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dwhatsapp) #### More about* [Development](/Tag/Development/)* [Microsoft](/Tag/Microsoft/)* [Programming Language](/Tag/Programming%20Language/) More like these × ### More about* [Development](/Tag/Development/)* [Microsoft](/Tag/Microsoft/)* [Programming Language](/Tag/Programming%20Language/)* [Security](/Tag/Security/)* [Software](/Tag/Software/) ### Narrower topics* [2FA](/Tag/2FA/)* [Accessibility](/Tag/Accessibility/)* [Active Directory](/Tag/Active%20Directory/)* [AdBlock Plus](/Tag/AdBlock%20Plus/)* [Advanced persistent threat](/Tag/Advanced%20persistent%20threat/)* [App](/Tag/App/)* [Application Delivery Controller](/Tag/Application%20Delivery%20Controller/)* [Assembly Language](/Tag/Assembly%20Language/)* [Audacity](/Tag/Audacity/Audio%20Editor/ ‘Disambiguation: Audio Editor’)* [Authentication](/Tag/Authentication/)* [Azure](/Tag/Azure/)* [BEC](/Tag/BEC/)* [Bing](/Tag/Bing/)* [Black Hat](/Tag/Black%20Hat/)* [BSides](/Tag/BSides/)* [BSoD](/Tag/BSoD/)* [Bug Bounty](/Tag/Bug%20Bounty/)* [C++](/Tag/C%2B%2B/)* [CHERI](/Tag/CHERI/)* [CISO](/Tag/CISO/)* [Common Vulnerability Scoring System](/Tag/Common%20Vulnerability%20Scoring%20System/)* [Confluence](/Tag/Confluence/)* [Cybercrime](/Tag/Cybercrime/)* [Cybersecurity](/Tag/Cybersecurity/)* [Cybersecurity and Infrastructure Security Agency](/Tag/Cybersecurity%20and%20Infrastructure%20Security%20Agency/)* [Cybersecurity Information Sharing Act](/Tag/Cybersecurity%20Information%20Sharing%20Act/)* [Database](/Tag/Database/)* [Data Breach](/Tag/Data%20Breach/)* [Data Protection](/Tag/Data%20Protection/)* [Data Theft](/Tag/Data%20Theft/)* [DDoS](/Tag/DDoS/)* [DEF CON](/Tag/DEF%20CON/)* [Devops](/Tag/Devops/)* [Digital certificate](/Tag/Digital%20certificate/)* [Encryption](/Tag/Encryption/)* [Excel](/Tag/Excel/)* [Exchange Server](/Tag/Exchange%20Server/)* [Exploit](/Tag/Exploit/)* [Firewall](/Tag/Firewall/)* [FOSDEM](/Tag/FOSDEM/)* [FOSS](/Tag/FOSS/)* [Grab](/Tag/Grab/)* [Graphics Interchange Format](/Tag/Graphics%20Interchange%20Format/)* [Hacker](/Tag/Hacker/)* [Hacking](/Tag/Hacking/)* [Hacktivism](/Tag/Hacktivism/)* [HoloLens](/Tag/HoloLens/)* [IDE](/Tag/IDE/)* [Identity Theft](/Tag/Identity%20Theft/)* [Incident response](/Tag/Incident%20response/)* [Infosec](/Tag/Infosec/)* [Infrastructure Security](/Tag/Infrastructure%20Security/)* [Internet Explorer](/Tag/Internet%20Explorer/)* [Java](/Tag/Java/)* [JavaScript](/Tag/JavaScript/)* [Jenkins](/Tag/Jenkins/)* [Kenna Security](/Tag/Kenna%20Security/)* [Legacy Technology](/Tag/Legacy%20Technology/)* [LibreOffice](/Tag/LibreOffice/)* [LinkedIn](/Tag/LinkedIn/)* [Map](/Tag/Map/)* [Microsoft 365](/Tag/Microsoft%20365/)* [Microsoft Build](/Tag/Microsoft%20Build/)* [Microsoft Edge](/Tag/Microsoft%20Edge/)* [Microsoft Fabric](/Tag/Microsoft%20Fabric/)* [Microsoft Ignite](/Tag/Microsoft%20Ignite/)* [Microsoft Office](/Tag/Microsoft%20Office/)* [Microsoft Surface](/Tag/Microsoft%20Surface/)* [Microsoft Teams](/Tag/Microsoft%20Teams/)* [Mobile Device Management](/Tag/Mobile%20Device%20Management/)* [NCSAM](/Tag/NCSAM/)* [NCSC](/Tag/NCSC/)* [.NET](/Tag/.NET/)* [Office 365](/Tag/Office%20365/)* [OpenOffice](/Tag/OpenOffice/)* [OS/2](/Tag/OS%2F2/)* [Outlook](/Tag/Outlook/)* [Palo Alto Networks](/Tag/Palo%20Alto%20Networks/)* [Password](/Tag/Password/)* [Patch Tuesday](/Tag/Patch%20Tuesday/)* [Perl](/Tag/Perl/)* [Phishing](/Tag/Phishing/)* [PHP](/Tag/PHP/)* [Pluton](/Tag/Pluton/)* [Python](/Tag/Python/)* [QR code](/Tag/QR%20code/)* [Quantum key distribution](/Tag/Quantum%20key%20distribution/)* [Ransomware](/Tag/Ransomware/)* [Remote Access Trojan](/Tag/Remote%20Access%20Trojan/)* [Retro computing](/Tag/Retro%20computing/)* [REvil](/Tag/REvil/)* [RSA Conference](/Tag/RSA%20Conference/)* [Ruby](/Tag/Ruby/Programming%20Language/ ‘Disambiguation: Programming Language’)* [Rust](/Tag/Rust/Programming%20Language/ ‘Disambiguation: Programming Language’)* [Search Engine](/Tag/Search%20Engine/)* [SharePoint](/Tag/SharePoint/)* [Skype](/Tag/Skype/)* [Software bug](/Tag/Software%20bug/)* [Software License](/Tag/Software%20License/)* [Spamming](/Tag/Spamming/)* [Spyware](/Tag/Spyware/)* [SQL Server](/Tag/SQL%20Server/)* [Surveillance](/Tag/Surveillance/)* [Text Editor](/Tag/Text%20Editor/)* [TLS](/Tag/TLS/)* [Trojan](/Tag/Trojan/)* [Trusted Platform Module](/Tag/Trusted%20Platform%20Module/)* [User interface](/Tag/User%20interface/)* [Visual Studio](/Tag/Visual%20Studio/)* [Visual Studio Code](/Tag/Visual%20Studio%20Code/)* [Vulnerability](/Tag/Vulnerability/)* [Wannacry](/Tag/Wannacry/)* [WebAssembly](/Tag/WebAssembly/)* [Web Browser](/Tag/Web%20Browser/)* [Windows](/Tag/Windows/)* [Windows 10](/Tag/Windows%2010/)* [Windows 11](/Tag/Windows%2011/)* [Windows 7](/Tag/Windows%207/)* [Windows 8](/Tag/Windows%208/)* [Windows Server](/Tag/Windows%20Server/)* [Windows Server 2003](/Tag/Windows%20Server%202003/)* [Windows Server 2008](/Tag/Windows%20Server%202008/)* [Windows Server 2012](/Tag/Windows%20Server%202012/)* [Windows Server 2013](/Tag/Windows%20Server%202013/)* [Windows Server 2016](/Tag/Windows%20Server%202016/)* [Windows Subsystem for Linux](/Tag/Windows%20Subsystem%20for%20Linux/)* [Windows XP](/Tag/Windows%20XP/)* [WordPress](/Tag/WordPress/)* [Xbox](/Tag/Xbox/)* [Xbox 360](/Tag/Xbox%20360/)* [Zero trust](/Tag/Zero%20trust/) ### Broader topics* [Bill Gates](/Tag/Bill%20Gates/)* [Developer](/Tag/Developer/) #### More aboutShare [](https://www.reddit.com/submit?url=https://www.theregister.com/2025/03/29/malware_obscure_languages/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dreddit&title=Malware%20in%20Lisp%3f%20Now%20you%27re%20just%20being%20cruel) [](https://twitter.com/intent/tweet?text=Malware%20in%20Lisp%3f%20Now%20you%27re%20just%20being%20cruel&url=https://www.theregister.com/2025/03/29/malware_obscure_languages/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dtwitter&via=theregister) [](https://www.facebook.com/dialog/feed?app_id=1404095453459035&display=popup&link=https://www.theregister.com/2025/03/29/malware_obscure_languages/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dfacebook) [](https://www.linkedin.com/shareArticle?mini=true&url=https://www.theregister.com/2025/03/29/malware_obscure_languages/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dlinkedin&title=Malware%20in%20Lisp%3f%20Now%20you%27re%20just%20being%20cruel&summary=Miscreants%20warming%20to%20Delphi%2c%20Haskell%2c%20and%20the%20like%20to%20evade%20detection) [](https://api.whatsapp.com/send?text=https://www.theregister.com/2025/03/29/malware_obscure_languages/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dwhatsapp) **26** COMMENTS #### More about* [Development](/Tag/Development/)* [Microsoft](/Tag/Microsoft/)* [Programming Language](/Tag/Programming%20Language/) More like these × ### More about* [Development](/Tag/Development/)* [Microsoft](/Tag/Microsoft/)* [Programming Language](/Tag/Programming%20Language/)* [Security](/Tag/Security/)* [Software](/Tag/Software/) ### Narrower topics* [2FA](/Tag/2FA/)* [Accessibility](/Tag/Accessibility/)* [Active Directory](/Tag/Active%20Directory/)* [AdBlock Plus](/Tag/AdBlock%20Plus/)* [Advanced persistent threat](/Tag/Advanced%20persistent%20threat/)* [App](/Tag/App/)* [Application Delivery Controller](/Tag/Application%20Delivery%20Controller/)* [Assembly Language](/Tag/Assembly%20Language/)* [Audacity](/Tag/Audacity/Audio%20Editor/ ‘Disambiguation: Audio Editor’)* [Authentication](/Tag/Authentication/)* [Azure](/Tag/Azure/)* [BEC](/Tag/BEC/)* [Bing](/Tag/Bing/)* [Black Hat](/Tag/Black%20Hat/)* [BSides](/Tag/BSides/)* [BSoD](/Tag/BSoD/)* [Bug Bounty](/Tag/Bug%20Bounty/)* [C++](/Tag/C%2B%2B/)* [CHERI](/Tag/CHERI/)* [CISO](/Tag/CISO/)* [Common Vulnerability Scoring System](/Tag/Common%20Vulnerability%20Scoring%20System/)* [Confluence](/Tag/Confluence/)* [Cybercrime](/Tag/Cybercrime/)* [Cybersecurity](/Tag/Cybersecurity/)* [Cybersecurity and Infrastructure Security Agency](/Tag/Cybersecurity%20and%20Infrastructure%20Security%20Agency/)* [Cybersecurity Information Sharing Act](/Tag/Cybersecurity%20Information%20Sharing%20Act/)* [Database](/Tag/Database/)* [Data Breach](/Tag/Data%20Breach/)* [Data Protection](/Tag/Data%20Protection/)* [Data Theft](/Tag/Data%20Theft/)* [DDoS](/Tag/DDoS/)* [DEF CON](/Tag/DEF%20CON/)* [Devops](/Tag/Devops/)* [Digital certificate](/Tag/Digital%20certificate/)* [Encryption](/Tag/Encryption/)* [Excel](/Tag/Excel/)* [Exchange Server](/Tag/Exchange%20Server/)* [Exploit](/Tag/Exploit/)* [Firewall](/Tag/Firewall/)* [FOSDEM](/Tag/FOSDEM/)* [FOSS](/Tag/FOSS/)* [Grab](/Tag/Grab/)* [Graphics Interchange Format](/Tag/Graphics%20Interchange%20Format/)* [Hacker](/Tag/Hacker/)* [Hacking](/Tag/Hacking/)* [Hacktivism](/Tag/Hacktivism/)* [HoloLens](/Tag/HoloLens/)* [IDE](/Tag/IDE/)* [Identity Theft](/Tag/Identity%20Theft/)* [Incident response](/Tag/Incident%20response/)* [Infosec](/Tag/Infosec/)* [Infrastructure Security](/Tag/Infrastructure%20Security/)* [Internet Explorer](/Tag/Internet%20Explorer/)* [Java](/Tag/Java/)* [JavaScript](/Tag/JavaScript/)* [Jenkins](/Tag/Jenkins/)* [Kenna Security](/Tag/Kenna%20Security/)* [Legacy Technology](/Tag/Legacy%20Technology/)* [LibreOffice](/Tag/LibreOffice/)* [LinkedIn](/Tag/LinkedIn/)* [Map](/Tag/Map/)* [Microsoft 365](/Tag/Microsoft%20365/)* [Microsoft Build](/Tag/Microsoft%20Build/)* [Microsoft Edge](/Tag/Microsoft%20Edge/)* [Microsoft Fabric](/Tag/Microsoft%20Fabric/)* [Microsoft Ignite](/Tag/Microsoft%20Ignite/)* [Microsoft Office](/Tag/Microsoft%20Office/)* [Microsoft Surface](/Tag/Microsoft%20Surface/)* [Microsoft Teams](/Tag/Microsoft%20Teams/)* [Mobile Device Management](/Tag/Mobile%20Device%20Management/)* [NCSAM](/Tag/NCSAM/)* [NCSC](/Tag/NCSC/)* [.NET](/Tag/.NET/)* [Office 365](/Tag/Office%20365/)* [OpenOffice](/Tag/OpenOffice/)* [OS/2](/Tag/OS%2F2/)* [Outlook](/Tag/Outlook/)* [Palo Alto Networks](/Tag/Palo%20Alto%20Networks/)* [Password](/Tag/Password/)* [Patch Tuesday](/Tag/Patch%20Tuesday/)* [Perl](/Tag/Perl/)* [Phishing](/Tag/Phishing/)* [PHP](/Tag/PHP/)* [Pluton](/Tag/Pluton/)* [Python](/Tag/Python/)* [QR code](/Tag/QR%20code/)* [Quantum key distribution](/Tag/Quantum%20key%20distribution/)* [Ransomware](/Tag/Ransomware/)* [Remote Access Trojan](/Tag/Remote%20Access%20Trojan/)* [Retro computing](/Tag/Retro%20computing/)* [REvil](/Tag/REvil/)* [RSA Conference](/Tag/RSA%20Conference/)* [Ruby](/Tag/Ruby/Programming%20Language/ ‘Disambiguation: Programming Language’)* [Rust](/Tag/Rust/Programming%20Language/ ‘Disambiguation: Programming Language’)* [Search Engine](/Tag/Search%20Engine/)* [SharePoint](/Tag/SharePoint/)* [Skype](/Tag/Skype/)* [Software bug](/Tag/Software%20bug/)* [Software License](/Tag/Software%20License/)* [Spamming](/Tag/Spamming/)* [Spyware](/Tag/Spyware/)* [SQL Server](/Tag/SQL%20Server/)* [Surveillance](/Tag/Surveillance/)* [Text Editor](/Tag/Text%20Editor/)* [TLS](/Tag/TLS/)* [Trojan](/Tag/Trojan/)* [Trusted Platform Module](/Tag/Trusted%20Platform%20Module/)* [User interface](/Tag/User%20interface/)* [Visual Studio](/Tag/Visual%20Studio/)* [Visual Studio Code](/Tag/Visual%20Studio%20Code/)* [Vulnerability](/Tag/Vulnerability/)* [Wannacry](/Tag/Wannacry/)* [WebAssembly](/Tag/WebAssembly/)* [Web Browser](/Tag/Web%20Browser/)* [Windows](/Tag/Windows/)* [Windows 10](/Tag/Windows%2010/)* [Windows 11](/Tag/Windows%2011/)* [Windows 7](/Tag/Windows%207/)* [Windows 8](/Tag/Windows%208/)* [Windows Server](/Tag/Windows%20Server/)* [Windows Server 2003](/Tag/Windows%20Server%202003/)* [Windows Server 2008](/Tag/Windows%20Server%202008/)* [Windows Server 2012](/Tag/Windows%20Server%202012/)* [Windows Server 2013](/Tag/Windows%20Server%202013/)* [Windows Server 2016](/Tag/Windows%20Server%202016/)* [Windows Subsystem for Linux](/Tag/Windows%20Subsystem%20for%20Linux/)* [Windows XP](/Tag/Windows%20XP/)* [WordPress](/Tag/WordPress/)* [Xbox](/Tag/Xbox/)* [Xbox 360](/Tag/Xbox%20360/)* [Zero trust](/Tag/Zero%20trust/) ### Broader topics* [Bill Gates](/Tag/Bill%20Gates/)* [Developer](/Tag/Developer/) #### TIP US OFF[Send us news](https://www.theregister.com/Profile/contact/)[#### AI agents swarm Microsoft Security CopilotLooking to sort through large volumes of security info? Redmond has your backendSecurity5 days -| 13](/2025/03/24/microsoft_security_copilot_agents/?td=keepreading) [#### Too many software supply chain defense bibles? Boffins distill adviceHow to avoid another SolarWinds, Log4j, and XZ Utils situationSecurity9 days -| 10](/2025/03/20/software_supply_chain_defense/?td=keepreading) [#### Microsoft’s many Outlooks are confusing users — including its own employeesRedmond veteran proposes Zero Sugar and Caffeine Free variantsApplications4 days -| 112](/2025/03/25/too_many_outlooks/?td=keepreading) [#### The smart way to tackle data storage challengesWhy high-performance object storage is needed for modern data-intensive workloadsSponsored Feature](/2025/03/28/the_smart_way_to_tackle/?td=keepreading) [#### Microsoft isn’t fixing 8-year-old shortcut exploit abused for spying’Only’ a local access bug but important part of N Korea, Russia, and China attack pictureResearch11 days -| 41](/2025/03/18/microsoft_trend_flaw/?td=keepreading) [#### Windows Server 2025 locking up after February patch, no word of when a fix will landSimilar issue in Windows 11 resolved as of WednesdayOSes1 day -| 4](/2025/03/28/windoers_server_2025_freezing/?td=keepreading) [#### Microsoft quantum breakthrough claims labeled ‘unreliable’ and ‘essentially fraudulent’Updated Redmond insists it’s got this right and has even more impressive results to share soonSystems17 days -| 65](/2025/03/12/microsoft_majorana_quantum_claims_overshadowed/?td=keepreading) [#### OTF, which backs Tor, Let’s Encrypt and more, sues to save its funding from Trump cutsUpdated Kari, are you OK, are you OK, Kari?Networks5 days -| 100](/2025/03/25/otf_tor_lets_encrypt_funding_lawsuit/?td=keepreading) [#### Feds drop bomb on Multiplan in legal war over healthcare ‘price-fixing’ algorithmsDoJ suggests it sure looks like collusion when several big players use the same cost-saving softwareSoftware2 days -| 16](/2025/03/28/feds_multiplan_antitrust_defense/?td=keepreading) [#### Show top LLMs some code and they’ll merrily add in the bugs they saw in trainingOne more time, with feeling … Garbage in, garbage outAI + ML10 days -| 33](/2025/03/19/llms_buggy_code/?td=keepreading) [#### Now Windows Longhorn is long gone, witness reflects on Microsoft’s OS belly-flop’This was not good dog food’OSes2 days -| 94](/2025/03/27/looking_back_at_windows_longhorn/?td=keepreading) [#### Microsoft walking away from datacenter leases (probably) isn’t a sign the AI bubble is burstingComment Why lease space that can’t power or cool 120kW racks – or the next-gen 600kW monsters?Off-Prem3 days -| 35](/2025/03/26/microsoft_ai_apocalypse/?td=keepreading)

Related Tags:
Akira

PUNK SPIDER

Midnight Blizzard

NAICS: 54 – Professional

Scientific

Technical Services

NAICS: 541 – Professional

Scientific

Technical Services

NAICS: 92 – Public Administration

NAICS: 922 – Justice

Public Order

Safety Activities

UNC3524

Blue Kitsune

Associated Indicators:

Threat Intel Solutions

Malware in Lisp? Now you’re just being cruel

Search

Popular Posts

Dangerous runC flaws could allow hackers to escape Docker containers

Lost iPhone? Don’t fall for phishing texts saying it was found

NAKIVO Introduces v11.1 with Upgraded Disaster Recovery and MSP Features

Categories

Pages

Archives

Tags

Follow Us