Eleven11bot infects video recorders, with the largest concentration of them in the US.

YouTube warns that scammers are using an AI-generated video featuring the company’s CEO in phishing attacks to steal creators’ credentials.
The attackers are sharing it as a private video with targeted users via emails claiming YouTube is changing its monetization policy.
“We’re aware that phishers have been sharing private videos to send false videos, including an AI generated video of YouTube’s CEO Neal Mohan announcing changes in monetization,” the online video sharing platform warned in a pinned post on its official community website.
Threat actors deploying the Black Basta and CACTUS ransomware families have been found to rely on the same BackConnect (BC) module for maintaining persistent control over infected hosts, a sign that affiliates previously associated with Black Basta may have transitioned to CACTUS.
“Once infiltrated, it grants attackers a wide range of remote control capabilities, allowing them to execute commands on the infected machine,” Trend Micro said in a Monday analysis. “This enables them to steal sensitive data, such as login credentials, financial information, and personal files.”
It’s worth noting that details of the BC module, which the cybersecurity company is tracking as QBACKCONNECT owing to overlaps with the QakBot loader, was first documented in late January 2025 by both Walmart’s Cyber Intelligence team and Sophos, the latter of which has designated the cluster the name STAC5777.
A previously undocumented polyglot malware is being deployed in attacks against aviation, satellite communication, and critical transportation organizations in the United Arab Emirates.
The malware delivers a backdoor called Sosano, which establishes persistence on the infected devices and allows the attackers to execute commands remotely.
The activity was discovered by Proofpoint in October 2024, which states that the attacks are linked to a threat actor named ‘UNK_CraftyCamel.’ While the campaign is still small, the researchers report that it is still advanced and dangerous to targeted companies.
A new botnet malware named ‘Eleven11bot’ has infected over 86,000 IoT devices, primarily security cameras and network video recorders (NVRs), to conduct DDoS attacks.
The botnet, which is loosely linked to Iran, has already launched distributed denial of service (DDoS) attacks targeting telecommunication service providers and online gaming servers.
Eleven11bot was discovered by Nokia researchers who shared the details with the threat monitoring platform GreyNoise.
New research has uncovered further links between the Black Basta and Cactus ransomware gangs, with members of both groups utilizing the same social engineering attacks and the BackConnect proxy malware for post-exploitation access to corporate networks.
In January, Zscaler discovered a Zloader malware sample that contained what appeared to be a new DNS tunneling feature. Further research by Walmart indicated that Zloader was dropping a new proxy malware called BackConnect that contained code references to the Qbot (QakBot) malware.
BackConnect is malware that acts as a proxy tool for remote access to compromised servers. BackConnect allows cybercriminals to tunnel traffic, obfuscate their activities, and escalate attacks within a victim’s environment without being detected.
Description: We are the targets for numerous information campaigns, as companies, politicians, cybercriminals, and nation states guzzle up the digital dust of our online selves. These information campaigns are designed to trigger our survival instincts in order to prevent us from thinking, and instead trigger an emotional reaction. Dr. Schwartz will discuss this rivalry for power, and how we must first learn how to calm our survival brain in order to defend our cognitive terrain against the onslaught of information warfare.
Speaker Bio: Dr. Tamara Schwartz, USAF (ret.), is an Associate Professor of Cybersecurity and Strategy at the York College of Pennsylvania, and an affiliate researcher with Cybersecurity at MIT-Sloan Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity, an international cybersecurity think tank. While on active duty, Dr. Schwartz’s thought leadership informed the standup of Cyber Command and the design of various command centers supporting Joint Space, Cyber, and Global Strategic Operations, and her work at the U.S. Embassy in Amman, Jordan earned her the 2011 Information Operations Officer of the Year. More recently, Dr. Schwartz was a member of the 2020 “Dr. Evil task force,” with the Defense Threat Reduction Agency, identifying future threats to inform DoD investments in emerging technology. She received her B.S. in Industrial Engineering from Rensselaer Polytechnic Institute, her M.S. in Engineering Management from the University of Dayton, and her Doctorate of Business Administration from the Fox School of Business, Temple University. Her research expertise includes Artificial Intelligence, cybersecurity as a strategic competitive advantage, and information warfare.
Information Warfare, by Dr. Tamara Schwartz.
https://he.kendallhunt.com/product/in… College of Pennsylvania, Cybersecurity Management https://www.ycp.edu/academics/program… Weapons of Mass Disruption https://podcasts.apple.com/us/podcast…