MalwareMay 12, 2026
‼️ Nightmare-Eclipse has just released two new GitHub repositories... Same user behind RedSun, Un...
Threat actor releases two new exploitation tools: YellowKey (BitLocker bypass) and GreenPlasma (Windows privilege
Summary
A threat actor known as Nightmare-Eclipse, linked to previous malware campaigns RedSun, UnDefend, and BlueHammer, has released two new GitHub repositories containing exploitation tools. YellowKey targets BitLocker encryption bypass, while GreenPlasma exploits a Windows CTFMON vulnerability to achieve arbitrary privilege escalation. The public release of these tools increases their availability to other attackers and poses immediate risk to Windows systems.
Indicators of Compromise
- malware — YellowKey
- malware — GreenPlasma
- malware — RedSun
- malware — UnDefend
- malware — BlueHammer
Entities
Nightmare-Eclipse (threat_actor)RedSun (campaign)UnDefend (campaign)BlueHammer (campaign)BitLocker (technology)Windows CTFMON (product)