New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks

SharkLoader malware is actively deploying Cobalt Strike Beacon in the StrikeShark campaign targeting government, diplomatic, and software development organizations in Indonesia, Taiwan, and beyond. Attackers are exploiting known Exchange vulnerabilities (ProxyLogon, ProxyNotShell) for initial access. Successful compromise leads to command and control via Cobalt Strike, enabling lateral movement and data exfiltration.

CRITICALAdvisoryJun 26, 2026

Action required

Hunt for and block SharkLoader and Cobalt Strike IOCs across your network. Prioritize monitoring Exchange servers for exploitation attempts and suspicious authentication patterns. Scan for lateral movement and beacon callbacks.

Affected products

KasperskyExchange ServerOpenfireGeoServer

Linked articles

New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks

Source links

https://thehackernews.com/2026/06/new-sharkloader-malware-deploys-cobalt.html