VERY IMPORTANT

A sophisticated multi-stage PowerShell campaign has been identified, utilizing an LNK file to initiate a sequence of obfuscated scripts. The attack maintains persistence and stealth by connecting with a command-and-control server. It employs Chisel, a fast TCP/UDP tunneling tool, and a Netskope proxy for covert communication, enabling lateral movement within compromised networks. The campaign involves three stages of PowerShell scripts, each with specific functions to establish persistence, communicate with the C&C server, and execute received commands. The presence of a Chisel DLL suggests advanced threat actor tactics aimed at prolonged control and evasion, indicating a highly organized or financially motivated operation.