• HPE and NVIDIA Debut AI Factory Stack to Power Next Industrial Shift

    To speed up AI adoption across industries, HPE and NVIDIA today launched new AI factory offerings at HPE Discover in Las Vegas.
    The new lineup includes everything from modular AI factory infrastructure and HPE’s AI-ready RTX PRO Servers, to the next generation of HPE’s turnkey AI platform, HPE Private Cloud AI. The goal: give enterprises a framework to build and scale generative, agentic and industrial AI.
    The NVIDIA AI Computing by HPE portfolio is now among the broadest in the market.
    The portfolio combines NVIDIA Blackwell accelerated computing, NVIDIA Spectrum-X Ethernet and NVIDIA BlueField-3 networking technologies, NVIDIA AI Enterprise software and HPE’s full portfolio of servers, storage, services and software. This now includes HPE OpsRamp Software, a validated observability solution for the NVIDIA Enterprise AI Factory, and HPE Morpheus Enterprise Software for orchestration. The result is a pre-integrated, modular infrastructure stack to help teams get AI into production faster.
    This includes the next-generation HPE Private Cloud AI, co-engineered with NVIDIA and validated as part of the NVIDIA Enterprise AI Factory framework. This full-stack, turnkey AI factory solution will offer HPE ProLiant Compute DL380a Gen12 servers with the new NVIDIA RTX PRO 6000 Blackwell Server Edition GPUs.
    These new NVIDIA RTX PRO Servers from HPE provide a universal data center platform for a wide range of enterprise AI and industrial AI use cases, and are now available to order from HPE. HPE Private Cloud AI includes the latest NVIDIA AI Blueprints, including the NVIDIA AI-Q Blueprint for AI agent creation and workflows.
    HPE also announced a new NVIDIA HGX B300 system, the HPE Compute XD690, built with NVIDIA Blackwell Ultra GPUs. It’s the latest entry in the NVIDIA AI Computing by HPE lineup and is expected to ship in October.
    In Japan, KDDI is working with HPE to build NVIDIA AI infrastructure to accelerate global adoption.
    The HPE-built KDDI system will be based on the NVIDIA GB200 NVL72 platform, built on the NVIDIA Grace Blackwell architecture, at the KDDI Osaka Sakai Data Center.
    To accelerate AI for financial services, HPE will co-test agentic AI workflows built on Accenture’s AI Refinery with NVIDIA, running on HPE Private Cloud AI. Initial use cases include sourcing, procurement and risk analysis.
    HPE said it’s adding 26 new partners to its “Unleash AI” ecosystem to support more NVIDIA AI use cases. The company now offers more than 70 packaged AI workloads, from fraud detection and video analytics to sovereign AI and cybersecurity.
    Security and governance were a focus, too. HPE Private Cloud AI supports air-gapped management, multi-tenancy and post-quantum cryptography. HPE’s try-before-you-buy program lets customers test the system in Equinix data centers before purchase. HPE also introduced new programs, including AI Acceleration Workshops with NVIDIA, to help scale AI deployments.

    Watch the keynote: HPE CEO Antonio Neri announced the news from the Las Vegas Sphere on Tuesday at 9 a.m. PT. Register for the livestream and watch the replay.
    Explore more: Learn how NVIDIA and HPE build AI factories for every industry. Visit the partner page.
    #hpe #nvidia #debut #factory #stack
    HPE and NVIDIA Debut AI Factory Stack to Power Next Industrial Shift
    To speed up AI adoption across industries, HPE and NVIDIA today launched new AI factory offerings at HPE Discover in Las Vegas. The new lineup includes everything from modular AI factory infrastructure and HPE’s AI-ready RTX PRO Servers, to the next generation of HPE’s turnkey AI platform, HPE Private Cloud AI. The goal: give enterprises a framework to build and scale generative, agentic and industrial AI. The NVIDIA AI Computing by HPE portfolio is now among the broadest in the market. The portfolio combines NVIDIA Blackwell accelerated computing, NVIDIA Spectrum-X Ethernet and NVIDIA BlueField-3 networking technologies, NVIDIA AI Enterprise software and HPE’s full portfolio of servers, storage, services and software. This now includes HPE OpsRamp Software, a validated observability solution for the NVIDIA Enterprise AI Factory, and HPE Morpheus Enterprise Software for orchestration. The result is a pre-integrated, modular infrastructure stack to help teams get AI into production faster. This includes the next-generation HPE Private Cloud AI, co-engineered with NVIDIA and validated as part of the NVIDIA Enterprise AI Factory framework. This full-stack, turnkey AI factory solution will offer HPE ProLiant Compute DL380a Gen12 servers with the new NVIDIA RTX PRO 6000 Blackwell Server Edition GPUs. These new NVIDIA RTX PRO Servers from HPE provide a universal data center platform for a wide range of enterprise AI and industrial AI use cases, and are now available to order from HPE. HPE Private Cloud AI includes the latest NVIDIA AI Blueprints, including the NVIDIA AI-Q Blueprint for AI agent creation and workflows. HPE also announced a new NVIDIA HGX B300 system, the HPE Compute XD690, built with NVIDIA Blackwell Ultra GPUs. It’s the latest entry in the NVIDIA AI Computing by HPE lineup and is expected to ship in October. In Japan, KDDI is working with HPE to build NVIDIA AI infrastructure to accelerate global adoption. The HPE-built KDDI system will be based on the NVIDIA GB200 NVL72 platform, built on the NVIDIA Grace Blackwell architecture, at the KDDI Osaka Sakai Data Center. To accelerate AI for financial services, HPE will co-test agentic AI workflows built on Accenture’s AI Refinery with NVIDIA, running on HPE Private Cloud AI. Initial use cases include sourcing, procurement and risk analysis. HPE said it’s adding 26 new partners to its “Unleash AI” ecosystem to support more NVIDIA AI use cases. The company now offers more than 70 packaged AI workloads, from fraud detection and video analytics to sovereign AI and cybersecurity. Security and governance were a focus, too. HPE Private Cloud AI supports air-gapped management, multi-tenancy and post-quantum cryptography. HPE’s try-before-you-buy program lets customers test the system in Equinix data centers before purchase. HPE also introduced new programs, including AI Acceleration Workshops with NVIDIA, to help scale AI deployments. Watch the keynote: HPE CEO Antonio Neri announced the news from the Las Vegas Sphere on Tuesday at 9 a.m. PT. Register for the livestream and watch the replay. Explore more: Learn how NVIDIA and HPE build AI factories for every industry. Visit the partner page. #hpe #nvidia #debut #factory #stack
    BLOGS.NVIDIA.COM
    HPE and NVIDIA Debut AI Factory Stack to Power Next Industrial Shift
    To speed up AI adoption across industries, HPE and NVIDIA today launched new AI factory offerings at HPE Discover in Las Vegas. The new lineup includes everything from modular AI factory infrastructure and HPE’s AI-ready RTX PRO Servers (HPE ProLiant Compute DL380a Gen12), to the next generation of HPE’s turnkey AI platform, HPE Private Cloud AI. The goal: give enterprises a framework to build and scale generative, agentic and industrial AI. The NVIDIA AI Computing by HPE portfolio is now among the broadest in the market. The portfolio combines NVIDIA Blackwell accelerated computing, NVIDIA Spectrum-X Ethernet and NVIDIA BlueField-3 networking technologies, NVIDIA AI Enterprise software and HPE’s full portfolio of servers, storage, services and software. This now includes HPE OpsRamp Software, a validated observability solution for the NVIDIA Enterprise AI Factory, and HPE Morpheus Enterprise Software for orchestration. The result is a pre-integrated, modular infrastructure stack to help teams get AI into production faster. This includes the next-generation HPE Private Cloud AI, co-engineered with NVIDIA and validated as part of the NVIDIA Enterprise AI Factory framework. This full-stack, turnkey AI factory solution will offer HPE ProLiant Compute DL380a Gen12 servers with the new NVIDIA RTX PRO 6000 Blackwell Server Edition GPUs. These new NVIDIA RTX PRO Servers from HPE provide a universal data center platform for a wide range of enterprise AI and industrial AI use cases, and are now available to order from HPE. HPE Private Cloud AI includes the latest NVIDIA AI Blueprints, including the NVIDIA AI-Q Blueprint for AI agent creation and workflows. HPE also announced a new NVIDIA HGX B300 system, the HPE Compute XD690, built with NVIDIA Blackwell Ultra GPUs. It’s the latest entry in the NVIDIA AI Computing by HPE lineup and is expected to ship in October. In Japan, KDDI is working with HPE to build NVIDIA AI infrastructure to accelerate global adoption. The HPE-built KDDI system will be based on the NVIDIA GB200 NVL72 platform, built on the NVIDIA Grace Blackwell architecture, at the KDDI Osaka Sakai Data Center. To accelerate AI for financial services, HPE will co-test agentic AI workflows built on Accenture’s AI Refinery with NVIDIA, running on HPE Private Cloud AI. Initial use cases include sourcing, procurement and risk analysis. HPE said it’s adding 26 new partners to its “Unleash AI” ecosystem to support more NVIDIA AI use cases. The company now offers more than 70 packaged AI workloads, from fraud detection and video analytics to sovereign AI and cybersecurity. Security and governance were a focus, too. HPE Private Cloud AI supports air-gapped management, multi-tenancy and post-quantum cryptography. HPE’s try-before-you-buy program lets customers test the system in Equinix data centers before purchase. HPE also introduced new programs, including AI Acceleration Workshops with NVIDIA, to help scale AI deployments. Watch the keynote: HPE CEO Antonio Neri announced the news from the Las Vegas Sphere on Tuesday at 9 a.m. PT. Register for the livestream and watch the replay. Explore more: Learn how NVIDIA and HPE build AI factories for every industry. Visit the partner page.
    0 Comentários 0 Compartilhamentos
  • The MORPHEUS Supercar Concept Could Make Batman Rethink His Ride

    The Carbon MORPHEUS is so sleek and streamlined its wind-tunnel test is probably just a bunch of parallel lines. Designed by EPTA, this mid-engine two-seater supercar skips nostalgia and dives straight into aggressive futurism. It looks engineered by a design studio that sees speed not as a metric, but as a shape.
    The design brief? “Design is the language of dreams.” Which sounds poetic until you realize what they’ve dreamt up could moonlight as a Batmobile in a Nolan film – just sharper, lower, and probably too dangerous for even Bruce Wayne. A manifesto of Italian elegance, they call it. But it leans more toward brutalist cyberpunk with a splash of Lamborghini’s wild DNA and a whisper of Bertone-era silhouette language. That tapered greenhouse? Pure retro-futurism, the kind that could only come from a country that worships both speed and sculpture in equal measure.
    Designer: EPTA Design

    The bodywork is entirely carbon fiber, and not just as a flex. The weave is visible from every angle, wrapping around exaggerated wheel arches and angry origami-like creases. It’s not just aesthetics either – it’s structure, soul, and statement. The reflections rolling off the surface are almost liquid, a high-gloss hallucination of light and intent. Look closely and you’ll see the word “VEPTA” near the front wheels, perhaps a clue or a red herring in EPTA Design’s growing mythos.

    Around the back, things get wild. Four vertical exhausts erupt from a tail section that looks like a spaceship’s afterburner array. There’s no wing, but the rear deck itself swoops like it’s ready to generate lift – or downforce, depending on how many laws of physics it’s trying to bend. A golden center-lock nut anchors the gloss-black wheels, which are wide, multi-spoked, and performance-obsessed. Brake calipers peek out in red, adding a splash of aggression to an otherwise stealth-fighter palette.

    From above, the canopy has a near-seamless wrap of glass and carbon. It’s tight. Tense. Like a jet cockpit shrunken down and perched just ahead of a carbon fiber storm. The symmetry here is clinical, the panel gaps razor-thin. It doesn’t just look fast; it looks like it was born in a vacuum chamber under military surveillance.

    EPTA says this is a “mid-engine two-seater supercar,” which automatically tells you what kind of proportions and intent they’re working with. But beyond the silhouette and stance, this thing is abstract sculpture on wheels. It’s less about raw specs and more about shaping emotion through velocity.

    And yet, it’s not lost in concept art fantasy. The presence is real, the panels are real, the reflections tell you this isn’t just a digital mockup. There’s heat coming out of those pipes in one of the rear shots. That’s combustion. That’s ambition made tactile. You don’t commit this hard to an idea unless you’re serious about chasing it into reality.The post The MORPHEUS Supercar Concept Could Make Batman Rethink His Ride first appeared on Yanko Design.
    #morpheus #supercar #concept #could #make
    The MORPHEUS Supercar Concept Could Make Batman Rethink His Ride
    The Carbon MORPHEUS is so sleek and streamlined its wind-tunnel test is probably just a bunch of parallel lines. Designed by EPTA, this mid-engine two-seater supercar skips nostalgia and dives straight into aggressive futurism. It looks engineered by a design studio that sees speed not as a metric, but as a shape. The design brief? “Design is the language of dreams.” Which sounds poetic until you realize what they’ve dreamt up could moonlight as a Batmobile in a Nolan film – just sharper, lower, and probably too dangerous for even Bruce Wayne. A manifesto of Italian elegance, they call it. But it leans more toward brutalist cyberpunk with a splash of Lamborghini’s wild DNA and a whisper of Bertone-era silhouette language. That tapered greenhouse? Pure retro-futurism, the kind that could only come from a country that worships both speed and sculpture in equal measure. Designer: EPTA Design The bodywork is entirely carbon fiber, and not just as a flex. The weave is visible from every angle, wrapping around exaggerated wheel arches and angry origami-like creases. It’s not just aesthetics either – it’s structure, soul, and statement. The reflections rolling off the surface are almost liquid, a high-gloss hallucination of light and intent. Look closely and you’ll see the word “VEPTA” near the front wheels, perhaps a clue or a red herring in EPTA Design’s growing mythos. Around the back, things get wild. Four vertical exhausts erupt from a tail section that looks like a spaceship’s afterburner array. There’s no wing, but the rear deck itself swoops like it’s ready to generate lift – or downforce, depending on how many laws of physics it’s trying to bend. A golden center-lock nut anchors the gloss-black wheels, which are wide, multi-spoked, and performance-obsessed. Brake calipers peek out in red, adding a splash of aggression to an otherwise stealth-fighter palette. From above, the canopy has a near-seamless wrap of glass and carbon. It’s tight. Tense. Like a jet cockpit shrunken down and perched just ahead of a carbon fiber storm. The symmetry here is clinical, the panel gaps razor-thin. It doesn’t just look fast; it looks like it was born in a vacuum chamber under military surveillance. EPTA says this is a “mid-engine two-seater supercar,” which automatically tells you what kind of proportions and intent they’re working with. But beyond the silhouette and stance, this thing is abstract sculpture on wheels. It’s less about raw specs and more about shaping emotion through velocity. And yet, it’s not lost in concept art fantasy. The presence is real, the panels are real, the reflections tell you this isn’t just a digital mockup. There’s heat coming out of those pipes in one of the rear shots. That’s combustion. That’s ambition made tactile. You don’t commit this hard to an idea unless you’re serious about chasing it into reality.The post The MORPHEUS Supercar Concept Could Make Batman Rethink His Ride first appeared on Yanko Design. #morpheus #supercar #concept #could #make
    WWW.YANKODESIGN.COM
    The MORPHEUS Supercar Concept Could Make Batman Rethink His Ride
    The Carbon MORPHEUS is so sleek and streamlined its wind-tunnel test is probably just a bunch of parallel lines. Designed by EPTA, this mid-engine two-seater supercar skips nostalgia and dives straight into aggressive futurism. It looks engineered by a design studio that sees speed not as a metric, but as a shape. The design brief? “Design is the language of dreams.” Which sounds poetic until you realize what they’ve dreamt up could moonlight as a Batmobile in a Nolan film – just sharper, lower, and probably too dangerous for even Bruce Wayne. A manifesto of Italian elegance, they call it. But it leans more toward brutalist cyberpunk with a splash of Lamborghini’s wild DNA and a whisper of Bertone-era silhouette language. That tapered greenhouse? Pure retro-futurism, the kind that could only come from a country that worships both speed and sculpture in equal measure. Designer: EPTA Design The bodywork is entirely carbon fiber, and not just as a flex. The weave is visible from every angle, wrapping around exaggerated wheel arches and angry origami-like creases. It’s not just aesthetics either – it’s structure, soul, and statement. The reflections rolling off the surface are almost liquid, a high-gloss hallucination of light and intent. Look closely and you’ll see the word “VEPTA” near the front wheels, perhaps a clue or a red herring in EPTA Design’s growing mythos. Around the back, things get wild. Four vertical exhausts erupt from a tail section that looks like a spaceship’s afterburner array. There’s no wing, but the rear deck itself swoops like it’s ready to generate lift – or downforce, depending on how many laws of physics it’s trying to bend. A golden center-lock nut anchors the gloss-black wheels, which are wide, multi-spoked, and performance-obsessed. Brake calipers peek out in red, adding a splash of aggression to an otherwise stealth-fighter palette. From above, the canopy has a near-seamless wrap of glass and carbon. It’s tight. Tense. Like a jet cockpit shrunken down and perched just ahead of a carbon fiber storm. The symmetry here is clinical, the panel gaps razor-thin. It doesn’t just look fast; it looks like it was born in a vacuum chamber under military surveillance. EPTA says this is a “mid-engine two-seater supercar,” which automatically tells you what kind of proportions and intent they’re working with. But beyond the silhouette and stance, this thing is abstract sculpture on wheels. It’s less about raw specs and more about shaping emotion through velocity. And yet, it’s not lost in concept art fantasy. The presence is real, the panels are real, the reflections tell you this isn’t just a digital mockup. There’s heat coming out of those pipes in one of the rear shots. That’s combustion. That’s ambition made tactile. You don’t commit this hard to an idea unless you’re serious about chasing it into reality.The post The MORPHEUS Supercar Concept Could Make Batman Rethink His Ride first appeared on Yanko Design.
    Like
    Love
    Wow
    Sad
    Angry
    261
    0 Comentários 0 Compartilhamentos
  • Interview: Rom Kosla, CIO, Hewlett Packard Enterprise

    When Rom Kosla, CIO at Hewlett Packard Enterprise, joined the technology giant in July 2023, the move represented a big shift in direction. Previously CIO at retailer Ahold Delhaize and CIO for enterprise solutions at PepsiCo, Kosla was a consumer specialist who wanted to apply his knowledge in a new sector.
    “I liked the idea of working in a different industry,” he says. “I went from consumer products to retail grocery. Moving into the tech industry was a bit nerve-wracking because the concept of who the customers are is different. But since I grew up in IT, I figured I’d have the ability to navigate my way through the company.”
    Kosla had previously worked as a project manager for Nestlé and spent time with the consultancy Deloitte. Now approaching two years with HPE, Kosla leads HPE’s technology strategy and is responsible for how the company harnesses artificial intelligenceand data. He also oversees e-commerce, app development, enterprise resource planningand security operations.
    “The role has exceeded my expectations,” he says. “When you’re a CIO at a multinational, like when I was a divisional CIO at PepsiCo, you’re in the back office. Whether it’s strategy, transformation or customer engagement, the systems are the enablers of that back-office effort. At HPE, it’s different because we are customer zero.”
    Kosla says he prefers the term “customer gold” because he wants HPE to develop high-quality products. In addition to setting the internal digital strategy, he has an outward-facing role providing expert advice to customers. That part of his role reminds him of his time at Deloitte.
    “Those are opportunities to flex my prior experience and capabilities, and learn how to take our products, enable them, and share best practices,” he says. “HPE is like any other company. We use cloud systems and software-as-a-service products, including Salesforce and others. But underneath, we have HPE powering a lot of the capabilities.”

    The press release announcing Kosla’s appointment in 2023 said HPE believed his prior experiences in the digital front-end and running complex supply chains made him the perfect person to build on its digital transformation efforts. So, how has that vision panned out?
    “What’s been interesting is helping the business and IT team think about the end-to-end value stream,” he says. “There was a lot of application-specific knowledge. The ability for processes to be optimised at an application layer versus the end-to-end value stream was only happening in certain spots.”
    Kosla discovered the organisation had spent two years moving to a private cloud installation on the company’s hardware and had consolidated 20-plus ERP systems under one SAP instance. With much of the transformation work complete, his focus turned to making the most of these assets.
    “The opportunity was not to shepherd up transformation, it was taking the next step, which was optimising,” says Kosla, explaining how he had boosted supply chain performance in his earlier roles. He’s now applying that knowledge at HPE.
    “What we’ve been doing is slicing areas of opportunity,” he says. “With the lead-to-quote process, for example, we have opportunities to optimise, depending on the type of business, such as the channel and distributors. We’re asking things like, ‘Can we get a quote out as quickly as possible, can we price it correctly, and can we rely less on human engagement?’”
    HPE announced a cost-reduction programme in March to reduce structural operating costs. The programme is expected to be implemented through fiscal year 2026 and deliver gross savings of approximately m by fiscal year 2027, including through workforce reductions. The programme of work in IT will help the company move towards these targets.
    Kosla says optimisation in financials might mean closing books faster. In the supply chain, the optimisation might be about predicting the raw materials needed to create products. He takes a term from his time in the consumer-packaged goods sector – right to play, right to win – to explain how his approach helps the business look for value-generating opportunities.
    “So, do we have the right to play, meaning do we have the skills? Where do we have the right to win, meaning do we have the funding, business resources and availability to deliver the results? We spend time focusing on which areas offer the right to play and the right to win.”

    Kosla says data and AI play a key role in these optimisations. HPE uses third-party applications with built-in AI capabilities and has developed an internal chat solution called ChatHPE, a generative AI hub used for internal processes.
    “There are lots of conversations around how we unlock the benefits of AI in the company,” he says. Professionals across the company use Microsoft Copilot in their day-to-day roles to boost productivity. Developers, meanwhile, use GitHub Copilot.
    Finally, there’s ChatHPE, which Kosla says is used according to the functional use case. HPE started developing the platform about 18 months ago. A pipeline of use cases has now been developed, including helping legal teams to review contracts, boosting customer service in operations, re-using campaign elements in marketing and improving analytics in finance.

    “We spend time focusing on which areas offer the right to play and the right to win”
    Rom Kosla, Hewlett Packard Enterprise

    “We have a significant amount of governance internally,” says Kosla, referring to ChatHPE, which is powered by Azure and OpenAI technology. “When I started, there wasn’t an internal HPE AI engine. We had to tell the teams not to use the standard tools because any data that you feed into them is ultimately extracted. So, we had to create our platform.”
    Embracing AI isn’t Kosla’s only concern. Stabilisation is a big part of what he needs to achieve during the next 12 months. He returns to HPE’s two major transformation initiatives – the shift to private cloud and the consolidation of ERP platforms – suggesting that the dual roll-out and management of these initiatives created a significant number of incidents.
    “When I look back at PepsiCo, we had about 300,000 employees and about 600,000 tickets, which means two tickets per person per year. I said to the executive committee at HPE, ‘We have 60,000 employees, and we have a couple of million tickets’, which is an insane number. The goal was to bring that number down by about 85%,” he says.
    “Now, our system uptime is 99% across our quoting and financial systems. That availability allows our business to do more than focus on internal IT. They can focus on the customer. Stabilisation means the business isn’t constantly thinking about IT systems, because it’s a challenge to execute every day when systems are going down because of issues.”

    Kosla says the long-term aim from an IT perspective is to align the technology organisation with business outcomes. In financials, for example, he wants to produce the data analytics the business needs across the supply chain and operational processes.
    “We have embedded teams that work together to look at how we enable data, like our chat capabilities, into some of the activities,” he says. “They’ll consider how we reduce friction, especially the manual steps. They’ll also consider planning, from raw materials to the manufacturing and delivery of products. That work involves partnering with the business.”
    The key to success for the IT team is to help the business unlock value quicker. “I would say that’s the biggest part for us,” says Kosla. “We don’t even like to use the word speed – we say velocity, because velocity equals direction, and that’s crucial for us. I think the business is happy with what we’ve been able to achieve, but it’s still not fast enough.”
    Being able to deliver results at pace will rely on new levels of flexibility. Rather than being wedded to a 12-month plan that maps out a series of deliverables, Kosla wants his team to work more in the moment. Prior experiences from the consumer sector give him a good sense of what excellence looks like in this area.
    “You don’t need to go back to the top, go through an annual planning review, go back down, and then have the teams twiddling their thumbs while they wait for the OK,” he says.
    “The goal is that teams are constantly working on what’s achievable during a sprint window. Many companies take that approach; I’ve done it in my prior working life. I know what can happen, and I think flexibility will drive value creation.”
    Kosla says some of the value will come from HPE’s in-house developed technologies. “One of the things that makes this role fun is that there’s a significant amount of innovation the company is doing,” he says, pointing to important technologies, such as Morpheus VM Essentials virtualisation software, the observability platform OpsRamp, and Aruba Networking Access Points.
    “What I’m proud of is that we now show up to customers with comparability,” he says, talking about the advisory part of his role. “We can say, ‘Look, we use both products, because in some cases, it’s a migration over time.’ So, for example, when a customer asks about our observability approach, we can compare our technology with other providers.”

    Kosla reflects on his career and ponders the future of the CIO role, suggesting responsibilities will vary considerably according to sector. “Digital leaders still maintain IT systems in some industries,” he says.
    “However, the rest of the business is now much more aware of technology. The blurring of lines between business and IT means it’s tougher to differentiate between the two areas. I think we’ll see more convergence.”
    Kosla says a growing desire to contain costs often creates a close relationship between IT and finance leaders. Once again, he expects further developments in that partnership. He also anticipates that cyber will remain at the forefront of digital leaders’ priority lists.
    More generally, he believes all IT professionals are becoming more focused on business priorities. “I think the blurring will continue to create interesting results, especially in technology companies,” he says. “We want to do things differently.”

    interviews with tech company IT leaders

    Interview: Joe Depa, global chief innovation officer, EY – Accounting firm EY is focused on ‘AI-ready data’ to maximise the benefits of agentic AI and enable the use of emerging frontier technologies for its business and clients.
    Interview: Cynthia Stoddard, CIO, Adobe – After nearly 10 years in post, Adobe’s CIO is still driving digital transformation and looking to deliver lasting change through technology.
    Interview: Tomer Cohen, chief product officer, LinkedIn – The professional social network’s product chief is leading the introduction of artificial intelligence for the firm’s in-house development processes and to enhance services for users.
    #interview #rom #kosla #cio #hewlett
    Interview: Rom Kosla, CIO, Hewlett Packard Enterprise
    When Rom Kosla, CIO at Hewlett Packard Enterprise, joined the technology giant in July 2023, the move represented a big shift in direction. Previously CIO at retailer Ahold Delhaize and CIO for enterprise solutions at PepsiCo, Kosla was a consumer specialist who wanted to apply his knowledge in a new sector. “I liked the idea of working in a different industry,” he says. “I went from consumer products to retail grocery. Moving into the tech industry was a bit nerve-wracking because the concept of who the customers are is different. But since I grew up in IT, I figured I’d have the ability to navigate my way through the company.” Kosla had previously worked as a project manager for Nestlé and spent time with the consultancy Deloitte. Now approaching two years with HPE, Kosla leads HPE’s technology strategy and is responsible for how the company harnesses artificial intelligenceand data. He also oversees e-commerce, app development, enterprise resource planningand security operations. “The role has exceeded my expectations,” he says. “When you’re a CIO at a multinational, like when I was a divisional CIO at PepsiCo, you’re in the back office. Whether it’s strategy, transformation or customer engagement, the systems are the enablers of that back-office effort. At HPE, it’s different because we are customer zero.” Kosla says he prefers the term “customer gold” because he wants HPE to develop high-quality products. In addition to setting the internal digital strategy, he has an outward-facing role providing expert advice to customers. That part of his role reminds him of his time at Deloitte. “Those are opportunities to flex my prior experience and capabilities, and learn how to take our products, enable them, and share best practices,” he says. “HPE is like any other company. We use cloud systems and software-as-a-service products, including Salesforce and others. But underneath, we have HPE powering a lot of the capabilities.” The press release announcing Kosla’s appointment in 2023 said HPE believed his prior experiences in the digital front-end and running complex supply chains made him the perfect person to build on its digital transformation efforts. So, how has that vision panned out? “What’s been interesting is helping the business and IT team think about the end-to-end value stream,” he says. “There was a lot of application-specific knowledge. The ability for processes to be optimised at an application layer versus the end-to-end value stream was only happening in certain spots.” Kosla discovered the organisation had spent two years moving to a private cloud installation on the company’s hardware and had consolidated 20-plus ERP systems under one SAP instance. With much of the transformation work complete, his focus turned to making the most of these assets. “The opportunity was not to shepherd up transformation, it was taking the next step, which was optimising,” says Kosla, explaining how he had boosted supply chain performance in his earlier roles. He’s now applying that knowledge at HPE. “What we’ve been doing is slicing areas of opportunity,” he says. “With the lead-to-quote process, for example, we have opportunities to optimise, depending on the type of business, such as the channel and distributors. We’re asking things like, ‘Can we get a quote out as quickly as possible, can we price it correctly, and can we rely less on human engagement?’” HPE announced a cost-reduction programme in March to reduce structural operating costs. The programme is expected to be implemented through fiscal year 2026 and deliver gross savings of approximately m by fiscal year 2027, including through workforce reductions. The programme of work in IT will help the company move towards these targets. Kosla says optimisation in financials might mean closing books faster. In the supply chain, the optimisation might be about predicting the raw materials needed to create products. He takes a term from his time in the consumer-packaged goods sector – right to play, right to win – to explain how his approach helps the business look for value-generating opportunities. “So, do we have the right to play, meaning do we have the skills? Where do we have the right to win, meaning do we have the funding, business resources and availability to deliver the results? We spend time focusing on which areas offer the right to play and the right to win.” Kosla says data and AI play a key role in these optimisations. HPE uses third-party applications with built-in AI capabilities and has developed an internal chat solution called ChatHPE, a generative AI hub used for internal processes. “There are lots of conversations around how we unlock the benefits of AI in the company,” he says. Professionals across the company use Microsoft Copilot in their day-to-day roles to boost productivity. Developers, meanwhile, use GitHub Copilot. Finally, there’s ChatHPE, which Kosla says is used according to the functional use case. HPE started developing the platform about 18 months ago. A pipeline of use cases has now been developed, including helping legal teams to review contracts, boosting customer service in operations, re-using campaign elements in marketing and improving analytics in finance. “We spend time focusing on which areas offer the right to play and the right to win” Rom Kosla, Hewlett Packard Enterprise “We have a significant amount of governance internally,” says Kosla, referring to ChatHPE, which is powered by Azure and OpenAI technology. “When I started, there wasn’t an internal HPE AI engine. We had to tell the teams not to use the standard tools because any data that you feed into them is ultimately extracted. So, we had to create our platform.” Embracing AI isn’t Kosla’s only concern. Stabilisation is a big part of what he needs to achieve during the next 12 months. He returns to HPE’s two major transformation initiatives – the shift to private cloud and the consolidation of ERP platforms – suggesting that the dual roll-out and management of these initiatives created a significant number of incidents. “When I look back at PepsiCo, we had about 300,000 employees and about 600,000 tickets, which means two tickets per person per year. I said to the executive committee at HPE, ‘We have 60,000 employees, and we have a couple of million tickets’, which is an insane number. The goal was to bring that number down by about 85%,” he says. “Now, our system uptime is 99% across our quoting and financial systems. That availability allows our business to do more than focus on internal IT. They can focus on the customer. Stabilisation means the business isn’t constantly thinking about IT systems, because it’s a challenge to execute every day when systems are going down because of issues.” Kosla says the long-term aim from an IT perspective is to align the technology organisation with business outcomes. In financials, for example, he wants to produce the data analytics the business needs across the supply chain and operational processes. “We have embedded teams that work together to look at how we enable data, like our chat capabilities, into some of the activities,” he says. “They’ll consider how we reduce friction, especially the manual steps. They’ll also consider planning, from raw materials to the manufacturing and delivery of products. That work involves partnering with the business.” The key to success for the IT team is to help the business unlock value quicker. “I would say that’s the biggest part for us,” says Kosla. “We don’t even like to use the word speed – we say velocity, because velocity equals direction, and that’s crucial for us. I think the business is happy with what we’ve been able to achieve, but it’s still not fast enough.” Being able to deliver results at pace will rely on new levels of flexibility. Rather than being wedded to a 12-month plan that maps out a series of deliverables, Kosla wants his team to work more in the moment. Prior experiences from the consumer sector give him a good sense of what excellence looks like in this area. “You don’t need to go back to the top, go through an annual planning review, go back down, and then have the teams twiddling their thumbs while they wait for the OK,” he says. “The goal is that teams are constantly working on what’s achievable during a sprint window. Many companies take that approach; I’ve done it in my prior working life. I know what can happen, and I think flexibility will drive value creation.” Kosla says some of the value will come from HPE’s in-house developed technologies. “One of the things that makes this role fun is that there’s a significant amount of innovation the company is doing,” he says, pointing to important technologies, such as Morpheus VM Essentials virtualisation software, the observability platform OpsRamp, and Aruba Networking Access Points. “What I’m proud of is that we now show up to customers with comparability,” he says, talking about the advisory part of his role. “We can say, ‘Look, we use both products, because in some cases, it’s a migration over time.’ So, for example, when a customer asks about our observability approach, we can compare our technology with other providers.” Kosla reflects on his career and ponders the future of the CIO role, suggesting responsibilities will vary considerably according to sector. “Digital leaders still maintain IT systems in some industries,” he says. “However, the rest of the business is now much more aware of technology. The blurring of lines between business and IT means it’s tougher to differentiate between the two areas. I think we’ll see more convergence.” Kosla says a growing desire to contain costs often creates a close relationship between IT and finance leaders. Once again, he expects further developments in that partnership. He also anticipates that cyber will remain at the forefront of digital leaders’ priority lists. More generally, he believes all IT professionals are becoming more focused on business priorities. “I think the blurring will continue to create interesting results, especially in technology companies,” he says. “We want to do things differently.” interviews with tech company IT leaders Interview: Joe Depa, global chief innovation officer, EY – Accounting firm EY is focused on ‘AI-ready data’ to maximise the benefits of agentic AI and enable the use of emerging frontier technologies for its business and clients. Interview: Cynthia Stoddard, CIO, Adobe – After nearly 10 years in post, Adobe’s CIO is still driving digital transformation and looking to deliver lasting change through technology. Interview: Tomer Cohen, chief product officer, LinkedIn – The professional social network’s product chief is leading the introduction of artificial intelligence for the firm’s in-house development processes and to enhance services for users. #interview #rom #kosla #cio #hewlett
    WWW.COMPUTERWEEKLY.COM
    Interview: Rom Kosla, CIO, Hewlett Packard Enterprise
    When Rom Kosla, CIO at Hewlett Packard Enterprise (HPE), joined the technology giant in July 2023, the move represented a big shift in direction. Previously CIO at retailer Ahold Delhaize and CIO for enterprise solutions at PepsiCo, Kosla was a consumer specialist who wanted to apply his knowledge in a new sector. “I liked the idea of working in a different industry,” he says. “I went from consumer products to retail grocery. Moving into the tech industry was a bit nerve-wracking because the concept of who the customers are is different. But since I grew up in IT, I figured I’d have the ability to navigate my way through the company.” Kosla had previously worked as a project manager for Nestlé and spent time with the consultancy Deloitte. Now approaching two years with HPE, Kosla leads HPE’s technology strategy and is responsible for how the company harnesses artificial intelligence (AI) and data. He also oversees e-commerce, app development, enterprise resource planning (ERP) and security operations. “The role has exceeded my expectations,” he says. “When you’re a CIO at a multinational, like when I was a divisional CIO at PepsiCo, you’re in the back office. Whether it’s strategy, transformation or customer engagement, the systems are the enablers of that back-office effort. At HPE, it’s different because we are customer zero.” Kosla says he prefers the term “customer gold” because he wants HPE to develop high-quality products. In addition to setting the internal digital strategy, he has an outward-facing role providing expert advice to customers. That part of his role reminds him of his time at Deloitte. “Those are opportunities to flex my prior experience and capabilities, and learn how to take our products, enable them, and share best practices,” he says. “HPE is like any other company. We use cloud systems and software-as-a-service products, including Salesforce and others. But underneath, we have HPE powering a lot of the capabilities.” The press release announcing Kosla’s appointment in 2023 said HPE believed his prior experiences in the digital front-end and running complex supply chains made him the perfect person to build on its digital transformation efforts. So, how has that vision panned out? “What’s been interesting is helping the business and IT team think about the end-to-end value stream,” he says. “There was a lot of application-specific knowledge. The ability for processes to be optimised at an application layer versus the end-to-end value stream was only happening in certain spots.” Kosla discovered the organisation had spent two years moving to a private cloud installation on the company’s hardware and had consolidated 20-plus ERP systems under one SAP instance. With much of the transformation work complete, his focus turned to making the most of these assets. “The opportunity was not to shepherd up transformation, it was taking the next step, which was optimising,” says Kosla, explaining how he had boosted supply chain performance in his earlier roles. He’s now applying that knowledge at HPE. “What we’ve been doing is slicing areas of opportunity,” he says. “With the lead-to-quote process, for example, we have opportunities to optimise, depending on the type of business, such as the channel and distributors. We’re asking things like, ‘Can we get a quote out as quickly as possible, can we price it correctly, and can we rely less on human engagement?’” HPE announced a cost-reduction programme in March to reduce structural operating costs. The programme is expected to be implemented through fiscal year 2026 and deliver gross savings of approximately $350m by fiscal year 2027, including through workforce reductions. The programme of work in IT will help the company move towards these targets. Kosla says optimisation in financials might mean closing books faster. In the supply chain, the optimisation might be about predicting the raw materials needed to create products. He takes a term from his time in the consumer-packaged goods sector – right to play, right to win – to explain how his approach helps the business look for value-generating opportunities. “So, do we have the right to play, meaning do we have the skills? Where do we have the right to win, meaning do we have the funding, business resources and availability to deliver the results? We spend time focusing on which areas offer the right to play and the right to win.” Kosla says data and AI play a key role in these optimisations. HPE uses third-party applications with built-in AI capabilities and has developed an internal chat solution called ChatHPE, a generative AI hub used for internal processes. “There are lots of conversations around how we unlock the benefits of AI in the company,” he says. Professionals across the company use Microsoft Copilot in their day-to-day roles to boost productivity. Developers, meanwhile, use GitHub Copilot. Finally, there’s ChatHPE, which Kosla says is used according to the functional use case. HPE started developing the platform about 18 months ago. A pipeline of use cases has now been developed, including helping legal teams to review contracts, boosting customer service in operations, re-using campaign elements in marketing and improving analytics in finance. “We spend time focusing on which areas offer the right to play and the right to win” Rom Kosla, Hewlett Packard Enterprise “We have a significant amount of governance internally,” says Kosla, referring to ChatHPE, which is powered by Azure and OpenAI technology. “When I started, there wasn’t an internal HPE AI engine. We had to tell the teams not to use the standard tools because any data that you feed into them is ultimately extracted. So, we had to create our platform.” Embracing AI isn’t Kosla’s only concern. Stabilisation is a big part of what he needs to achieve during the next 12 months. He returns to HPE’s two major transformation initiatives – the shift to private cloud and the consolidation of ERP platforms – suggesting that the dual roll-out and management of these initiatives created a significant number of incidents. “When I look back at PepsiCo, we had about 300,000 employees and about 600,000 tickets, which means two tickets per person per year. I said to the executive committee at HPE, ‘We have 60,000 employees, and we have a couple of million tickets’, which is an insane number. The goal was to bring that number down by about 85%,” he says. “Now, our system uptime is 99% across our quoting and financial systems. That availability allows our business to do more than focus on internal IT. They can focus on the customer. Stabilisation means the business isn’t constantly thinking about IT systems, because it’s a challenge to execute every day when systems are going down because of issues.” Kosla says the long-term aim from an IT perspective is to align the technology organisation with business outcomes. In financials, for example, he wants to produce the data analytics the business needs across the supply chain and operational processes. “We have embedded teams that work together to look at how we enable data, like our chat capabilities, into some of the activities,” he says. “They’ll consider how we reduce friction, especially the manual steps. They’ll also consider planning, from raw materials to the manufacturing and delivery of products. That work involves partnering with the business.” The key to success for the IT team is to help the business unlock value quicker. “I would say that’s the biggest part for us,” says Kosla. “We don’t even like to use the word speed – we say velocity, because velocity equals direction, and that’s crucial for us. I think the business is happy with what we’ve been able to achieve, but it’s still not fast enough.” Being able to deliver results at pace will rely on new levels of flexibility. Rather than being wedded to a 12-month plan that maps out a series of deliverables, Kosla wants his team to work more in the moment. Prior experiences from the consumer sector give him a good sense of what excellence looks like in this area. “You don’t need to go back to the top, go through an annual planning review, go back down, and then have the teams twiddling their thumbs while they wait for the OK,” he says. “The goal is that teams are constantly working on what’s achievable during a sprint window. Many companies take that approach; I’ve done it in my prior working life. I know what can happen, and I think flexibility will drive value creation.” Kosla says some of the value will come from HPE’s in-house developed technologies. “One of the things that makes this role fun is that there’s a significant amount of innovation the company is doing,” he says, pointing to important technologies, such as Morpheus VM Essentials virtualisation software, the observability platform OpsRamp, and Aruba Networking Access Points. “What I’m proud of is that we now show up to customers with comparability,” he says, talking about the advisory part of his role. “We can say, ‘Look, we use both products, because in some cases, it’s a migration over time.’ So, for example, when a customer asks about our observability approach, we can compare our technology with other providers.” Kosla reflects on his career and ponders the future of the CIO role, suggesting responsibilities will vary considerably according to sector. “Digital leaders still maintain IT systems in some industries,” he says. “However, the rest of the business is now much more aware of technology. The blurring of lines between business and IT means it’s tougher to differentiate between the two areas. I think we’ll see more convergence.” Kosla says a growing desire to contain costs often creates a close relationship between IT and finance leaders. Once again, he expects further developments in that partnership. He also anticipates that cyber will remain at the forefront of digital leaders’ priority lists. More generally, he believes all IT professionals are becoming more focused on business priorities. “I think the blurring will continue to create interesting results, especially in technology companies,” he says. “We want to do things differently.” Read more interviews with tech company IT leaders Interview: Joe Depa, global chief innovation officer, EY – Accounting firm EY is focused on ‘AI-ready data’ to maximise the benefits of agentic AI and enable the use of emerging frontier technologies for its business and clients. Interview: Cynthia Stoddard, CIO, Adobe – After nearly 10 years in post, Adobe’s CIO is still driving digital transformation and looking to deliver lasting change through technology. Interview: Tomer Cohen, chief product officer, LinkedIn – The professional social network’s product chief is leading the introduction of artificial intelligence for the firm’s in-house development processes and to enhance services for users.
    0 Comentários 0 Compartilhamentos
  • Ransomware Gangs Use Skitnet Malware for Stealthy Data Theft and Remote Access

    May 19, 2025Ravie LakshmananRansomware / Malware

    Several ransomware actors are using a malware called Skitnet as part of their post-exploitation efforts to steal sensitive data and establish remote control over compromised hosts.
    "Skitnet has been sold on underground forums like RAMP since April 2024," Swiss cybersecurity company PRODAFT told The Hacker News. "However, since early 2025, we have observed multiple ransomware operators using it in real-world attacks."
    "For example, in April 2025, Black Basta leveraged Skitnet in Teams-themed phishing campaigns targeting enterprise environments. With its stealth features and flexible architecture, Skitnet appears to be gaining traction rapidly within the ransomware ecosystem."
    Skitnet, also called Bossnet, is a multi-stage malware developed by a threat actor tracked by the company under the name LARVA-306. A notable aspect of the malicious tool is that it uses programming languages like Rust and Nim to launch a reverse shell over DNS and evade detection.
    It also incorporates persistence mechanisms, remote access tools, commands for data exfiltration, and even download a .NET loader binary that can be used to serve additional payloads, making it a versatile threat.

    First advertised on April 19, 2024, Skitnet is offered to potential customers as a "compact package" comprising a server component and malware. The initial executable is a Rust binary that decrypts and runs an embedded payload that's compiled in Nim.
    "The primary function of this Nim binary is to establish a reverse shell connection with the C2server via DNS resolution," PRODAFT said. "To evade detection, it employs the GetProcAddress function to dynamically resolve API function addresses rather than using traditional import tables."
    The Nim-based binary further starts multiple threads to send DNS requests every 10 seconds, read DNS responses and extract commands to be executed on the host, and transmit the results of the execution of the command back to the server. The commands are issued via a C2 panel that's used to manage the infected hosts.
    Some of the supported PowerShell commands are listed below -

    Startup, which ensures persistence by creating shortcuts in the Startup directory of the victim's device
    Screen, which captures a screenshot of the victim's desktop
    Anydesk/Rutserv, which deploys a legitimate remote desktop software like AnyDesk or Remote UtilitiesShell, to run PowerShell scripts hosted on a remote server and send the results back to the C2 server
    AV, which gathers a list of installed security products

    "Skitnet is a multi-stage malware that leverages multiple programming languages, and encryption techniques," PRODAFT said. "By using Rust for payload decryption and manual mapping, followed by a Nim-based reverse shell communicating over DNS, the malware tries to evade traditional security measures."

    The disclosure comes as Zscaler ThreatLabz detailed another malware loader dubbed TransferLoader that's being used to deliver a ransomware strain called Morpheus targeting an American law firm.
    Active since at least February 2025, TransferLoader incorporates three components, a downloader, a backdoor, and a specialized loader for the backdoor, enabling the threat actors to execute arbitrary commands on the compromised system.
    While the downloader is designed to fetch and execute a payload from a C2 server and simultaneously run a PDF decoy file, the backdoor is responsible for running commands issued by the server, as well as updating its own configuration.
    "The backdoor utilizes the decentralized InterPlanetary File Systempeer-to-peer platform as a fallback channel for updating the command-and-controlserver," the cybersecurity company said. "The developers of TransferLoader use obfuscation methods to make the reverse engineering process more tedious."

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

    SHARE




    #ransomware #gangs #use #skitnet #malware
    Ransomware Gangs Use Skitnet Malware for Stealthy Data Theft and Remote Access
    May 19, 2025Ravie LakshmananRansomware / Malware Several ransomware actors are using a malware called Skitnet as part of their post-exploitation efforts to steal sensitive data and establish remote control over compromised hosts. "Skitnet has been sold on underground forums like RAMP since April 2024," Swiss cybersecurity company PRODAFT told The Hacker News. "However, since early 2025, we have observed multiple ransomware operators using it in real-world attacks." "For example, in April 2025, Black Basta leveraged Skitnet in Teams-themed phishing campaigns targeting enterprise environments. With its stealth features and flexible architecture, Skitnet appears to be gaining traction rapidly within the ransomware ecosystem." Skitnet, also called Bossnet, is a multi-stage malware developed by a threat actor tracked by the company under the name LARVA-306. A notable aspect of the malicious tool is that it uses programming languages like Rust and Nim to launch a reverse shell over DNS and evade detection. It also incorporates persistence mechanisms, remote access tools, commands for data exfiltration, and even download a .NET loader binary that can be used to serve additional payloads, making it a versatile threat. First advertised on April 19, 2024, Skitnet is offered to potential customers as a "compact package" comprising a server component and malware. The initial executable is a Rust binary that decrypts and runs an embedded payload that's compiled in Nim. "The primary function of this Nim binary is to establish a reverse shell connection with the C2server via DNS resolution," PRODAFT said. "To evade detection, it employs the GetProcAddress function to dynamically resolve API function addresses rather than using traditional import tables." The Nim-based binary further starts multiple threads to send DNS requests every 10 seconds, read DNS responses and extract commands to be executed on the host, and transmit the results of the execution of the command back to the server. The commands are issued via a C2 panel that's used to manage the infected hosts. Some of the supported PowerShell commands are listed below - Startup, which ensures persistence by creating shortcuts in the Startup directory of the victim's device Screen, which captures a screenshot of the victim's desktop Anydesk/Rutserv, which deploys a legitimate remote desktop software like AnyDesk or Remote UtilitiesShell, to run PowerShell scripts hosted on a remote server and send the results back to the C2 server AV, which gathers a list of installed security products "Skitnet is a multi-stage malware that leverages multiple programming languages, and encryption techniques," PRODAFT said. "By using Rust for payload decryption and manual mapping, followed by a Nim-based reverse shell communicating over DNS, the malware tries to evade traditional security measures." The disclosure comes as Zscaler ThreatLabz detailed another malware loader dubbed TransferLoader that's being used to deliver a ransomware strain called Morpheus targeting an American law firm. Active since at least February 2025, TransferLoader incorporates three components, a downloader, a backdoor, and a specialized loader for the backdoor, enabling the threat actors to execute arbitrary commands on the compromised system. While the downloader is designed to fetch and execute a payload from a C2 server and simultaneously run a PDF decoy file, the backdoor is responsible for running commands issued by the server, as well as updating its own configuration. "The backdoor utilizes the decentralized InterPlanetary File Systempeer-to-peer platform as a fallback channel for updating the command-and-controlserver," the cybersecurity company said. "The developers of TransferLoader use obfuscation methods to make the reverse engineering process more tedious." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE     #ransomware #gangs #use #skitnet #malware
    THEHACKERNEWS.COM
    Ransomware Gangs Use Skitnet Malware for Stealthy Data Theft and Remote Access
    May 19, 2025Ravie LakshmananRansomware / Malware Several ransomware actors are using a malware called Skitnet as part of their post-exploitation efforts to steal sensitive data and establish remote control over compromised hosts. "Skitnet has been sold on underground forums like RAMP since April 2024," Swiss cybersecurity company PRODAFT told The Hacker News. "However, since early 2025, we have observed multiple ransomware operators using it in real-world attacks." "For example, in April 2025, Black Basta leveraged Skitnet in Teams-themed phishing campaigns targeting enterprise environments. With its stealth features and flexible architecture, Skitnet appears to be gaining traction rapidly within the ransomware ecosystem." Skitnet, also called Bossnet, is a multi-stage malware developed by a threat actor tracked by the company under the name LARVA-306. A notable aspect of the malicious tool is that it uses programming languages like Rust and Nim to launch a reverse shell over DNS and evade detection. It also incorporates persistence mechanisms, remote access tools, commands for data exfiltration, and even download a .NET loader binary that can be used to serve additional payloads, making it a versatile threat. First advertised on April 19, 2024, Skitnet is offered to potential customers as a "compact package" comprising a server component and malware. The initial executable is a Rust binary that decrypts and runs an embedded payload that's compiled in Nim. "The primary function of this Nim binary is to establish a reverse shell connection with the C2 [command-and-control] server via DNS resolution," PRODAFT said. "To evade detection, it employs the GetProcAddress function to dynamically resolve API function addresses rather than using traditional import tables." The Nim-based binary further starts multiple threads to send DNS requests every 10 seconds, read DNS responses and extract commands to be executed on the host, and transmit the results of the execution of the command back to the server. The commands are issued via a C2 panel that's used to manage the infected hosts. Some of the supported PowerShell commands are listed below - Startup, which ensures persistence by creating shortcuts in the Startup directory of the victim's device Screen, which captures a screenshot of the victim's desktop Anydesk/Rutserv, which deploys a legitimate remote desktop software like AnyDesk or Remote Utilities ("rutserv.exe") Shell, to run PowerShell scripts hosted on a remote server and send the results back to the C2 server AV, which gathers a list of installed security products "Skitnet is a multi-stage malware that leverages multiple programming languages, and encryption techniques," PRODAFT said. "By using Rust for payload decryption and manual mapping, followed by a Nim-based reverse shell communicating over DNS, the malware tries to evade traditional security measures." The disclosure comes as Zscaler ThreatLabz detailed another malware loader dubbed TransferLoader that's being used to deliver a ransomware strain called Morpheus targeting an American law firm. Active since at least February 2025, TransferLoader incorporates three components, a downloader, a backdoor, and a specialized loader for the backdoor, enabling the threat actors to execute arbitrary commands on the compromised system. While the downloader is designed to fetch and execute a payload from a C2 server and simultaneously run a PDF decoy file, the backdoor is responsible for running commands issued by the server, as well as updating its own configuration. "The backdoor utilizes the decentralized InterPlanetary File System (IPFS) peer-to-peer platform as a fallback channel for updating the command-and-control (C2) server," the cybersecurity company said. "The developers of TransferLoader use obfuscation methods to make the reverse engineering process more tedious." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    
    0 Comentários 0 Compartilhamentos