Cybersecurity researchers have disclosed details of a new Rust-based backdoor called ChaosBot that can allow operators to conduct reconnaissance and execute arbitrary commands on compromised hosts.

"Threat actors leveraged compromised credentials that mapped to both Cisco VPN and an over-privileged Active Directory account named, 'serviceaccount,'" eSentire said in a technical report published last week. "Using the compromised account, they leveraged WMI to execute remote commands across systems in the network, facilitating the deployment and execution of ChaosBot."

The Canadian cybersecurity company said it first detected the malware in late September 2025 within a financial services customer's environment.

ChaosBot is noteworthy for its abuse of Discord for command-and-control (C

See Full Page