Researchers Detail Tuoni C2's Role in an Attempted 2025 Real-Estate Cyber Intrusion

Tuoni C2 Framework Used in Real Estate Cyberattack

In mid-October 2025, a US-based real estate company was targeted in a cyberattack leveraging the Tuoni command-and-control (C2) framework. Tuoni, released in early 2024, is a C2 tool marketed to security professionals for red teaming and penetration testing, with a free “Community Edition” available on GitHub.

Why This Matters

The use of legitimate red teaming tools like Tuoni for malicious purposes highlights a growing trend: the blurring line between offensive and defensive security practices. The cost of a successful breach in the real estate sector, including data exfiltration and operational disruption, can reach millions of dollars, making proactive defense and threat intelligence crucial.

Key Insights

• Tuoni C2 release: Tuoni, a C2 framework, was first released in early 2024.
• Steganography in malware: The attack employed steganography, hiding malicious payloads within bitmap images, to evade detection.
• AI-assisted code generation: Researchers noted potential AI assistance in the initial loader’s code, evidenced by modular structure and comments.

Working Example

(No code provided in the source text)

Practical Applications

• Use Case: Security teams can use Tuoni (legitimately) to simulate attacks and assess their defenses.
• Pitfall: Over-reliance on signature-based detection can be bypassed by techniques like steganography and in-memory execution.

References:

• https://thehackernews.com/2025/11/researchers-detail-tuoni-c2s-role-in.html