Handala attempts a supply chain hack via ReutOne

Handala compromised ReutOne, a Microsoft 365 Dynamics reseller, and sent a fake software update on 24 Dec 2024 that installs a loader which profiles infected Windows hosts (numerous system, network, and credential-collection commands) and reports to C2 infrastructure (storjshare gateway domains and several IPs). The report provides first-stage payload hashes, additional payload hashes, C2 IPs, network URLs, Emerging Threats signatures, and notes low AV detection and observed hands-on-keyboard activity, indicating an active targeted supply-chain campaign with potential downstream impact to reseller customers.