Skip to main content
Author

Kahng An

Cyber Threat Intelligence Analyst II

Kahng An is a member of the Intelligence team at Cofense, specializing in malware analysis ranging from repurposed legitimate tools to novel, unanalyzed samples. Outside of active malware threat analysis, Kahng is also responsible for greater threat actor campaign trend analysis. Prior to threat intelligence work at Cofense, Kahng worked in incident response (primarily focusing on ransomware incident response and threat hunting) and performed malware analysis on ransomware encryptors and custom remote access trojans.

Articles By

Kahng An

4 posts

{{articles.featured.category.label}}
April 9, 2026

From Tax Refund to Total Compromise: IRS-Themed Phishing Email Drives Full-Stack Financial Fraud

This blog describes a phishing campaign that impersonates the IRS and Elon Musk to lure victims with a fake $5000 tax refund, ultimately redirecting them to credential harvesting websites. After submitting personal information, victims are funneled into a fraudulent cryptocurrency platform that requests additional sensitive data, including bank details and photo ID, under the guise of processing the refund.

March 11, 2026

Weaponizing Telegram Bots: How Threat Actors Exfiltrate Credentials

Telegram is a free, online instant messenger platform that is also commonly abused by threat actors for a wide range of malicious activities. One of Telegram’s notable features is its extensive collection of web APIs, one of which is used to interact with automated bot accounts.

February 25, 2026

Abusing Windows File Explorer and WebDAV for Malware Delivery

Cofense Intelligence has identified a growing tactic in which threat actors abuse Windows File Explorer and WebDAV to deliver malware outside of traditional browser-based downloads. By leveraging URL and LNK shortcut files along with Cloudflare Tunnel infrastructure, attackers are disguising remote file servers as seemingly local resources and delivering multi-stage campaigns that frequently end in RAT infections. This report breaks down how the technique works, why it is effective, and what organizations can do to detect and mitigate this evolving threat.

January 28, 2026

Trusted, Signed, Still Malicious. Exploiting Custom Email Text to Bypass Security Controls

Threat actors are abusing legitimate email services to embed phone scams into trusted, signed messages that bypass traditional email security controls. By redirecting these emails without altering the From address, attackers make malicious messages appear fully legitimate to both users and security tools. This campaign highlights a growing risk where trusted infrastructure is weaponized to deliver convincing email threats.