Caketap

Caketap is a rootkit for Oracle Solaris discovered in the wild in 2022. Caketap was discovered by Mandiant when investigating an intrusion cluster by actor UNC2891 also known as LightBasin.^[1]

History

While Caketap was discovered in by 16 March 2022, it rose to prominence when it was used in a Raspberry Pi mediated penetration of an ATM Network, discovered by Group-IB in late July 2025.^[2] Once again LightBasin were believed to be responsible.

Associated tools

UNC2891 utilises several supporting tools: TinyShell, Slapstick, Steelcorgi, Steelhound, Winghook, Wingcrack, Binbash, Wiperight, Miglogcleaner, and the Sun4Me toolkit.

See also

• LightBasin