The threat actors behind RedLine and Vidar information stealers have been observed pivoting to ransomware through phishing campaigns that spread initial payloads signed with Extended Validation (EV) code signing certificates. “This suggests that the threat actors are streamlining operations by making their techniques multipurpose,” Trend Micro researchers said in a new analysis published this week. […]
Microsoft is warning of a new phishing campaign undertaken by an initial access broker that involves using Teams messages as lures to infiltrate corporate networks. The tech giant’s Threat Intelligence team is tracking the cluster under the name Storm-0324, which is also known by the monikers TA543 and Sagrid. “Beginning in July 2023, Storm-0324 was […]
A sophisticated phishing campaign is using a Microsoft Word document lure to distribute a trifecta of threats, namely Agent Tesla, OriginBotnet, and RedLine Clipper, to gather a wide range of information from compromised Windows machines. “A phishing email delivers the Word document as an attachment, presenting a deliberately blurred image and a counterfeit reCAPTCHA to […]
The Iranian threat actor tracked as APT34 has been linked to a new phishing attack that leads to the deployment of a variant of a backdoor called SideTwist. “APT34 has a high level of attack technology, can design different intrusion methods for different types of targets, and has supply chain attack capability,” NSFOCUS Security Labs […]
A new phishing attack likely targeting civil society groups in South Korea has led to the discovery of a novel remote access trojan called SuperBear. The intrusion singled out an unnamed activist, who was contacted in late August 2023 and received a malicious LNK file from an address impersonating a member of the organization, non-profit […]
A new financially motivated operation is leveraging a malicious Telegram bot to help threat actors scam their victims. Dubbed Telekopye, a portmanteau of Telegram and kopye (meaning “spear” in Russian), the toolkit functions as an automated means to create a phishing web page from a premade template and send the URL to potential victims, codenamed […]
An ongoing campaign targeting ministries of foreign affairs of NATO-aligned countries points to the involvement of Russian threat actors. The phishing attacks feature PDF documents with diplomatic lures, some of which are disguised as coming from Germany, to deliver a variant of a malware called Duke, which has been attributed to APT29 (aka BlueBravo, Cloaked […]
Threat actors are increasingly using a phishing-as-a-service (PhaaS) toolkit dubbed EvilProxy to pull off account takeover attacks aimed at high-ranking executives at prominent companies. According to Proofpoint, an ongoing hybrid campaign has leveraged the service to target thousands of Microsoft 365 user accounts, sending approximately 120,000 phishing emails to hundreds of organizations worldwide between March […]
Researchers have discovered that malicious actors have been utilizing the phishing toolkit EvilProxy to gain control of cloud-based Microsoft 365 accounts belonging to leaders at well-known firms. These accounts are used to access sensitive company data. According to a study on the events that was published on Wednesday by the cybersecurity company Proofpoint, the attacks […]
Hackers working for the Russian government disguised as technical support personnel on Microsoft Teams in order to breach the security of hundreds of businesses throughout the world, including government entities. Microsoft security experts said on Wednesday that a Russian state-sponsored hacking outfit named by Microsoft as “Midnight Blizzard,” but more generally known as APT29 or […]
An unreported phishing campaign that disseminated a Python version of the NodeStealer has been found. NodeStealer gave threat actors the ability to steal browser cookies and use them to hijack users’ accounts on the platform, with a focus on business accounts. The malware was first detected as attacking Windows system browsers in late January 2023. Google […]
The cybersecurity researcher working for ThreatFabric made the discovery, and the company issued a warning, about a new and more sophisticated kind of voice phishing known as vishing. In recent years, the prevalence of Vishing, which is also known as Voice over IP Phishing, has increased to the point that it has undermined people’s faith […]
Charming Kitten APT Group Uses Innovative Spear-phishing Methods. Volexity researchers recently noticed that threat actors are actively intensifying their efforts to compromise the credentials or systems of their targets by employing Spear-phishing Methods. While spear-phishing techniques involve sending personalized messages and engaging in dialogue for days before delivering malicious links or attachments. Volexity often observes […]
Bolster’s threat research team recently discovered an extensive brand impersonation effort targeting over 100 well-known clothes, footwear, and apparel firms. The peak phishing activity for this campaign occurred between November 2022 and February 2023, after becoming active around June 2022. Nike, Puma, Asics, Vans, Adidas, Columbia, Superdry Converse, Casio, Timberland, Salomon, Crocs, Sketchers, The North […]
Experts from Microsoft Defender discovered a multi-stage adversary-in-the-middle (AiTM) phishing and business email compromise (BEC) attack that targeted firms that provide banking and financial services. The attack began with the penetration of a reliable third-party vendor and progressed into a string of AiTM attacks as well as subsequent BEC activities that spread across many businesses. […]
The most people use Gmail, which has a total user base of a staggering 1.5 billion people. This represents 18.75% of the total population of the planet. The security mechanisms of Gmail are well-known for their effectiveness in preventing hackers from gaining control of user accounts. Gmail has included a new function that displays an […]
When a victim visits a website ending in .ZIP, a recently developed phishing method known as “file archiver in the browser” may be used to “emulate” file-archiving software in the target’s web browser. According to information published by a security researcher named mr.d0x last week, “with this phishing attack, you simulate a file archiver software […]
In today’s interconnected world, where digital communication and transactions dominate, phishing attacks have become an ever-present threat. By masquerading as trustworthy entities, phishing attacks deceive users and organizations into divulging sensitive information, such as passwords, financial data, and personal details. Phishing attacks, among the most prevalent techniques cyber criminals employ, can be straightforward yet highly […]
Google recently released new top-level domains (TLDs) like .dad, .phd, .mov, and .zip, raising concerns within the security community due to the potential confusion with file extensions, particularly .mov and .zip. A new phishing kit, “file archiver in the browser,” exploits ZIP domains by presenting fraudulent WinRAR or Windows File Explorer windows in the browser, […]
The threat actors behind the CopperStealer malware resurfaced with two new campaigns in March and April 2023 that are designed to deliver two novel payloads dubbed CopperStealth and CopperPhish. Trend Micro is tracking the financially motivated group under the name Water Orthrus. The adversary is also assessed to be behind another campaign known as Scranos, […]
Phishing has been one of the greatest threats to organizations, growing year after year. Phishing attacks have contributed to 90% of data breaches in the past few years, which makes cybercriminals adapt to them, making their attacks much more successful. Zscaler has published a report indicating an increase of 47.2% in global phishing attacks. These […]