March 25, 2024 at 01:02PM Cybercriminals are increasingly using the ‘Tycoon 2FA’ PhaaS platform to target Microsoft 365 and Gmail accounts, bypassing two-factor authentication. Sekoia’s report details the multi-step attacks and the evolution of the kit, including enhancements to JavaScript and HTML code, with substantial operations involving over 1,800 transactions and numerous cybercriminals utilizing the … Read more
March 25, 2024 at 12:11PM The StrelaStealer malware has impacted over 100 organizations in the U.S. and Europe, targeting email account credentials. Originally targeting Spanish-speaking users, it now targets U.S. and European individuals. Its distribution through phishing campaigns has substantially increased, with evolved infection methods. The malware’s primary goal remains stealing email login information and … Read more
March 22, 2024 at 03:33PM Researchers warn that a Russian intelligence-linked hacking group, APT29, has shifted focus to target political parties in Germany, utilizing phishing tactics to deploy backdoor malware, WineLoader. This marks a significant change for the group, previously known for targeting governments and embassies. The shift suggests an intention to influence or monitor … Read more
March 22, 2024 at 11:21AM Cybersecurity researchers have detected a new wave of phishing attacks delivering a new information stealer called StrelaStealer, impacting over 100 organizations in the E.U. and the U.S. The attacks involve spam emails with evolving attachments, targeting various sectors with diverse tactics. Other malware families like Stealc and Rescoms RAT have … Read more
March 19, 2024 at 05:10PM Chinese cyberspies, known as Earth Krahang, have targeted at least 70 organizations, predominantly government entities, and over 116 victims globally. They utilize phishing emails, brute-force attacks for credential theft, and custom backdoors to compromise servers and infringe on government infrastructure. The group also has connections to other state-backed gangs and … Read more
March 14, 2024 at 04:21AM Blind Eagle threat actor employs Ande Loader to distribute RATs, targeting Spanish-speaking users in the North American manufacturing industry through phishing emails. This expansion includes leveraging RAR and BZ2 archives to activate the infection chain. Additionally, an alternative attack sequence via Discord CDN link distributes NjRAT. Crypters written by Roda … Read more
March 7, 2024 at 09:34AM Since 2021, US organizations have faced phishing and BEC attacks from threat actor TA4903. Spoofing government and private businesses, the attacks aimed at obtaining corporate credentials for BEC activities. The threat actor registered new domains, spoofing various sectors. TA4903 targeted government departments and SMBs, using diverse phishing tactics and adopting … Read more
March 4, 2024 at 04:46PM TA577 hacking group has shifted to using phishing emails to steal NTLM authentication hashes for account hijacks. They launched campaigns targeting employees’ NTLM hashes, using unique ZIP archives containing HTML files to trigger automatic connections, stealing the hashes. Proofpoint advises specific security measures to counter this threat, including blocking outbound … Read more
March 4, 2024 at 07:18AM Cybersecurity firm Lookout warns of novel mobile device phishing attacks targeting FCC employees and cryptocurrency platforms. Attackers create replicas of single sign-on pages to trick victims into sharing login credentials using email, SMS, and vishing. The phishing kit can impersonate multiple brands and has successfully targeted hundreds of individuals in … Read more
March 1, 2024 at 09:47AM The U.S. Department of Justice indicted Alireza Shafie Nasab, an Iranian national, for cyber-espionage targeting U.S. government and defense entities. Operating from 2016 to April 2021, Nasab and co-conspirators employed phishing and hacking techniques to compromise over 200,000 devices, resulting in charges carrying 5 to 20 years in prison. The … Read more