Windows infected with backdoored Linux VMs in new phishing attacks

November 4, 2024 at 10:56AM The ‘CRON#TRAP’ phishing campaign targets Windows systems using deceptive emails to install a Linux virtual machine with a backdoor for stealthy corporate network access. Leveraging the legitimate QEMU tool, attackers ensure persistence and communication via a tunneling program, enabling various malicious actions undetected by security measures. ### Meeting Takeaways on … Read more

DOJ, Microsoft seize 107 domains used in Russia’s Star Blizzard phishing attacks

October 3, 2024 at 12:03PM The US Department of Justice and Microsoft cooperated to seize 107 websites used by Russian cyberspies in a phishing campaign. The targets included US government agencies, think tanks, and other victims. The action disrupted the operations of the Russian Federal Security Service (FSB) hacking unit and led to criminal charges … Read more

North Korea Hackers Linked to Breach of German Missile Manufacturer

September 30, 2024 at 01:45PM A professional hacking team affiliated with the North Korean government infiltrated the German company Diehl Defence, known for producing air defense systems and missiles, using phishing tactics to target employees. The group, attributed to the Kimsuky APT, employed booby-trapped files and mock job offers to carry out the attack. Kimsuky … Read more

Transportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport Malware

September 25, 2024 at 03:48AM A new phishing campaign targets transportation and logistics companies in North America, using compromised email accounts to distribute information stealers and remote access trojans. The campaign has evolved with new infrastructure and techniques, including the use of ClickFix to trick victims into downloading malware. Several stealer malware strains have also … Read more

New Brazilian-Linked SambaSpy Malware Targets Italian Users via Phishing Emails

September 19, 2024 at 10:30AM A new malware called SambaSpy targets Italian users through phishing. It uses HTML attachments or links to deploy a multi-functional RAT payload. The attack chains involve redirecting to a legitimate invoice or a malicious web server. SambaSpy can perform various functions, such as managing files, remote desktop, keylogging, and stealing … Read more

Novel attack on Windows spotted in phishing campaign run from and targeting China

September 1, 2024 at 11:13PM Unknown attackers have utilized Tencent’s cloud for a phishing campaign targeting Chinese entities, as uncovered by Securonix. The campaign involves delivering Cobalt Strike payloads through phishing emails, establishing persistence and remaining undetected within systems. The attack methodically targets specific Chinese business or government sectors, using advanced exploitation frameworks such as … Read more

Quishing Campaign Abuses Microsoft Sway to Host Phishing Pages

August 29, 2024 at 06:07AM A recent QR phishing campaign targeting Office 365 users in North America and Asia has been using Microsoft Sway to host phishing pages, as reported by Netskope. The attackers send QR codes to victims, leading them to a fake Microsoft login page to steal credentials. The abuse of Sway and … Read more

Iranian Cyber Group TA453 Targets Jewish Leader with New AnvilEcho Malware

August 20, 2024 at 06:40AM Summary: Iranian state-sponsored threat actors, identified as TA453, have orchestrated spear-phishing campaigns targeting a prominent Jewish figure to deliver a new intelligence-gathering tool called AnvilEcho. The enterprise security company Proofpoint is tracking this activity, reflecting IRGC intelligence priorities, and the adversary’s active retooling of its arsenal with the new Go-based … Read more

OpenAI Blocks Iranian Influence Operation Using ChatGPT for U.S. Election Propaganda

August 17, 2024 at 03:03AM OpenAI disclosed the ban on ChatGPT accounts associated with an alleged covert Iranian influence operation targeting the U.S. presidential election. The operation utilized social media and websites to disseminate content but garnered minimal engagement. Microsoft also highlighted similar threats from Iranian and Russian networks. Google’s TAG detected Iranian-backed phishing efforts … Read more

Western, Russian Civil Society Targeted in Sophisticated Phishing AttacksĀ 

August 16, 2024 at 09:21AM Two Russia-linked threat actors have been targeting entities critical of Russia through ongoing spear-phishing campaigns since 2023. Phishing emails impersonating Proton email service staff members have been sent to international NGOs, media organizations, Russian opposition figures, and US and European NGOs, posing serious risks to the targets. The attacks involve … Read more