August 14, 2024 at 02:52PM Russia’s FSB cyberspies and a new group conducted a phishing campaign targeting US and European entities, including opposition figures, media outlets, and defense-industrial targets. Named “River of Phish,” the campaign aimed to steal user credentials and influence Western elections. The attackers impersonated colleagues and used encrypted PDFs to trick victims … Read more
August 13, 2024 at 01:48AM Ukraine’s CERT-UA warns of a new phishing campaign impersonating the Security Service of Ukraine, distributing malware ANONVNC for remote desktop access. Over 100 computers, including government bodies, have been infected. Attack involves mass email distribution of ZIP archive with a malicious MSI installer file. CERT-UA also attributes phishing attacks to … Read more
July 31, 2024 at 06:09AM A new phishing campaign by the cyber espionage group XDSpy targeted companies in Russia and Moldova with the DSDownloader malware. XDSpy has previously targeted Eastern European and Balkan government agencies since 2011. The Russo-Ukrainian war has led to increased cyber attacks, with various threat actors targeting organizations in both countries. … Read more
July 30, 2024 at 03:24AM A new phishing campaign, known as OneDrive Pastejacking, targets Microsoft OneDrive users through social engineering tactics to execute a malicious PowerShell script. The attack tricks users by simulating a OneDrive page and providing false instructions to fix a DNS error. The campaign has been observed in various countries, signaling a … Read more
July 30, 2024 at 02:35AM A large-scale phishing campaign exploited a security vulnerability in Proofpoint’s email filtering to send three million fake emails daily, appearing to be from major companies. The spammers manipulated Proofpoint’s system to send malicious emails, tricking recipients into revealing sensitive information. Guardio Security notified Proofpoint and assisted in mitigating the attack, … Read more
July 29, 2024 at 09:57AM The ‘EchoSpoofing’ phishing campaign exploited Proofpoint’s email protection service, sending millions of spoofed emails impersonating major companies. The emails aimed to steal personal info and incurred charges, while passing SPF and DKIM checks. Guardio Labs discovered and helped fix the security gap, leading to Proofpoint tightening security and introducing new … Read more
July 25, 2024 at 06:42PM CrowdStrike’s threat intel team warns of a new scam using the Lumma infostealing malware, targeting Windows users. The malware extracts sensitive data for criminal use, such as online banking and cryptocurrency credentials. The scam leverages a fake CrowdStrike domain, posing as a recovery tool for a previous faulty sensor update. … Read more
July 23, 2024 at 06:28AM CERT-UA warned of a cyber espionage campaign targeting a Ukrainian research institution with HATVIBE and CHERRYSPY malware. The attack leverages a compromised email account to distribute macro-laced Microsoft Word attachments, leading to the execution of the malware. A Russia-linked group, APT28, and UAC-0063 are attributed to the attack, with similar … Read more
July 11, 2024 at 06:39AM A new email phishing campaign targeting Spanish language victims delivers a remote access trojan called Poco RAT since February 2024. The attacks primarily aim at mining, manufacturing, hospitality, and utilities sectors. The malware uses various tactics such as finance-themed lures and legitimate services abuse to evade detection. Additionally, the article … Read more
June 21, 2024 at 06:15AM A malvertising campaign is using fake websites to distribute backdoor malware disguised as popular software like Google Chrome and Microsoft Teams. The malware, called Oyster, can gather information, communicate with a command-and-control address, and execute remote code. This coincides with the emergence of a new phishing platform called ONNX Store. … Read more