#SpearPhishing

Spot the Difference: Earth Kasha’s New LODEINFO Campaign And The Correlation Analysis With The APT10 Umbrella

November 19, 2024 by Xynik

November 19, 2024 at 03:59AM The blog analyzes Earth Kasha’s LODEINFO malware campaign targeting Japan, Taiwan, and India from 2023-2024. It highlights updated tactics, techniques, and procedures (TTPs), including exploiting vulnerabilities in public-facing applications, credential theft, and the use of various backdoors like LODEINFO and NOOPDOOR. The report draws connections with APT10 umbrella activities. ### … Read more

Iranian Cybercriminals Target Aerospace Workers via LinkedIn

November 13, 2024 by Xynik

November 13, 2024 at 03:36PM A phishing campaign, attributed to Iranian threat actor TA455, targets aerospace professionals on LinkedIn by impersonating recruiters. Victims download a malicious zip file, leading to malware installation via DLL side-loading. The malware deploys Snail Resin and uses covert tactics to evade detection. Caution is advised for users in the aerospace … Read more

‘Midnight Blizzard’ Targets Networks With Signed RDP Files

October 30, 2024 by Xynik

October 30, 2024 at 06:26PM Midnight Blizzard, a Russian-linked threat group, is executing a vast campaign using spear-phishing emails with signed Remote Desktop Protocol (RDP) files to compromise systems and harvest credentials. Targeting over 100 organizations, this tactic evades security measures, prompting Microsoft to recommend enhanced email security and multifactor authentication measures. **Meeting Takeaways:** 1. … Read more

Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign, Targets Brazil With Astaroth Malware

October 14, 2024 by Xynik

October 14, 2024 at 04:50AM Water Makara has been employing Astaroth banking malware in a spear phishing campaign targeting Latin American companies, particularly in Brazil. Malicious emails often imitate standard tax documents to deceive recipients into downloading infected attachments. Trend Micro highlights the need for increased security awareness and protective measures against evolving phishing threats. … Read more

AI-Augmented Email Analysis Spots Latest Scams, Bad Content

October 9, 2024 by Xynik

October 9, 2024 at 12:13PM Multimodal AI is enhancing cybersecurity by aiding in email fraud detection and enabling attackers to craft more convincing scams. Sophos demonstrates 97% accuracy in identifying phishing emails using large language models. This technology could improve security analysts’ efficiency, though operational costs limit widespread use in email security tools. ### Meeting … Read more

Cyberattack Group ‘Awaken Likho’ Targets Russian Government with Advanced Tools

October 8, 2024 by Xynik

October 8, 2024 at 07:28AM Russian government agencies and industrial entities are under ongoing cyber attacks by a group named Awaken Likho. Kaspersky reports a new campaign using the MeshCentral platform to gain remote system access since June 2024. The attacks primarily target Russian government agencies, contractors, and industrial enterprises, with spear-phishing tactics distributing malicious … Read more

U.S. and Microsoft Seize 107 Russian Domains in Major Cyber Fraud Crackdown

October 4, 2024 by Xynik

October 4, 2024 at 10:18AM Microsoft and the U.S. DoJ announced the seizure of 107 internet domains linked to Russian state-sponsored threat actors engaged in cybercrime. The threat actor, known as COLDRIVER and affiliated with the Russian Federal Security Service, targeted U.S. government, NGOs, and think tanks through spear-phishing campaigns. Microsoft also filed a civil … Read more

Fake Job Applications Deliver Dangerous More_eggs Malware to HR Professionals

October 2, 2024 by Xynik

October 2, 2024 at 11:27AM A recent spear-phishing email campaign targeted recruiters using the More_eggs JavaScript backdoor, with actors posing as fake job applicants to infect systems. The malware, attributed to the Golden Chickens group, enables credential theft and has been linked to several e-crime groups. Trend Micro observed a variation of the campaign utilizing … Read more

Cyberattackers Use HR Targets to Lay More_Eggs Backdoor

October 1, 2024 by Xynik

October 1, 2024 at 01:24PM A threat group targeting multinational financial organizations impersonates job seekers to execute a spear-phishing campaign spreading the “more_eggs” backdoor. Trend Micro researchers linked this campaign to FIN6 and cautioned that the malware’s MaaS nature blurs threat actor lines. Vigilance and robust security measures are needed to combat this evolving threat. … Read more

DoJ Charges 3 Iranian Hackers in Political ‘Hack & Leak’ Campaign

September 30, 2024 by Xynik

September 30, 2024 at 04:48PM The US Justice Department has charged three members of Iran’s Islamic Revolutionary Guard Corps with running a cyber campaign to impact the upcoming US presidential election. They are accused of conducting hacks against political campaigns, officials, and media members. The attackers used spear-phishing techniques targeting senior government officials and journalists, … Read more