#SpearPhishing

FlyingYeti Exploits WinRAR Vulnerability to Deliver COOKBOX Malware in Ukraine

by

May 30, 2024 at 01:27PM Cloudflare disrupted a phishing campaign by Russia-aligned threat actor FlyingYeti targeting Ukraine. The campaign used debt-themed lures to distribute the PowerShell malware COOKBOX. Cloudforce One identified the campaign in mid-April 2024, involving Cloudflare Workers and GitHub, and exploiting a WinRAR vulnerability. Another financially motivated group, UAC-0006, was also identified by … Read more

North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign

by

May 16, 2024 at 10:15AM The Kimsuky hacking group is behind a new social engineering attack, using fictitious Facebook accounts to target individuals via Messenger and deliver malware. The campaign impersonates a legitimate individual to trick activists in the North Korean human rights and anti-North Korea sectors. This approach aims to avoid detection and may … Read more

NSA warns of North Korean hackers exploiting weak DMARC email policies

by

May 3, 2024 at 03:24PM The NSA and FBI warned of APT43, a North Korea-linked hacking group exploiting weak DMARC policies to launch spearphishing attacks. The attacks aim to gather intelligence on geopolitical events and gain access to private documents and communications. To mitigate this, organizations are advised to update their DMARC policies to prevent … Read more

US Says North Korean Hackers Exploiting Weak DMARC SettingsĀ 

by

May 3, 2024 at 12:15PM The US government warns of North Korea-linked hacking group Kimsuky exploiting weak email DMARC settings to conceal spear phishing attacks. They collect intelligence on geopolitical events and maintain access to information affecting North Korean interests. Kimsuky has been engaging in cyber activities since 2012 and conducts well-researched spear phishing campaigns. … Read more

NSA, FBI Alert on N. Korean Hackers Spoofing Emails from Trusted Sources

by

May 3, 2024 at 05:45AM The U.S. government issued a cybersecurity advisory about North Korean threat actors using spear-phishing campaigns to gather intelligence. They exploit weak DMARC policies to send spoofed emails, targeting foreign policy experts. The group, known as Kimsuky, engages targets in prolonged, benign conversations to build trust and uses fake email addresses … Read more

Fake job interviews target developers with new Python backdoor

by

April 26, 2024 at 10:23AM A campaign named “Dev Popper” is targeting developers with fake job interviews to trick them into downloading and running a Python remote access trojan (RAT), enabling the threat actors to gather system information and gain remote access. Analysts suspect North Korean involvement based on observed tactics. Similar tactics have been … Read more

Iran Dupes US Military Contractors, Gov’t Agencies in Years-Long Cyber Campaign

by

April 24, 2024 at 10:48AM An elite team of Iranian hackers infiltrated US companies and government agencies’ employee accounts in a multiyear cyber espionage campaign, aiming to steal military secrets. Entities including the US Departments of Treasury and State, defense contractors, and a hospitality company were compromised. Four Iranian nationals have been indicted, but their … Read more

US charges Iranians with cyber snooping on government, companies

by

April 24, 2024 at 10:10AM The US has charged and sanctioned four Iranian nationals for their alleged roles in cyber attacks on US companies and government departments. They worked for fake companies linked to Iran’s military, carrying out multiple computer intrusions using methods like spearphishing and social engineering. The accused face up to 35 years … Read more

$10 Million Bounty on Iranian Hackers for Cyber Attacks on US Gov, Defense Contractors

by

April 23, 2024 at 04:00PM Four Iranian nationals were indicted in Manhattan federal court for conducting a cyber-espionage campaign targeting U.S. government departments, defense contractors, and private firms, using sophisticated hacking techniques to access and compromise critical systems. The group, still at large, is accused of targeting over a dozen private US companies, primarily cleared … Read more

U.S. Charges Iranian Hacker, Offers $10 Million Reward for Capture

by

March 2, 2024 at 12:18AM The U.S. Department of Justice unsealed an indictment against an Iranian national, Alireza Shafie Nasab, for his alleged involvement in a cyber campaign targeting U.S. entities. The campaign involved spear-phishing and hacking techniques, leading to more than 200,000 victim devices being infected. Nasab faces significant prison time if convicted and … Read more