December 6, 2024 at 02:48AM Gamaredon, a Russian-affiliated cyber threat group, is using Cloudflare Tunnels to hide its GammaDrop malware in a spear-phishing campaign targeting Ukrainian entities since early 2024. The group employs various techniques, including HTML smuggling and DNS fast-fluxing, to evade detection and maintain access to compromised systems. ### Meeting Takeaways – December … Read more
December 5, 2024 at 03:30AM The China-linked group MirrorFace has launched a spear-phishing campaign targeting individuals in Japan since June 2024, delivering backdoors NOOPDOOR and ANEL. This marks the return of ANEL, previously used by APT10. The attacks leverage malicious OneDrive links and various infection vectors, focusing on national security and international relations themes. ### … Read more
November 26, 2024 at 03:32AM Trend Micro reports a new spear-phishing campaign by Earth Kasha targeting Japan, using tactics involving the backdoor ANEL and the malware NOOPDOOR. This operation shifts focus from enterprises to individuals in sensitive sectors. The campaign employs sophisticated infection vectors and evasion techniques, necessitating ongoing vigilance and threat intelligence monitoring. ### … Read more
November 19, 2024 at 03:59AM The blog analyzes Earth Kasha’s LODEINFO malware campaign targeting Japan, Taiwan, and India from 2023-2024. It highlights updated tactics, techniques, and procedures (TTPs), including exploiting vulnerabilities in public-facing applications, credential theft, and the use of various backdoors like LODEINFO and NOOPDOOR. The report draws connections with APT10 umbrella activities. ### … Read more
November 13, 2024 at 03:36PM A phishing campaign, attributed to Iranian threat actor TA455, targets aerospace professionals on LinkedIn by impersonating recruiters. Victims download a malicious zip file, leading to malware installation via DLL side-loading. The malware deploys Snail Resin and uses covert tactics to evade detection. Caution is advised for users in the aerospace … Read more
October 30, 2024 at 06:26PM Midnight Blizzard, a Russian-linked threat group, is executing a vast campaign using spear-phishing emails with signed Remote Desktop Protocol (RDP) files to compromise systems and harvest credentials. Targeting over 100 organizations, this tactic evades security measures, prompting Microsoft to recommend enhanced email security and multifactor authentication measures. **Meeting Takeaways:** 1. … Read more
October 14, 2024 at 04:50AM Water Makara has been employing Astaroth banking malware in a spear phishing campaign targeting Latin American companies, particularly in Brazil. Malicious emails often imitate standard tax documents to deceive recipients into downloading infected attachments. Trend Micro highlights the need for increased security awareness and protective measures against evolving phishing threats. … Read more
October 9, 2024 at 12:13PM Multimodal AI is enhancing cybersecurity by aiding in email fraud detection and enabling attackers to craft more convincing scams. Sophos demonstrates 97% accuracy in identifying phishing emails using large language models. This technology could improve security analysts’ efficiency, though operational costs limit widespread use in email security tools. ### Meeting … Read more
October 8, 2024 at 07:28AM Russian government agencies and industrial entities are under ongoing cyber attacks by a group named Awaken Likho. Kaspersky reports a new campaign using the MeshCentral platform to gain remote system access since June 2024. The attacks primarily target Russian government agencies, contractors, and industrial enterprises, with spear-phishing tactics distributing malicious … Read more
October 4, 2024 at 10:18AM Microsoft and the U.S. DoJ announced the seizure of 107 internet domains linked to Russian state-sponsored threat actors engaged in cybercrime. The threat actor, known as COLDRIVER and affiliated with the Russian Federal Security Service, targeted U.S. government, NGOs, and think tanks through spear-phishing campaigns. Microsoft also filed a civil … Read more