October 2, 2024 at 11:27AM A recent spear-phishing email campaign targeted recruiters using the More_eggs JavaScript backdoor, with actors posing as fake job applicants to infect systems. The malware, attributed to the Golden Chickens group, enables credential theft and has been linked to several e-crime groups. Trend Micro observed a variation of the campaign utilizing … Read more
October 1, 2024 at 01:24PM A threat group targeting multinational financial organizations impersonates job seekers to execute a spear-phishing campaign spreading the “more_eggs” backdoor. Trend Micro researchers linked this campaign to FIN6 and cautioned that the malware’s MaaS nature blurs threat actor lines. Vigilance and robust security measures are needed to combat this evolving threat. … Read more
September 30, 2024 at 04:48PM The US Justice Department has charged three members of Iran’s Islamic Revolutionary Guard Corps with running a cyber campaign to impact the upcoming US presidential election. They are accused of conducting hacks against political campaigns, officials, and media members. The attackers used spear-phishing techniques targeting senior government officials and journalists, … Read more
September 28, 2024 at 02:24AM Three Iranian nationals, allegedly employed with the IRGC, were charged by the U.S. Department of Justice for targeting officials and political campaigns to steal sensitive data, aiming to undermine the U.S. electoral process. They are accused of engaging in hack-and-leak operations and a wide-ranging hacking campaign. The U.S. government has … Read more
September 22, 2024 at 09:10PM A China-linked cyber-espionage group dubbed Earth Baxia has targeted Taiwanese government agencies, the Philippine and Japanese military, and energy companies in Vietnam. The group primarily uses spear-phishing and a custom backdoor called EagleDoor, as well as exploiting a vulnerability in the open source GeoServer software. The majority of the group’s … Read more
September 19, 2024 at 09:01PM Geopolitical tensions have led to a surge in cyberattacks on US and allied organizations by North Korean cyber-espionage group Kimsuky. The group has successfully exploited poorly configured DMARC policies for spear-phishing campaigns targeting high-profile individuals and organizations. Ensuring properly configured DMARC is critical to defend against these attacks and protect … Read more
September 19, 2024 at 04:38AM Threat actor Earth Baxia targeted a government organization in Taiwan and possibly other APAC countries using spear-phishing emails and exploiting CVE-2024-36401, a GeoServer vulnerability. Earth Baxia deployed customized Cobalt Strike components and a new backdoor called EAGLEDOOR, which supports multiple communication protocols for information gathering and payload delivery, with evidence … Read more
September 18, 2024 at 10:54AM Chinese national Song Wu, employed by AVIC, was indicted in the U.S. for spear-phishing to access NASA, universities, and private companies’ software. The stolen data could be utilized in aerospace and military applications. Another Chinese national, Jia Wei, was separately charged for infiltrating a U.S. communications firm. In the UK, … Read more
September 17, 2024 at 06:03AM Chinese national Song Wu faces charges for spear-phishing US government employees to obtain restricted aerospace software. Using fake email accounts, he targeted NASA, Air Force, and other organizations, seeking access to proprietary software and source code. Wu was an employee of a Chinese aerospace company during the spear-phishing campaign and … Read more
September 10, 2024 at 11:36AM China’s state-sponsored threat actor, Mustang Panda, is utilizing self-propagating malware spread through USB drives and spear-phishing to target various government entities in the Asia-Pacific region. The group’s tactics have evolved to include new vectors for initial entry, with a focus on specific countries and sectors. Trend Micro researchers advise continuous … Read more