Key findings
Proofpoint researchers identified an increasingly popular technique leveraging unique social engineering to run PowerShell and install malware. Researchers observed TA571 and the ClearFake activity cluster use this technique. …
Key findings
Proofpoint researchers identified an increasingly popular technique leveraging unique social engineering to run PowerShell and install malware. Researchers observed TA571 and the ClearFake activity cluster use this technique. …
What happened
Proofpoint recently identified a fraudulent website purporting to sell tickets to the Paris 2024 Summer Olympic Games. The website “paris24tickets[.]com” claimed to be a “secondary marketplace for sports and live events …
Global law enforcement recently announced Operation Endgame, a widespread effort to disrupt malware and botnet infrastructure and identify the alleged individuals associated with the activity. In a press release, Europol …
What happened
Proofpoint recently identified a cluster of activity conducting malicious email campaigns using piano-themed messages to lure people into advance fee fraud (AFF) scams. The campaigns have occurred since …
What happened
Proofpoint recently identified a SugarGh0st RAT campaign targeting organizations in the United States involved in artificial intelligence efforts, including those in academia, private industry, and government service. Proofpoint …
What happened
Beginning April 24, 2024 and continuing daily for about a week, Proofpoint observed high-volume campaigns with millions of messages facilitated by the Phorpiex botnet and delivering LockBit Black …
April 16, 2024
Greg Lesnewich, Crista Giering, and the Proofpoint Threat Research Team
Key takeaways TA427 regularly engages in benign conversation starter campaigns to establish contact with targets for…
April 10, 2024
Tommy Madjar, Selena Larson and the Proofpoint Threat Research Team
What happened
Proofpoint identified TA547 targeting German organizations with an email campaign delivering Rhadamanthys malware. This is …
Proofpoint’s Threat Research team joined up with the Team Cymru S2 Threat Research team, in a collaborative effort to provide the information security community with a comprehensive view of the …
Proofpoint researchers recently observed new activity by the Iran-aligned threat actor TA450 (also known as MuddyWater, Mango Sandstorm, and Static Kitten), in which the group used a pay-related …
March 06, 2024
Selena Larson, Jake G. and Dusty Miller
Key takeaways TA4903 is a unique threat actor that demonstrates at least two distinct objectives: (1) credential phishing and (2)…
Highlights
TA577 is a cybercriminal group that typically delivers malware. In this instance, TA577 used thread hijacking emails with zipped HTML attachments to target SMB servers. The emails were sent…February 13, 2024
Axel F, Selena Larson and the Proofpoint Threat Research Team
What happened
Proofpoint researchers identified the return of Bumblebee malware to the cybercriminal threat landscape on 8 …
Proofpoint researchers recently identified the return of TA576, a cybercriminal threat actor that uses tax-themed lures specifically targeting accounting and finance organizations. This actor is typically only active …
Gather ‘round, cyber friends, and I’ll let you in on a little secret: no one knows what the Next Big Thing on the threat landscape will be. But we can …
Proofpoint researchers identified the return of TA866 to email threat campaign data, after a nine-month absence. On January 11, 2024, Proofpoint blocked a large volume campaign consisting of …
Throughout the summer and fall of 2023, DarkGate entered the ring competing for the top spot in the remote access trojan (RAT) and loader category. It was observed in …
Since at least October 2023, TA4557 began using a new technique of targeting recruiters with direct emails that ultimately lead to malware delivery. The initial emails are benign …
December 05, 2023
Greg Lesnewich, Crista Giering and the Proofpoint Threat Research Team
Key takeaways Since March 2023, Proofpoint researchers have observed regular TA422 (APT28) phishing activity, in which the…