Over the past few days, we have seen phishing attacks that use a combination of compromised Microsoft 365 accounts and .rpmsg encrypted emails to deliver the phishing message. At this stage, we are exploring and uncovering different aspects of this campaign and will share here some of our observations to date.…
Tag: BANK
Victim: bankbsi.co.id Country : ID Actor: lockbit3 Source: http://lockbitapt72iw55njgnqpymggskg5yp75ry7rirtdg4m7i42artsbqd.onion/post/mYOkRWStPzbZwVLG645eab1a1f6e0 Discovered: 2023-05-12 21:55:26.067273
Description: On May 8, we attacked Bank Syariah Indonesia, completely stopping all of its services. The management of the bank could not think of anything better than to brazenly lie to their customers and partners, reporting some kind of “technical work” being… …
By Securonix Threat Labs, Threat Research: D. Iuzvyk, T. Peck, O. Kolesnikov
TL;DRAn unusual attack/phishing campaign delivering malware while using meme-filled code and complex obfuscation methods continues dropping Xworm payloads for the last few months and is still ongoing today.
IntroFor the last few months, an interesting and ongoing attack campaign was identified and tracked by the Securonix Threat Research team.…
Welcome Back!
Read More In 2019, the Cleafy Threat Intelligence and Incident Response Team (TIR) observed and analyzed a persistent fraud operation that started around that time. It was hitting Italy and was leveraging an interesting infection chain, which Threat Actors (TAs) consolidated over the past few years.…
Key findingsCheck Point Research (CPR) continues to track the evolution of ROKRAT and its delivery methods.
ROKRAT has not changed significantly over the years, but its deployment methods have evolved, now utilizing archives containing LNK files that initiate multi-stage infection chains. This is another representation of a major trend in the threat landscape, where APTs and cybercriminals alike attempt to overcome the blocking of macros from untrusted sources.…
Read More By Pham Duy Phuc and Max Kersten · February 08, 2023
Threat actors often rely on the same techniques until their hand is forced, usually due to defensive changes or chance-based opportunities, to leverage a new technique. Malicious macros in Microsoft Office have long been the “industry standard” to initially compromise devices.…
In early April, we detected a significant increase in attacks that use banking Trojans of the QBot family (aka QakBot, QuackBot, and Pinkslipbot). The malware would be delivered through e-mail letters written in different languages — variations of them were coming in English, German, Italian, and French.…
The Uptycs threat research team has identified a new variant of credential stealing malware, dubbed Zaraza bot, that uses telegram as its command and control. Zaraza is the Russian word for infection.
Zaraza bot targets a large number of web browsers and is being actively distributed on a Russian Telegram hacker channel popular with threat actors.…
AhnLab Security Emergency response Center (ASEC) monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from March 26th, 2023 to April 1st, 2023 and provide statistical information on each type.…
AhnLab Security Emergency response Center (ASEC) monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from March 19th, 2023 to March 25th, 2023 and provide statistical information on each type.…
By John Fokker, Ernesto Fernández Provecho and Max Kersten · April 05, 2023
We would like to thank Steen Pedersen and Mo Cashman for their remediation advice.
On the 4th and the 5th of April, a law enforcement taskforce spanning agencies across 17 countries – including the FBI, Europol and the Dutch Police – have disrupted the infamous browser cookie market known as Genesis Market and approached hundreds of its users.…
Threat Actors Exploiting SVB Collapse Scenario To Launch Cyber-Attacks
Read More Following a bank run on its deposits, Silicon Valley Bank (SVB) experienced a failure on March 10, 2023, and has garnered significant media attention. As SVB has traditionally been the preferred banking partner for many startups worldwide, its failure is expected to significantly impact this community.…
Summary
Read More Netskope Threat Labs is tracking a 17x increase in traffic to malicious web pages hosted on DigitalOcean in the last six months. This increase is attributed to new campaigns of a known tech support scam that mimics Windows Defender and tries to deceive users into believing that their computer is infected.…
The Cofense Intelligence team continues to see the Emotet malware family being leveraged across the threat landscape. To protect against the many threats out there, it’s important to know about the various types of malware that exist and how they have evolved over time. One of the most serious malware families is Emotet, a type of banking trojan that has been around since 2014.…
ChatGPT, the AI-powered chatbot developed by OpenAI lab, rocketed to fame within just four months of its launch.
Unfortunately, the success of the viral AI tool has also attracted the attention of fraudsters who use the technology to conduct highly sophisticated investment scams against unwary internet users.…
LOCKBIT Ransomware Group Strikes Third Indian Conglomerate in February 2023
Read More LOCKBIT, the most nefarious ransomware group, claimed to have compromised the networks of an Indian investment company, Infrastructure Leasing & Financial Services Limited (IL&FS), on February 28, 2023.
IL&FS was in the news in 2018 for their troubled financial health leading to a grave NBFC financial crisis and liquidity drought that unraveled several other corporates in India.…
Introduction
Read More First observed in October 2022, HardBit is a ransomware threat that targets organizations to extort cryptocurrency payments for the decryption of their data.…
Redline Stealer is a type of malware that steals sensitive information from infected computers. The malware is known for its ability to bypass antivirus software and remain undetected on a victim’s computer for an extended period. In this essay, we will discuss the Redline Stealer malware, its history, its capabilities, and its impact.…
Financial Scammers Capitalizing on Natural Disasters
Read More Donation scams are fraudulent schemes where individuals or organizations falsely claim to be collecting money for a charitable cause, such as a natural disaster or a medical emergency, a recent example being the Kahramanmaras earthquake in Turkey and Syria. The scammers may ask for donations through email, social media, telephone calls, or door-to-door solicitations.…
by Joe Stewart and Keegan Keplinger, Security Researchers with eSentire‘s Threat Response Unit (TRU)
Executive SummaryFor the past 16 months, eSentire’s security research team, the Threat Response Unit (TRU), has been tracking one of the most capable and stealthy malware suites — Golden Chickens. Golden Chickens is the “cyber weapon of choice” for three of the top money making, longest-running Internet crime groups: Russia-based FIN6 and Cobalt Group and Belarus-based Evilnum.…