Found in Environments Protected By: Microsoft, Fortimail
By Kurtis Nicks, Cofense Phishing Defense Center
Phishing attacks continue to evolve, with threat actors becoming increasingly clever in their attempts to deceive their targets. The Cofense Phishing Defense Center (PDC) has recently observed a sophisticated phishing campaign targeting EPOS Net customers, a large Japanese credit card company.…
Recently, InQuest Labs analysts responded to a credential phishing attack discovered by a municipal government organization. The following threat sequence was observed:
The email arrived from a compromised sender account address. The sender organization in the observed samples is the municipality’s county health agency.
The email is a lure posing as a payment invoice, with subjects including: Payment Due Payment The HTML email contains a URL pointing to a PDF document stored on Raven (app.raven[.]com),…Since June 2022, Mandiant has been tracking a campaign targeting Western Media and Technology companies from a suspected North Korean espionage group tracked as UNC2970. In June 2022, Mandiant Managed Defense detected and responded to an UNC2970 phishing campaign targeting a U.S.-based technology company. During this operation, Mandiant observed UNC2970 leverage three new code families: TOUCHMOVE, SIDESHOW, and TOUCHSHIFT.…
By Jesus Dominguez & Gerardo Corona from Ocelot Team
ContextATMs are a core part of the financial system, providing users access to their money anytime at different physical locations.…
In November 2022, OpenAI launched ChatGPT, which quickly became one of the most rapidly growing AI tools, attracting over 100 million users. The release of ChatGPT generated a lot of buzz because of its impressive capabilities.…
Donation scams are fraudulent schemes where individuals or organizations falsely claim to be collecting money for a charitable cause, such as a natural disaster or a medical emergency, a recent example being the Kahramanmaras earthquake in Turkey and Syria. The scammers may ask for donations through email, social media, telephone calls, or door-to-door solicitations.…
The ASEC analysis team has recently discovered the distribution of Quasar RAT through the private Home Trading System (HTS). No information could be found when looking up the HTS called HPlus that was used in the attack. Furthermore, the company’s name could not be found in even the clause of the installation process, so it is assumed that the victims did not install their HTS from an institutional financial company, but instead, they got HPlus HTS through an unsanctioned source or a disguised financial investment company.…
Deriving Threat Actor TTPs from Management Infrastructure Tracking
You can find our previous work on Stage 1 and Stage 2 of IcedID’s initial infection chain in our Dragons News Blog. Data on Stage 1 C2 infrastructure is now also shared as part of our Botnet Analysis and Reporting Service (BARS).…
The 22nd FIFA World Cup launched in Qatar on November 20th, 2022, with 32 teams battling for the trophy. With fans around the world excited about the World Cup and cheering on their favorite team, Threat Actors (TAs) are actively also taking advantage of it and using FIFA as a theme in their malicious campaigns targeting unsuspecting victims.…
Authored by SangRyol Ryu and Yukihiro Okutomi
McAfee’s Mobile Research team recently analyzed new malware targeting mobile payment users in Japan. The malware which was distributed on the Google Play store pretends to be a legitimate mobile security app, but it is in fact a payment fraud malware stealing passwords and abusing reverse proxy targeting the mobile payment services.…
Deceptive phishing is the preferred way for cybercriminals to distribute malware since luring the victim into clicking a link in a likely phishing SMS or Email is easier. The Threat Actor(TA) usually uses brand impersonation in phishing campaigns to trick the users into believing that they are reputed and legitimate.…
Online banking is convenient as it allows users to make money transfers, bill payments, verify their balance, and access accounts 24/7 at their fingertips. Like regular online banking customers, cybercriminals also benefit from online banking by committing financial fraud using various scams.…
11/07: Updated article to provide clarity around hunting techniques
Key points from our research:
Following our reporting on Robin Banks in July, Cloudflare disassociated Robin Banks phishing infrastructure from its services, causing a multi-day disruption to operations. In response, Robin Banks administrators made several changes, including relocating its infrastructure to a notorious Russian provider and changing features of its kits to be more evasive.…This post is also available in: 日本語 (Japanese)
Executive SummaryIn May 2021, Palo Alto Networks launched a proactive detector employing state-of-the-art methods to recognize malicious domains at the time of registration, with the aim of identifying them before they are able to engage in harmful activities.…
Phishing sites are becoming an increasingly attractive target for Threat Actors (TAs) to lure victims into stealing sensitive information, and downloading other malware, such as RAT, Ransomware, etc., to damage the victim’s machine. Generally, the link of these phishing pages arrives to users via SMS, Email, social networks, etc.…
A tech support scam is an extensive fraud where the scammer offers a support service for any legitimate entity and lures the victim into contacting the scammer via a fake support helpline number. After contacting the helpline, the scammer gains access to the victim’s machine and can perform activities such as fraudulent transactions, stealing sensitive data, etc.…
By Daksh Kapur · October 6, 2022
What is BazarCall?
As nicely defined in this article by Microsoft:
BazarCall campaigns forgo malicious links or attachments in email messages in favor of phone numbers that recipients are misled into calling. It’s a technique reminiscent of vishing and tech support scams where potential victims are being cold called by the attacker, except in BazarCall’s case, targeted users must dial the number.…