Tag: SOCIAL ENGINEERING

Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp
Summary: Multiple suspected Russia-linked threat actors are targeting individuals and organizations with connections to Ukraine to gain unauthorized access to Microsoft 365 accounts using sophisticated social engineering techniques. Volexity’s analysis reveals new methods leveraging legitimate Microsoft OAuth workflows, where adversaries impersonate European officials to deceive victims.…
Read More
New Malware Variant Identified: ResolverRAT Enters the Maze
ResolverRAT is a newly discovered remote access trojan (RAT) that utilizes advanced evasion techniques and runtime resource resolution to avoid detection. This malware primarily targets employees in the healthcare and pharmaceutical sectors via localized phishing campaigns, employing significant social engineering tactics. Affected: healthcare sector, pharmaceutical sector

Keypoints :

ResolverRAT employs advanced in-memory execution and dynamic resource handling to evade detection.…
Read More
Phishing for Codes: Russian Threat Actors Target Microsoft 365 OAuth Workflows
Recent observations have revealed that Russian threat actors, UTA0352 and UTA0355, are targeting individuals and organizations tied to Ukraine and human rights using sophisticated phishing techniques that leverage Microsoft OAuth 2.0 workflows. These attacks involve social engineering tactics through messaging apps like Signal and WhatsApp, utilizing impersonation and compromised accounts to gain unauthorized access to Microsoft 365 accounts.…
Read More
Beware of video call links that are attempts to steal Microsoft 365 access, researchers tell NGOs
Summary: Researchers have reported ongoing efforts by Russia-linked hackers to exploit Microsoft 365 environments, particularly targeting NGOs with ties to Ukraine through sophisticated social engineering techniques. The attackers use phishing tactics via messaging apps to trick victims into revealing OAuth codes, allowing unauthorized access to M365 accounts.…
Read More
Hackers abuse Zoom remote control feature for crypto-theft attacks
Summary: A hacking group called ‘Elusive Comet’ targets cryptocurrency users through social engineering attacks that exploit Zoom’s remote control feature. They use fake accounts to invite high-value targets to a fraudulent interview, leading victims to unknowingly grant remote control access to their machines. This attack methodology is similar to the .5 billion Bybit breach, with the perpetrators employing deceptive tactics that take advantage of users’ familiarity with Zoom prompts.…
Read More
Cybersecurity & Generative AI – Part 3 – Opportunities, Agents, Challenges
This article explores the applications of Generative AI in cybersecurity, highlighting its potential for enhancing threat detection, incident response, malware analysis, and more. It examines the concept of Agentic AI, which employs large language models (LLMs) to autonomously tackle complex cybersecurity tasks. Despite these advancements, the article addresses significant challenges in implementing Generative AI solutions, such as data quality, hallucinations, and integration complexities.…
Read More
The Reality of Mobile Endpoint Security in 2025
Mobile devices are becoming increasingly exploited entry points for cyber attacks in enterprises, prompting a shift in attack strategies from traditional methods to mobile vectors. As organizations adopt Bring Your Own Device (BYOD) policies, the need for effective Mobile Threat Defense (MTD) solutions becomes crucial. The rapid rise of sophisticated mobile attacks necessitates a reevaluation of security measures to address the vulnerabilities associated with mobile endpoints.…
Read More
AgeoStealer: How Social Engineering Targets Gamers
Infostealers, including the newly identified AgeoStealer, have become a significant threat, responsible for a large portion of credential theft and data breaches. AgeoStealer employs unique tactics, leveraging gaming platforms for distribution and evading detection through advanced obfuscation techniques. Its ability to extract sensitive information highlights the urgent need for organizations to bolster their defenses against these types of cyber threats.…
Read More
SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks
Summary: A new Android malware-as-a-service platform named SuperCard X is facilitating NFC relay attacks, targeting banking customers in Italy to steal payment card data for fraudulent cashouts. The malware is distributed via bogus apps and deceptive social engineering tactics. Researchers have identified a multi-stage infection process, combining malicious app installation with security deception to manipulate victims into revealing sensitive information.…
Read More
North Korean Cryptocurrency Thieves Caught Hijacking Zoom ‘Remote Control’ Feature
Summary: North Korean hackers are exploiting Zoom’s Remote Control feature to install malware on the devices of cryptocurrency investors by masquerading as legitimate business contacts. This attack utilizes social engineering tactics, making targets inadvertently grant remote access during what appears to be legitimate meetings. The malware deployed can exfiltrate sensitive information, resulting in significant financial losses.…
Read More
State-sponsored hackers embrace ClickFix social engineering tactic
Summary: ClickFix attacks are rising, with several APT groups from North Korea, Iran, and Russia employing this social engineering tactic to compromise targets. This method involves deceiving victims into executing malware through fake error messages and seemingly legitimate prompts. Notably, Kimsuky, MuddyWater, and APT28 have all utilized ClickFix in their recent espionage operations against various organizations.…
Read More
Exaforce Banks Hefty Million for AI-Powered SOC Remake
Summary: Exaforce, a startup from San Francisco, has raised million in Series A funding to enhance security operations centers (SOCs) using AI technology. The company is introducing AI agents called “Exabots” to significantly reduce manual tasks and improve accuracy in threat detection. Founded by industry professionals, Exaforce aims to address the growing challenges in cybersecurity by streamlining investigations and facilitating proactive threat hunting.…
Read More
Lumma Stealer – Tracking distribution channels
The article discusses the rise of Lumma Stealer, a sophisticated type of Malware-as-a-Service (MaaS) that has emerged as a major threat to both individuals and organizations. Exploiting various distribution methods, particularly through fake CAPTCHA pages, Lumma Stealer successfully deceives users into executing malicious commands. Its intricate infection methods, including DLL sideloading and payload injection, enhance its ability to evade security detection.…
Read More
Summary: A surge in cybersecurity threats linked to the Russian bulletproof hosting service Proton66 has been reported, involving mass scanning and exploitation attempts targeting organizations worldwide. Researchers revealed various malware campaigns and significant vulnerabilities being exploited, particularly relating to Fortinet’s FortiOS and other platforms. Organizations are advised to block CIDR ranges associated with Proton66 to mitigate the risks posed by these activities.…
Read More
The JUICYJAM operation is a state-sponsored social media harassment and doxxing campaign actively targeting Thailand’s pro-democracy movement since August 2020. Utilizing a fabricated persona to conduct online harassment, the campaign has resulted in ongoing intimidation, surveillance, and repression of dissenting voices, as evidenced by leaked documents linking its orchestration to the Royal Thai Armed Forces and Royal Thai Police.…
Read More
ReliaQuest discovered a malicious attack targeting customers in finance and technical services that began with phishing via Microsoft Teams and evolved into a sophisticated malware deployment involving TypeLib hijacking. The attack appears linked to the Storm-1811 group but showcases novel persistence methods that suggest either evolution or fragmentation of the group.…
Read More
Summary: A recent cybersecurity report by Proofpoint reveals that state-sponsored actors, including groups from North Korea, Iran, and Russia, are adopting ClickFix techniques from cybercriminals for espionage campaigns. This method utilizes social engineering to trick users into executing malicious commands on their systems. The trend highlights the shifting dynamics of cyber threats, blurring the lines between state-sponsored and criminal activities.…
Read More