Microsoft’s Visual Studio is a highly popular Integrated Development Environment (IDE) that empowers developers to create diverse applications. However, the software’s widespread usage has attracted the attention of cybercriminals, leading them to craft nefarious schemes aimed at deceiving and victimizing unsuspecting users.…
Security alert: social engineering campaign targets technology industry employees – The GitHub Blog
Skip to content
GitHub has identified a low-volume social engineering campaign that targets the personal accounts of employees of technology firms. No GitHub or npm systems were compromised in this campaign. We’re publishing this blog post as a warning for our customers to prevent exploitation by this threat actor.…
WyrmSpy and DragonEgg are two advanced Android surveillanceware that Lookout attributes to high-profile Chinese threat group APT41, also known as Double Dragon, BARIUM, and Winnti.
While APT41 is mostly known for exploiting web-facing applications and infiltrating traditional endpoint devices, these malware are rare reported instances of the group exploiting mobile platforms.…
Published On : 2023-07-06
EXECUTIVE SUMMARYThe CYFIRMA research team has identified an infostealer builder known as ‘Blank Grabber’ while monitoring threat actor discussions. It was released in 2022, however since then, it has been frequently updated – with 85 contributions to the project in the last one month alone.…
In recent years, the rise of Vishing, also known as Voice over IP Phishing, has become so popular that it has eroded trust in calls from unknown numbers.…
Lab52 has detected a different maldoc samples of a potential malicious campaign. The initial access is through a Chinese phishing. The maldoc seems to be a campaign against Chinese speaking users as the content of the maldoc is written in Chinese. The social engineering technique applied into the maldoc’s content is to pretend to be a Curriculum Vitae of a 28 years old professional who is specialized in finance, concretely into the software development for banking systems and NCR.…
How many times have we heard “It takes just one click”? Well, in this case it took approximately three. In May 2023, the ReliaQuest Threat Hunting Team responded to an incident involving credential access and exfiltration that was traced back to the JavaScript-based initial access malware “Gootloader.”…
MuddyWater, also known as Mango Sandstorm (Mercury), is a cyber espionage group that is a subordinate element within the Iranian Ministry of Intelligence and Security (MOIS).
Executive summary: Deep Instinct’s Threat Research team has identified a new C2 (command & control) framework The C2 framework is custom made, continuously in development, and has been used by the MuddyWater group since at least 2021 The framework is named PhonyC2 and was used in the attack on the Technion Institute PhonyC2 is currently used in an active PaperCut exploitation campaign by MuddyWater PhonyC2 is similar to MuddyC3, a previous C2 framework created by MuddyWaterMuddyWater is continuously updating the PhonyC2 framework and changing TTPs to avoid detection, as can be seen throughout the blog and in the investigation of the leaked code of PhonyC2.…
AhnLab Security Emergency response Center (ASEC) monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from June 11th, 2023 to June 17th, 2023 and provide statistical information on each type.…
AhnLab Security Emergency response Center (ASEC) monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from June 4th, 2023 to June 10th, 2022 and provide statistical information on each type.…
A month ago, Google released eight new top level domains (TLD). Two of them (.zip and .mov) have been a cause for concern because they are similar to well known file extensions. Both .zip and .mov TLD are not new, as they have been available since 2014.…
AhnLab Security Emergency response Center (ASEC) monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from May 28th, 2023 to June 3rd, 2023 and provide statistical information on each type.…
Qakbot (aka Pinkslipbot, Qbot) has persisted as a banking trojan – then a potent malware/ransomware distribution network – for well over a decade, its origins going back as far as 2007. As a ransomware botnet, Qakbot is usually spread through email hijacking and social engineering, dropping malicious files that infect Windows hosts.…
Splunk is committed to using inclusive and unbiased language. This blog post might contain terminology that we no longer use. For more information on our updated terminology and our stance on biased language, please visit our blog post. We appreciate your understanding as we work towards making our community more inclusive for everyone.…
In this blog we will deep dive into a malware campaign crafted specifically for the Israeli audience: Red Deer. We’ve been tracking the activity of the campaign for the past year and noticed minor shifts in the TTPs of the actor that will be explained in this blog.…
An unknown financially motivated threat actor, very likely from Brazil, is targeting Spanish- and Portuguese-speaking victims, with the goal of stealing online banking access. The victims are primarily in Portugal, Mexico, and Peru. This threat actor employs tactics such as LOLBaS (Living Off the Land Binaries and Scripts), along with CMD-based scripts to carry out its malicious activities.…
SharpPanda, an APT group originating from China, has seen a rise in its cyber-attack operations starting from at least 2018. The APT group utilizes spear-phishing techniques to obtain initial access, employing a combination of outdated Microsoft Office document vulnerabilities, novel evasion techniques, and highly potent backdoor malware.…