Trustwave SpiderLabs’ 2024 Public Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies report details the security issues facing public sector security teams as they try to strike a balance between supplying needed services and deploying the cybersecurity necessary to protect data placed in their charge.…

Read More

Summary: Scattered Spider, a threat actor group, is targeting companies in the finance and insurance industries using convincing lookalike domains and login pages, as well as sim swapping attacks to gain access to sensitive corporate data and assets.

Threat Actor: Scattered Spider | Scattered Spider Victim: Multiple companies in the finance and insurance industries | finance and insurance companies

Key Point :

Scattered Spider is aggressively targeting companies in the finance and insurance industries using convincing lookalike domains and login pages.…
Read More

Summary: This content discusses a phone scam where cybercriminals pose as the PayPal security team and trick victims into giving them access to their online accounts.

Threat Actor: Cybercriminals | cybercriminals Victim: PayPal users | PayPal users

Key Point :

Cybercriminals pretend to be the PayPal security team and call victims, claiming there is unusual activity on their accounts.…
Read More

The North Korean hacking group known as Kimsuky has been reported to employ sophisticated methods involving social media platforms and system management tools to conduct espionage activities.

This revelation highlights the evolving tactics of cyber adversaries and the increasing complexity of protecting digital assets.

Utilizing Facebook for Initial Infiltration

According to a recent report from Genians, Kimsuky, a notorious cyber-espionage group, has recently been observed using Facebook to target individuals involved in North Korean human rights and security affairs.…

Read More

Summary: This content discusses the limitations of password protection for files sent via email and explores the effectiveness of software and hardware encryption in protecting personal and business files from theft, loss, or hacking.

Threat Actor: N/A

Victim: N/A

Key Point:

Password protection on files sent via email is not as secure as it may seem, as it can be easily circumvented.…
Read More

AhnLab’s Mobile Analysis Team has confirmed cases of romance scams where perpetrators establish rapport by posing as overseas friends or romantic partners. They exploit this connection to solicit money under the guise of cryptocurrency investments.

A romance scam is a type of fraud that involves emotional manipulation to solicit money through various means. …

Read More

Malicious Google ad redirects to FakeBat, dropping zgRAT.

FakeBat, tested on May 5, 2024

FakeBat (EugenLoader) is a type of malware loader packaged in Microsoft installers (MSI or MSIX) distributed via social engineering lures. It is most commonly delivered via malicious ads (malvertising) on Google.

The often large installers conceal a malicious PowerShell script responsible for communicating with the malicious infrastructure and retrieving a followup payload.…

Read More
SUMMARY

Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.…

Read More

Summary: Researchers have found that the Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities (KEV) catalog is having a positive impact on organizations by helping them patch vulnerabilities faster.

Threat Actor: N/A

Victim: N/A

Key Point :

The Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities (KEV) catalog is a repository for software and hardware bugs actively being exploited by hackers around the world.…
Read More

This post is also available in: 日本語 (Japanese)

Executive Summary

Unit 42 researchers have discovered that the Muddled Libra group now actively targets software-as-a-service (SaaS) applications and cloud service provider (CSP) environments. Organizations often store a variety of data in SaaS applications and use services from CSPs.…

Read More

Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes.

We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.…

Read More

Summary: North Korean threat actors are using weak email policies to impersonate legitimate domains and conduct espionage phishing campaigns, targeting policy analysts and experts in East Asian affairs.

Threat Actor: North Korean threat actors | Kimsuky Victim: Policy analysts and experts in East Asian affairs | North Korean policy circles

Key Point :

North Korean threat actors, specifically the Kimsuky group, are exploiting poorly configured DNS Domain-based Message Authentication, Reporting and Conformance (DMARC) protocols to pose as legitimate journalists, academics, or experts in East Asian affairs.…
Read More

Summary: Vishing and deepfake phishing attacks are increasing as threat actors use GenAI to enhance social engineering tactics, making phishing more difficult to detect and deceive even the most aware users.

Threat Actor: Cybercriminals | Cybercriminals Victim: Individuals and organizations | Individuals and organizations

Key Point :

Vishing and deepfake phishing attacks are on the rise as attackers leverage GenAI to amplify social engineering tactics.…
Read More
No one is safe from scams, especially targeted scams that are designed using social engineering techniques. Targeted scams, unlike individual-targeted phishing or investment frauds, are carefully crafted attack scenarios based on pre-collected information about the target. These attacks, such as business email compromise (BEC) and spear phishing emails, are difficult for the victim organization to recognize as scams.…
Read More

Written by: Ofir Rozmann, Asli Koksal, Adrian Hernandez, Sarah Bock, Jonathan Leathery

APT42, an Iranian state-sponsored cyber espionage actor, is using enhanced social engineering schemes to gain access to victim networks, including cloud environments. The actor is targeting Western and Middle Eastern NGOs, media organizations, academia, legal services and activists.…

Read More

Published On : 2024-05-03

EXECUTIVE SUMMARY

The team at CYFIRMA recently intercepted Android malware suspected to have been delivered by a Pakistan-based APT group targeting Indian defense personnel. Surprisingly, the campaign has been active for over a year. The unidentified threat actor possibly utilized Spynote, or its modified version known by Craxs Rat, obfuscating the app with a high level of complexity, making it difficult to understand.…

Read More