Summary: This content highlights the misuse of the client management tool Quick Assist by the threat actor Storm-1811 in social engineering attacks, targeting users for financial gain.

Threat Actor: Storm-1811 | Storm-1811 Victim: Users targeted in social engineering attacks | Users targeted in social engineering attacks

Key Point :

Storm-1811, a financially motivated cybercriminal group, has been observed misusing the client management tool Quick Assist to target users in social engineering attacks.…
Read More

Summary: The US Cybersecurity and Infrastructure Security Agency (CISA) has released a guide to help civil society organizations mitigate cyber threats, particularly those posed by state-sponsored actors from nations like Russia, China, Iran, and North Korea.

Threat Actor: State-sponsored actors | state-sponsored actors Victim: Civil society organizations | civil society organizations

Key Point :

The guide, titled “Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society,” provides actionable steps for civil society organizations to enhance their cybersecurity defenses.…
Read More

Summary: The Avast Q1/2023 Threat Report highlights the increase in social engineering scams and the evolving tactics used by cybercriminals to exploit deepfakes, YouTube, malvertising, and phishing.

Threat Actor: Cybercriminals | Cybercriminals Victim: Individuals and organizations | Individuals and organizations

Key Point :

Social engineering scams have increased by 61% on mobile and 23% on desktop.…
Read More

Summary: This article discusses an ongoing social engineering campaign targeting multiple managed detection and response (MDR) customers, where a threat actor overwhelms a user’s email with junk and offers assistance through remote connection software to harvest credentials and maintain persistence on the victim’s asset.

Threat Actor: Unknown | Unknown Victim: Multiple managed detection and response (MDR) customers | Multiple managed detection and response (MDR) customers

Key Point :

A social engineering campaign is targeting MDR customers by overwhelming their email with junk and offering remote assistance.…
Read More

Key Takeaways 

Cyble Research and Intelligence Labs (CRIL) recently uncovered a malicious website associated with the SideCopy APT group. 

Since 2019, the SideCopy threat group has been actively targeting South Asian nations, with a particular focus on India. 

Analysis of the malware website revealed a collection of files utilized in executing the malware campaign, indicating a sophisticated and coordinated effort by the threat actors. …
Read More

Trustwave SpiderLabs’ 2024 Public Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies report details the security issues facing public sector security teams as they try to strike a balance between supplying needed services and deploying the cybersecurity necessary to protect data placed in their charge.

Views: 0…

Read More

Summary: Scattered Spider, a threat actor group, is targeting companies in the finance and insurance industries using convincing lookalike domains and login pages, as well as sim swapping attacks to gain access to sensitive corporate data and assets.

Threat Actor: Scattered Spider | Scattered Spider Victim: Multiple companies in the finance and insurance industries | finance and insurance companies

Key Point :

Scattered Spider is aggressively targeting companies in the finance and insurance industries using convincing lookalike domains and login pages.…
Read More

Summary: This content discusses a phone scam where cybercriminals pose as the PayPal security team and trick victims into giving them access to their online accounts.

Threat Actor: Cybercriminals | cybercriminals Victim: PayPal users | PayPal users

Key Point :

Cybercriminals pretend to be the PayPal security team and call victims, claiming there is unusual activity on their accounts.…
Read More

The North Korean hacking group known as Kimsuky has been reported to employ sophisticated methods involving social media platforms and system management tools to conduct espionage activities.

This revelation highlights the evolving tactics of cyber adversaries and the increasing complexity of protecting digital assets.

Utilizing Facebook for Initial Infiltration

According to a recent report from Genians, Kimsuky, a notorious cyber-espionage group, has recently been observed using Facebook to target individuals involved in North Korean human rights and security affairs.…

Read More

Summary: This content discusses the limitations of password protection for files sent via email and explores the effectiveness of software and hardware encryption in protecting personal and business files from theft, loss, or hacking.

Threat Actor: N/A

Victim: N/A

Key Point:

Password protection on files sent via email is not as secure as it may seem, as it can be easily circumvented.…
Read More

AhnLab’s Mobile Analysis Team has confirmed cases of romance scams where perpetrators establish rapport by posing as overseas friends or romantic partners. They exploit this connection to solicit money under the guise of cryptocurrency investments.

A romance scam is a type of fraud that involves emotional manipulation to solicit money through various means. …

Read More

Malicious Google ad redirects to FakeBat, dropping zgRAT.

FakeBat, tested on May 5, 2024

FakeBat (EugenLoader) is a type of malware loader packaged in Microsoft installers (MSI or MSIX) distributed via social engineering lures. It is most commonly delivered via malicious ads (malvertising) on Google.

The often large installers conceal a malicious PowerShell script responsible for communicating with the malicious infrastructure and retrieving a followup payload.…

Read More
SUMMARY

Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.…

Read More

Summary: Researchers have found that the Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities (KEV) catalog is having a positive impact on organizations by helping them patch vulnerabilities faster.

Threat Actor: N/A

Victim: N/A

Key Point :

The Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities (KEV) catalog is a repository for software and hardware bugs actively being exploited by hackers around the world.…
Read More

This post is also available in: 日本語 (Japanese)

Executive Summary

Unit 42 researchers have discovered that the Muddled Libra group now actively targets software-as-a-service (SaaS) applications and cloud service provider (CSP) environments. Organizations often store a variety of data in SaaS applications and use services from CSPs.…

Read More