Crypto fraud has become the dominant form of Internet-based confidence schemes over the past three years, as demonstrated by the sha zhu pan (“pig butchering”) scams we recently investigated. But one variant has been growing at a particularly rapid pace: fake “liquidity mining.” Sophos X-Ops has also seen growth in crypto phishing sites that connect to cryptocurrency wallets while impersonating cryptotrading-related brands in other types of scams, but these sites are often used by sha zhu pan scammers to separate victims from their money.…
Tag: SOCIAL ENGINEERING
Published On : 2023-09-17
EXECUTIVE SUMMARYAt Cyfirma, we are committed to providing up-to-date information on the most prevalent threats and tactics used by malicious actors to target both organizations and individuals. In this analysis, we delve into a trending information stealer RedLine. This investigation reveals a novel strain of malware that is being disseminated in the guise of a counterfeit document, packaged within a zip archive that houses a batch script file.…
Introduction
Read More Knowledge is our best weapon in the fight against cybercrime. An understanding of how various gangs operate and what tools they use helps build competent defenses and investigate incidents. This report takes a close look at the history of the Cuba group, and their attack tactics, techniques and procedures.…
On August 29, 2023, Retool notified 27 cloud customers that there had been unauthorized access to their accounts. If you’re reading this and you were not notified, don’t worry – your account was not impacted. There was no access to on-prem or managed accounts. Nevertheless, here’s what happened, with the hope that this will help apply the lessons we’ve learned and prevent more attacks across the industry.…
Authored by Yashvi Shah
Agent Tesla functions as a Remote Access Trojan (RAT) and an information stealer built on the .NET framework. It is capable of recording keystrokes, extracting clipboard content, and searching the disk for valuable data. The acquired information can be transmitted to its command-and-control server via various channels, including HTTP(S), SMTP, FTP, or even through a Telegram channel.…
Investigating the Senders
Read More Using Microsoft Purview’s eDiscovery tool we searched for the senders (participants) in Microsoft Teams.
The senders of the external Microsoft Teams chat messages were identified as “Akkaravit Tattamanas” ([email protected]) and “ABNER DAVID RIVERA ROJAS” ([email protected]). Truesec Threat Intelligence confirmed the accounts were compromised via an unknown malware and put up for sale on the Dark Web in August 2023.…
Hàng tháng, Chúng tôi – GTSC tổng hợp lại các thông tin về bảo mật về APT, Malware, CVEs và gói gọn nó vào trong một bài tổng hợp.
1.1 Chimera GroupNCC Group và Fox-IT đã và đang theo dõi một nhóm tấn công với nhiều mục tiêu đa dạng, từ các sở hữu trí tuệ (IP) của các nạn nhân trong ngành công nghiệp chất bán dẫn cho đến dữ liệu từ ngành công nghiệp hàng không.…
A burgeoning attack involving Google Looker Studio is making the rounds. In the last few weeks, we’ve seen over a hundred of these attacks.
Google Looker Studio is a tool that converts information—slideshows, spreadsheets, etc—into visualized data, such as charts and graphs.
Hackers are utilizing it to create fake crypto pages that are designed to steal money and credentials.…
Estimated reading time: 3 minutes
OverviewIn the 1990s, as the internet gained popularity, cybercriminals started developing and distributing basic forms of malware, including password stealers. Early stealer malware primarily targeted login credentials and passwords for online services and email accounts. As technology advanced, so did the capabilities of stealer malware.…
Published On : 2023-09-01
EXECUTIVE SUMMARYThe CYFIRMA research team has discovered a new malware-as-a-service known as Prysmax. The developer behind Prysmax claims that their USP is FUD (fully undetectable) malware, be it their stealer or their RAT. They offer custom development services, along with subscriptions for a stealer, RAT, and botnet services.…
Introduction
Read More In our persistent quest to decode DuckTail’s maneuvers, Zscaler ThreatLabz began an intelligence collection operation in May 2023. Through an intensive three-month period of monitoring, we obtained critical details about DuckTail’s operational framework. This expedition granted us unprecedented visibility into DuckTail’s end-to-end operations, spanning the entire kill chain from reconnaissance to post-compromise.…
SummaryOkta has observed attacks in which a threat actor used social engineering to attain a highly privileged role in an Okta customer Organization (tenant).
When successful, the threat actor demonstrated novel methods of lateral movement and defense evasion.
These methods are preventable and present several detection opportunities for defenders.…
Read More
Intro
Read More Resecurity has identified a large-scale smishing campaign targeting US Citizens. Previous incidents have impacted victims from the U.K, Poland, Sweden, Italy, Indonesia, Japan, and other countries. The threat group behind the campaign was skillfully impersonating the Royal Mail, New Zealand Postal Service (NZPOST), Correos (Spain), PostNord, Poste Italiane and the Italian Revenue Service (Agenzia delle Entrate).…
Introduction
Read More In the realm of cybersecurity, danger hides where we least expect it and threats never, ever, go out of style!…
QR Codes, the square images that contain coded information that can be scanned by a smartphone, are becoming increasingly popular. With the number of smartphone users reaching 6.92 billion this year, access to the information within these ingenious images is within reach by around 86% of the world’s population.…
By Trellix · August 17, 2023 This story was also written by Phelix Oluoch
Executive SummaryScattered Spider, also referred to as UNC3944, Scatter Swine, and Muddled Libra, is a financially motivated threat actor group that has been active since May 2022. Scattered Spider has largely been observed targeting telecommunications and Business Process Outsourcing (BPO) organizations.…
Published On : 2023-08-23
EXECUTIVE SUMMARYAt Cyfirma, we are dedicated to providing you with up-to-date information on the most prevalent threats and tactics used by malicious actors to target both organizations and individuals. In this comprehensive analysis, we delve into an ongoing campaign orchestrated by the Remcos Remote Access Trojan (RAT).…
Published On : 2023-08-18
EXECUTIVE SUMMARYThe CYFIRMA research team has discovered a new Malware-as-a-service (MaaS) operator that goes by the moniker EVLF DEV. This threat actor is responsible for the development of CypherRAT and CraxsRAT, which in the last 3 years was purchased by over 100 distinct threat actors on a lifetime license.…
Back in January 2020, we blogged about a tech support scam campaign dubbed WoofLocker that was by far using the most complex traffic redirection scheme we had ever seen. In fact, the threat actor had started deploying infrastructure in earnest as early as 2017, about 3 years prior to our publication.…
ESET Research
ESET researchers have observed a new phishing campaign targeting users of the Zimbra Collaboration email server.
Viktor Šperka
17 Aug 2023 • , 5 min. read
ESET researchers have uncovered a mass-spreading phishing campaign, aimed at collecting Zimbra account users’ credentials, active since at least April 2023 and still ongoing.…