Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
SharpPanda, an APT group originating from China, has seen a rise in its cyber-attack operations starting from at least 2018. The APT group utilizes spear-phishing techniques to obtain initial access, employing a combination of outdated Microsoft Office document vulnerabilities, novel evasion techniques, and highly potent backdoor malware.…
By Aleksandar Milenkoski and Tom Hegel
Executive SummaryOver the first quarter of 2023, SentinelLabs observed a campaign targeting users of Portuguese financial institutions conducted by a Brazilian threat group. The campaign is the latest iteration of a broader activity nexus dating back to 2021, now targeting the users of over 30 financial institutions.…By Aleksandar Milenkoski and Tom Hegel
Executive SummarySentinelLabs has observed an ongoing campaign by Kimsuky, a North Korean APT group, targeting North Korea-focused information services, human rights activists, and DPRK-defector support organizations. The campaign focuses on file reconnaissance and information exfiltration using a variant of the RandomQuery malware, enabling subsequent precision attacks.…DUCKTAIL, a financially motivated malware variant, specifically aims at individuals and businesses utilizing a Social Media Business/Ads platform. The malware is created by Threat Actors (TAs) originating from Vietnam. Since the second half of 2021, TAs have been actively involved in developing and distributing malware associated with the DUCKTAIL operation.…
Information stealer (or infostealer) is a malware family designed to gather and exfiltrate sensitive information from the infected host. This threat became widespread over the past few years, and is increasingly distributed by multiple threat actors from the cybercrime ecosystem. The distribution methods used to spread stealers are varied, ranging from malspam to fake installers.…
Malvertising seems to be enjoying a renaissance as of late, whether it is from ads on search engine results pages or via popular websites. Because browsers are more secure today than they were 5 or 10 years ago, the attacks that we are seeing all involve some form of social engineering.…
In late 2022, Bitdefender Labs detected a cyberattack targeting foreign government institutions in Kazakhstan. While investigating this incident, it was revealed that this was a highly targeted attack designed to exfiltrate data. We decided to postpone publishing our findings and monitored the region for other similar attacks.…
In the world of cybercrime, the tactics used by threat actors are constantly evolving, but upon close analysis of multiple instances, the modus operandi remains the same – i.e. exploitation of current events, trending news, government websites, and even legitimate applications of trusted organizations to dupe unsuspecting users.…
Authored By Anuradha
McAfee Labs has recently observed a new wave of phishing attacks. In this wave, the attacker has been abusing server-parsed HTML (SHTML) files. The SHTML files are commonly associated with web servers redirecting users to malicious, credential-stealing websites or display phishing forms locally within the browser to harvest user-sensitive information. …
AhnLab Security Emergency response Center (ASEC) monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from April 9th, 2023 to April 15th, 2023 and provide statistical information on each type.…
With recent reports that Charming Kitten group (aka Mint Sandstorm) is actively targeting critical infrastructure in the US and other countries, we would like to share the most recent insights from Bitdefender Labs about modernization of Charming Kitten’s tactics, techniques, and procedures, including a new, previously unseen malware.…
This post is also available in: 日本語 (Japanese)
Executive SummaryUnit 42 researchers are monitoring the trending topics, newly registered domains and squatting domains related to ChatGPT, as it is one of the fastest-growing consumer applications in history. The dark side of this popularity is that ChatGPT is also attracting the attention of scammers seeking to benefit from using wording and domain names that appear related to the site.…
ESET researchers have discovered a new Lazarus Operation DreamJob campaign targeting Linux users. Operation DreamJob is the name for a series of campaigns where the group uses social engineering techniques to compromise its targets, with fake job offers as the lure. In this case, we were able to reconstruct the full chain, from the ZIP file that delivers a fake HSBC job offer as a decoy, up until the final payload: the SimplexTea Linux backdoor distributed through an OpenDrive cloud storage account.…
The Uptycs threat research team has discovered a new Linux malware, Poseidon, deployed by the APT-36 group, also known as Transparent Tribe. This Pakistan-based advanced persistent threat group is notorious for targeting Indian government organizations, military personnel, and defense contractors.
Views: 0…
Found in Environments Protected By: Microsoft, Fortimail
By Kurtis Nicks, Cofense Phishing Defense Center
Phishing attacks continue to evolve, with threat actors becoming increasingly clever in their attempts to deceive their targets. The Cofense Phishing Defense Center (PDC) has recently observed a sophisticated phishing campaign targeting EPOS Net customers, a large Japanese credit card company.…
The Aurora stealer is a notorious Golang-based information stealer that’s been gaining popularity from the end of 2022 through the first quarter of 2023. The Morphisec Threat Labs team has been tracing its activities using our prevention telemetry along with dark-web activities.
Views: 0…
In early April, we detected a significant increase in attacks that use banking Trojans of the QBot family (aka QakBot, QuackBot, and Pinkslipbot). The malware would be delivered through e-mail letters written in different languages — variations of them were coming in English, German, Italian, and French.…
On February 09, 2023, EclecticIQ analysts identified a spear phishing campaign targeting Ukrainian government entities like the Foreign Intelligence Service of Ukraine (SZRU) and Security Service of Ukraine (SSU). Analysts identified a publicly exposed Simple Mail Transfer Protocol (SMTP) server and assess with high confidence that the threat actor used the SMTP server to craft and deliver phishing emails.…
Ransomware attacks have emerged as a predominant menace in recent years, with the strategies employed by malicious actors constantly evolving. Among the most effective and worrisome tactics is the “double extortion” model, which has rapidly gained popularity as a preferred business model for threat actors.…
Financial accountant firms and CPAs are in the crosshairs this tax season, as a threat actor is targeting that industry with an attack that combines social engineering with a novel exploit against Windows computers to deliver malware called GuLoader.
At least two organizations in that industry, both Sophos customers, reported the unusual attack to us in late February and early March, as tax preparers are entering the busiest part of the season in the United States.…