Intro

Resecurity has identified a large-scale smishing campaign targeting US Citizens. Previous incidents have impacted victims from the U.K, Poland, Sweden, Italy, Indonesia, Japan, and other countries. The threat group behind the campaign was skillfully impersonating the Royal Mail, New Zealand Postal Service (NZPOST), Correos (Spain), PostNord, Poste Italiane and the Italian Revenue Service (Agenzia delle Entrate).…

Read More

Note: The following is a redacted version of a larger report. For full and comprehensive details of this attack, please enquire about our CTI-on-demand service.

Summary

BlackBerry has discovered and documented new tools used by the Cuba ransomware threat group.

Cuba ransomware is currently into the fourth year of its operation and shows no sign of slowing down.…

Read More
Key Takeaways

• The blog highlights a new infection technique for distributing STRRAT version 1.6. It involves a spam email with a PDF attachment that, when opened, downloads a zip file containing the malicious JavaScript, which drops STRRAT.• STRRAT version 1.6 employs two string obfuscation techniques: “Zelix KlassMaster (ZKM)” and “Allatori”, making it more challenging for security researchers to analyze and detect the malware.•…

Read More

Authored by: Lakshya Mathur and Yashvi Shah 

As the Back-to-School season approaches, scammers are taking advantage of the opportunity to deceive parents and students with various scams. With the increasing popularity of online shopping and digital technology, people are more inclined to make purchases online. Scammers have adapted to this trend and are now using social engineering tactics, such as offering high discounts, free school kits, online lectures, and scholarships, to entice unsuspecting individuals into falling for their schemes. …

Read More
“PhishForce” — Vulnerability Uncovered in Salesforce’s Email Services Exploited for Phishing Facebook Accounts In-The-Wild

By Oleg Zaytsev, Nati Tal (Guardio Labs)

Guardio’s Email Protection has detected a sophisticated email phishing campaign exploiting a 0-day vulnerability in Salesforce’s legitimate email services and SMTP servers. Guardio Labs’ research team has uncovered an actively exploited vulnerability enabling threat actors to craft targeted phishing emails under the Salesforce domain and infrastructure.…

Read More
Threat Actors Leveraging WebDAV Servers for Covert Operations

 

Threat Actors (TAs) frequently utilize multistage attacks to increase the likelihood of successfully delivering malicious payload by evading detection from antivirus products and creating a complex and intricate attack structure that poses challenges for analysis.

The TAs commonly employ LOLBin (Living Off the Land Binary) in the multistage attack.…

Read More

“And us? No money, no people, nothing. We have only a conscience and a tiny bit of power.” “If we fall, please still believe: the Bauhinia is still beautiful1. Please don’t abandon Hong Kong.”— Quotes from “A Distress Call From Hong Kong”, manifesto letter disseminated by the operation’s actors in November 2019, and purportedly written by alleged grassroots volunteers fighting against the protesters’ “mob violence”.…
Read More

NetSupport RAT is being used by various threat actors. These are distributed through spam emails and phishing pages disguised as documents such as Invoices, shipment documents, and PO (purchase orders). Distribution via phishing pages has been covered on this Blog in the past. [1]

AhnLab Security Emergency response Center(ASEC) discovered NetSupport RAT being distributed via a spear phishing email that has recently been in circulation.…

Read More

We often think of malvertising as being malicious ads that push malware or scams, and quite rightly so these are probably the most common payloads. However, malvertising is also a great vehicle for phishing attacks which we usually see more often via spam emails.

Threat actors continue to abuse and impersonate brands, posing as verified advertisers whose only purpose is to smuggle rogue ads via popular search engines.…

Read More

During the week of February 20, 2023, Sophos X-Ops MDR team received two separate requests for threat hunts related to unusual activity in two customers’ Microsoft 365 (formerly Office 365) environments. This prompted an investigation into sets of Microsoft Graph security events forwarded to Sophos XDR, to identify whether suspicious or malicious activity occurred.…

Read More