Tag: social-engineering
-
Industrialisierte Geldwäsche: ‘Mule-Account-Fabriken”
Kriminelle missbrauchen die Identitäten von Bürgern, um systematisch verifizierte Bankkonten für Geldwäsche zu erstellen und für bis zu 700 US-Dollar im Darknet zu verkaufen. Durch den Einsatz von SIM-Modem-Farms und perfidem Social Engineering bei der KYC-Prüfung hebelt die Masche herkömmliche Sicherheitsmechanismen aus. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/industrie-geldwaesche
-
Threat actor uses Microsoft Teams to deploy new “Snow” malware
A threat group tracked as UNC6692 uses social engineering to deploy a new, custom malware suite named ‘Snow’ which includes a browser extension, a tunneler, and a backdoor. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/threat-actor-uses-microsoft-teams-to-deploy-new-snow-malware/
-
UNC6692 Impersonates IT Help Desk via Microsoft Teams to Deploy SNOW Malware
A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised hosts.”As with many other intrusions in recent years, UNC6692 relied heavily on impersonating IT help desk employees, convincing their victim to accept a Microsoft Teams chat invitation from…
-
Hackers Impersonate IT Helpdesk Staff to Breach Firms via Microsoft Teams
A newly identified cyber threat group, UNC6692, is using a clever mix of social engineering and custom malware to infiltrate corporate networks. By impersonating IT helpdesk personnel on Microsoft Teams, these hackers trick employees into downloading a sophisticated malware suite that steals sensitive company data. The Social Engineering Trap The attack begins with an aggressive…
-
UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware
A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised hosts.”As with many other intrusions in recent years, UNC6692 relied heavily on impersonating IT helpdesk employees, convincing their victim to accept a Microsoft Teams chat invitation from an…
-
With AI’s help, North Korean hackers stumbled into a near-undetectable attack
For many years, state-sponsored hacking was defined by human expertise in finding security holes, writing malware and exploits, pulling off social engineering and phishing … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/23/hexagonalrodent-north-korean-hackers-targeting-developers/
-
Regular Password Resets Aren’t as Safe as You Think
Password resets are one of the easiest ways for attackers to bypass security controls. Specops Software shows how helpdesk social engineering turns a seemingly legitimate reset request into full account compromise. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/regular-password-resets-arent-as-safe-as-you-think/
-
Malware-Kit Venom Stealer hebt ClickFix-Angriffe auf ein neues Niveau
Der Ansatz: Das Opfer wird durch geschickte Social-Engineering-Methoden dazu gebracht, einen bereitgestellten Befehl in die Zwischenablage zu kopieren… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/malware-kit-venom-stealer-hebt-clickfix-angriffe-auf-ein-neues-niveau/a44750/
-
Microsoft spots Sapphire Sleet macOS attack using AppleScript and social engineering
Tags: attack, cyber, exploit, flaw, macOS, microsoft, north-korea, social-engineering, software, threat, vulnerabilityA new macOS-focused cyber campaign linked to the North Korean threat actor Sapphire Sleet, highlighting how attackers are increasingly relying on social engineering rather than software vulnerabilities to compromise systems. Rather than exploiting security flaws, the attackers manipulate user trust, allowing them to bypass built-in macOS protections. The attack begins with carefully crafted social engineering…
-
Top techniques attackers use to infiltrate your systems today
Tags: 2fa, access, ai, api, attack, authentication, automation, business, captcha, cloud, container, control, corporate, credentials, cybercrime, cybersecurity, data, deep-fake, defense, detection, email, exploit, flaw, hacking, Hardware, identity, infrastructure, least-privilege, malicious, mfa, microsoft, monitoring, network, password, phishing, powershell, ransomware, risk, saas, scam, service, social-engineering, software, supply-chain, theft, tool, training, vpn, vulnerability, wormNetwork security device hacking: Network edge devices have increasingly drawn attackers’ attention over the past two years, establishing a new battleground where the very devices meant to protect the network have become attractive targets for exploitation.As a result, flaws in security device, such as SSL VPN systems and other gateways, are among the top initial…
-
North Korea-Linked UNC1069 Hacks Crypto Pros via Fake Meetings
North Korea-linked threat actor UNC1069 is running a highly targeted campaign that abuses fake Zoom, Google Meet, and Microsoft Teams meetings to compromise cryptocurrency and Web3 professionals across Windows, macOS, and Linux systems. The goal is long-term access and large-scale theft of digital assets through stealthy social engineering and multi-stage malware deployment. Attackers often hijack…
-
North Korean social engineering campaign targets macOS users
A MacOS-focused social engineering campaign orchestrated by North Korea-based threat actor Sapphire Sleet has been exposed by Microsoft’s Threat Intelligence Unit. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366641953/North-Korean-social-engineering-campaign-targets-macOS-users
-
The Cyber Express Weekly Roundup: Crypto Breaches, State-Linked Schemes, and Platform Exploits
Tags: attack, breach, crypto, cyber, cybercrime, cybersecurity, exploit, fraud, infrastructure, social-engineering, threatIn this week’s weekly roundup, The Cyber Express reviews major developments across the cybersecurity domain. highlighting incidents involving crypto ecosystem attacks, state-linked fraud operations, regulatory scrutiny, and underground cybercrime activity. The broader threat landscape continues to show attackers targeting infrastructure weaknesses, social engineering pathways, and third-party dependencies rather than isolated technical flaws. First seen on thecyberexpress.com…
-
Fake Zoom SDK Update Spreads Sapphire Sleet Malware in New macOS Attack Chain
Tags: apple, attack, cyber, macOS, malicious, malware, north-korea, social-engineering, software, threat, update, vulnerabilityA sophisticated macOS-focused cyber campaign orchestrated by the North Korean threat actor Sapphire Sleet, revealing a shift toward social engineering over traditional software exploitation. Instead of relying on vulnerabilities, the attackers trick users into executing malicious files disguised as legitimate software updates, effectively bypassing Apple’s built-in security protections. The campaign centers on a fake file…
-
New ATHR vishing platform uses AI voice agents for automated attacks
A new cybercrime platform called ATHR can harvest credentials via fully automated voice phishing attacks that use both human operators and AI agents for the social engineering phase. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-athr-vishing-platform-uses-ai-voice-agents-for-automated-attacks/
-
April Patch Tuesday roundup: Zero day vulnerabilities and critical bugs
Tags: access, ai, attack, business, ciso, cloud, cve, cvss, cyber, data, exploit, firewall, flaw, identity, injection, international, ivanti, LLM, malware, microsoft, network, remote-code-execution, sap, social-engineering, software, sql, threat, tool, unauthorized, update, vulnerability, windows, zero-dayblock inbound traffic on UDP ports 500 and 4500 for systems that do not use IKE;for systems that require IKE, configure firewall rules to allow inbound traffic on UDP ports 500 and 4500 only from known peer addresses.Microsoft noted that these actions reduce the attack surface, but don’t replace installing the security update.Breen said that…
-
April Patch Tuesday roundup: Zero day vulnerabilities and critical bugs
Tags: access, ai, attack, business, ciso, cloud, cve, cvss, cyber, data, exploit, firewall, flaw, identity, injection, international, ivanti, LLM, malware, microsoft, network, remote-code-execution, sap, social-engineering, software, sql, threat, tool, unauthorized, update, vulnerability, windows, zero-dayblock inbound traffic on UDP ports 500 and 4500 for systems that do not use IKE;for systems that require IKE, configure firewall rules to allow inbound traffic on UDP ports 500 and 4500 only from known peer addresses.Microsoft noted that these actions reduce the attack surface, but don’t replace installing the security update.Breen said that…
-
North Korea targets macOS users in latest heist
Social engineering: ‘low-cost, hard to patch, and scales well’ First seen on theregister.com Jump to article: www.theregister.com/2026/04/16/north_korea_social_engineering_macos/
-
Black Basta’s playbook lives on as former affiliates launch fast-scale intrusion campaign
Tags: social-engineeringThe social engineering campaign spiked last month and has targeted dozens of organizations since May 2025, according to ReliaQuest. First seen on cyberscoop.com Jump to article: cyberscoop.com/black-basta-affiliates-senior-executives-reliaquest/
-
Okta Under Attack as Hackers Skip Phishing for Identity Systems
Hackers are shifting away from email phishing and are directly targeting Okta and other identity providers using voice”‘based social engineering, or “Okta vishing.” This trend turns what used to be a single account compromise into an immediate, organization”‘wide cloud data breach via Single Sign-On (SSO). Instead of sending links, they stay on the phone and…
-
Scheinunternehmen für Social-Engineering-Kampagne – Wie Fake-Startups systematisch Krypto-Wallets plündern
First seen on security-insider.de Jump to article: www.security-insider.de/fake-startups-social-engineering-krypto-wallets-a-4b69b8f7d0e7419def87227920571649/
-
North Korea’s APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware
The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage, social engineering campaign in which threat actors approached targets on Facebook and added them as friends on the social media platform, turning the trust-building exercise into a delivery channel for a remote access trojan called RokRAT.”The threat actor…
-
APT37 Uses Facebook, Telegram, and Trojanzied Installer in New Targeted Cyberattack
APT37 is running a new targeted intrusion campaign that abuses Facebook, Telegram, and a tampered Wondershare PDFelement installer to gain stealthy access and exfiltrate sensitive data, likely from defense”‘related targets. The operation shows a continued evolution of APT37’s social engineering and evasion tradecraft, and demands behavior”‘based EDR capable of spotting process injection, abused cloud storage,…
-
UNC6783 Hackers Use Fake Okta Pages in Corporate Breach Campaign
UNC6783 hackers and extortionists impersonate support staff, using fake Okta login pages and social engineering to access corporate systems and steal sensitive data. First seen on hackread.com Jump to article: hackread.com/unc6783-hackers-fake-okta-pages-corporate-breach/
-
Axios Attack Shows How Complex Social Engineering Is Industrialized
The attack on the popular NPM package Axios is just one of many targeting maintainers and has shone a light on how threat actors can scale sophisticated social engineering campaigns. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/axios-attack-complex-social-engineering-industrialized
-
ClickFix Campaign Abuses macOS Script Editor to Deploy Atomic Stealer
A refreshed ClickFix campaign that swaps macOS Terminal for Script Editor to deliver an Atomic Stealer payload to unsuspecting Mac users quietly. By abusing the applescript:// URL scheme, attackers sidestep Apple’s new paste-protection in Terminal on macOS Tahoe 26.4 while preserving the same underlying “click-to-fix” social engineering pattern. Traditional ClickFix chains rely on fake support or “system cleanup” pages…
-
Linux Foundation Leader Impersonated in Slack Attack on Open Source Developers
A social engineering campaign is actively targeting open source developers through Slack. The warning was shared through the OpenSSF Siren mailing list, a public threat intelligence platform designed to alert developers and security teams about active threats after initial disclosure. The advisory was authored by Christopher “CRob” Robinson, CTO and Chief Security Architect at OpenSSF.…
-
Social engineering attacks on open source developers are escalating
North Korean hackers spent weeks socially engineering an Axios maintainer through a fake Slack workspace, a cloned company identity, and a fabricated Microsoft Teams call that … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/08/social-engineering-open-source-developers/
-
Axios Attack Shows Complex Social Engineering Is Industrialized
The attack on the popular NPM package Axios is just one of many targeting maintainers and has shone a light on how threat actors can scale sophisticated social engineering campaigns. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/axios-attack-complex-social-engineering-industrialized
-
Axios Attack Shows Complex Social Engineering Is Industrialized
The attack on the popular NPM package Axios is just one of many targeting maintainers and has shone a light on how threat actors can scale sophisticated social engineering campaigns. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/axios-attack-complex-social-engineering-industrialized