Tag: spear-phishing
-
North Korean Kimsuky Hackers Use GitHub to Target Foreign Embassies with XenoRAT Malware
Tags: cyber, data-breach, email, espionage, github, group, hacker, malware, north-korea, password, phishing, spear-phishingThe Trellix Advanced Research Center exposed a DPRK-linked espionage operation attributed to the Kimsuky group (APT43), targeting diplomatic missions in South Korea. Between March and July, at least 19 spear-phishing emails impersonated trusted diplomatic contacts, delivering malware via password-protected ZIP archives hosted on Dropbox and Daum. These emails lured embassy staff with credible invitations to…
-
Noodlophile Stealer Hides Behind Bogus Copyright Complaints
Noodlophile is targeting enterprises in spear-phishing attacks using copyright claims as phishing lures. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/noodlophile-stealer-bogus-copyright-complaints
-
Noodlophile Malware Campaign Expands Global Reach with Copyright Phishing Lures
The threat actors behind the Noodlophile malware are leveraging spear-phishing emails and updated delivery mechanisms to deploy the information stealer in attacks aimed at enterprises located in the U.S., Europe, Baltic countries, and the Asia-Pacific (APAC) region.”The Noodlophile campaign, active for over a year, now leverages advanced spear-phishing emails posing as copyright infringement First seen…
-
Noodlophile infostealer is hiding behind fake copyright and PI infringement notices
Attackers pushing the Noodlophile infostealer are targeting businesses with spear-phishing emails threatening legal action due to copyright or intellectual property … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/18/noodlophile-infostealer-spear-phishing-campaign-copyright-infingement/
-
UAC-0099 Tactics, Techniques, Procedures and Attack Methods Revealed
Tags: attack, cyber, defense, email, espionage, government, malicious, military, phishing, powershell, spear-phishing, tactics, threat, ukraineUAC-0099, a persistent threat actor active since at least 2022, has conducted sophisticated cyber-espionage operations against Ukrainian government, military, and defense entities, evolving its toolkit across three major campaigns documented in CERT-UA alerts from June 2023, December 2024, and August 2025. Initially relying on the PowerShell-based LONEPAGE loader delivered via spear-phishing emails with malicious attachments…
-
Cyberspionage via Sicherheitslücke in WinRAR
ESET-Forscher haben eine bisher unbekannte Schwachstelle im beliebten Komprimierungsprogramm entdeckt, die von der russlandnahen Hackergruppe Romcom ausgenutzt wurde. Laut ESET-Telemetriedaten hat die Gruppe zwischen dem 18. und 21. Juli 2025 bösartige Archive in Spear-Phishing-Kampagnen eingesetzt, die sich gegen Finanz-, Fertigungs-, Rüstungs- und Logistikunternehmen in Europa und Kanada richteten. Das Ziel der Angriffe war Cyberspionage. […]…
-
Weaponizing Microsoft 365 Direct Send to Bypass Email Security Defenses
Security researchers at StrongestLayer, in collaboration with Jeremy, a seasoned Security Architect at a major manufacturing firm, have exposed a multi-layered spear phishing attack that exploits Microsoft 365’s Direct Send feature to infiltrate corporate email systems. The campaign, flagged initially by StrongestLayer’s AI system TRACE, masqueraded as innocuous voicemail notifications from services like RingCentral, but…
-
Mustang Panda Targets Windows Users with ToneShell Malware Disguised as Google Chrome
The China-aligned threat actor Mustang Panda, also known as Earth Preta, HIVE0154, RedDelta, and Bronze President, has been deploying the ToneShell backdoor against Windows users, primarily targeting government and military entities in the Asia-Pacific and Europe. Active since at least 2012, the group leverages spear-phishing emails with military-themed lures to deliver malicious archives, such as…
-
New Spear Phishing Attack Distributes VIP Keylogger Through Email Attachment
Threat actors have revived the sophisticated VIP keylogger malware, previously detailed in an earlier white paper for its use of spear-phishing and steganography to infiltrate systems and steal data from web browsers and user credentials. This iteration introduces an AutoIt-based injector to deploy the final payload, marking a shift from prior methods while maintaining core…
-
Patchwork Targets Turkish Defense Firms with Spear-Phishing Using Malicious LNK Files
The threat actor known as Patchwork has been attributed to a new spear-phishing campaign targeting Turkish defense contractors with the goal of gathering strategic intelligence.”The campaign employs a five-stage execution chain delivered via malicious LNK files disguised as conference invitations sent to targets interested in learning more about unmanned vehicle systems,” Arctic Wolf Labs said…
-
Operation CargoTalon Targets Russian Aerospace Defense to Deploy EAGLET Implant
SEQRITE Labs’ APT-Team has uncovered a sophisticated spear-phishing campaign dubbed Operation CargoTalon, targeting employees at Russia’s Voronezh Aircraft Production Association (VASO), a key aerospace entity. The operation leverages malicious attachments disguised as товарно-транÑÐ¿Ð¾Ñ€Ñ‚Ð½Ð°Ñ Ð½Ð°ÐºÐ»Ð°Ð´Ð½Ð°Ñ (TTN) logistics documents, critical for Russian supply chains. Discovered on June 27 via VirusTotal hunting, the campaign employs a malicious EML…
-
China-Backed Hackers Intensify Attacks on Taiwan Chipmakers
3 State-Sponsored Groups Spear-Phish Semiconductor Ecosystem. Chinese state-aligned hackers have ramped up espionage efforts against Taiwan’s semiconductor ecosystem through spear-phishing campaigns. Three distinct threat actors targeted chipmakers, packaging and testing firms, equipment suppliers and financial analysts. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/china-backed-hackers-intensify-attacks-on-taiwan-chipmakers-a-29004
-
Chinese Hackers Target Taiwan’s Semiconductor Sector with Cobalt Strike, Custom Backdoors
The Taiwanese semiconductor industry has become the target of spear-phishing campaigns undertaken by three Chinese state-sponsored threat actors.”Targets of these campaigns ranged from organizations involved in the manufacturing, design, and testing of semiconductors and integrated circuits, wider equipment and services supply chain entities within this sector, as well as financial investment First seen on thehackernews.com…
-
North Korean Hackers Exploit Zoom Invites in Attacks on Crypto Companies
Tags: attack, blockchain, crypto, cyber, cybersecurity, data-breach, exploit, hacker, jobs, malware, north-korea, phishing, spear-phishing, tactics, threatCybersecurity firm SentinelOne has exposed an ongoing malware campaign orchestrated by North Korean threat actors, known for their persistent >>fake interview
-
DoNot APT Hits European Ministry with New LoptikMod Malware
Trellix reveals how the India-linked DoNot APT group launched a sophisticated spear-phishing attack on a European foreign affairs… First seen on hackread.com Jump to article: hackread.com/donot-apt-hits-european-ministry-loptikmod-malware/
-
Russian APT ‘Gamaredon’ Hits Ukraine With Fierce Phishing
A Russian APT known as Gamaredon is using spear-phishing attacks and network-drive weaponization to target government entities in Ukraine. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/russian-apt-gamaredon-ukraine-phishing
-
PUBLOAD and Pubshell Malware Used in Mustang Panda’s Tibet-Specific Attack
A China-linked threat actor known as Mustang Panda has been attributed to a new cyber espionage campaign directed against the Tibetan community.The spear-phishing attacks leveraged topics related to Tibet, such as the 9th World Parliamentarians’ Convention on Tibet (WPCT), China’s education policy in the Tibet Autonomous Region (TAR), and a recently published book by the…
-
SAP-Schwachstellen gefährden Windows-Nutzerdaten
Tags: access, compliance, cve, cvss, cyberattack, encryption, fortinet, GDPR, PCI, phishing, risk, sap, spear-phishing, update, vulnerability, windowsSchwachstellen in SAP GUI geben sensible Daten durch schwache oder fehlende Verschlüsselung preis.Die Forscher Jonathan Stross von Pathlock, und Julian Petersohn von Fortinet warnen vor zwei neuen Sicherheitslücken in einer Funktion von SAP GUI, die für die Speicherung der Benutzereingaben in den Windows- (CVE-2025-0055) und Java-Versionen (CVE-2025-0056) zuständig ist .Dadurch werden sensible Informationen wie Benutzernamen,…
-
Iranian Spear-Phishing Attack Impersonates Google, Outlook, and Yahoo Domains
Check Point Research has uncovered a renewed global spear-phishing campaign orchestrated by the Iranian threat actor Educated Manticore, also known as APT42, Charming Kitten, and Mint Sandstorm. Linked to the IRGC Intelligence Organization, this group has intensified its operations amid growing Iran-Israel tensions, targeting high-value individuals with meticulously crafted attacks. The campaign, which has seen…
-
Iranian APT35 Hackers Targeting Israeli Tech Experts with AI-Powered Phishing Attacks
An Iranian state-sponsored hacking group associated with the Islamic Revolutionary Guard Corps (IRGC) has been linked to a spear-phishing campaign targeting journalists, high-profile cyber security experts, and computer science professors in Israel.”In some of those campaigns, Israeli technology and cyber security professionals were approached by attackers who posed as fictitious assistants to First seen on…
-
Charming Kitten APT Tries Spying on Israeli Cybersecurity Experts
Israel’s cyber pros are having to put theory into practice, as a notorious nation-state APT sponsored by Iran targets them with spear-phishing attacks. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/iran-apt-spying-israeli-cybersecurity-experts
-
SAP GUI flaws expose sensitive data via weak or no encryption
Tags: attack, breach, cve, data, encryption, exploit, flaw, phishing, sap, spear-phishing, threat, update, vulnerability, windowsThe impact could be much greater: Dani noted that a breach through these vulnerabilities can facilitate further targeted attacks. “Not undermining the fact that this extracted data provides attackers with enough gunpowder for reconnaissance activities, a threat actor could comprehend organizational structure, usage patterns, and system configurations from the exploitation of these vulnerabilities and weaponize…
-
Shadow Vector Malware Uses SVG Images to Deliver AsyncRAT and RemcosRAT Payloads
Acronis Threat Research Unit (TRU) has discovered a startling development: a malicious campaign called >>Shadow Vector
-
Russia Expert Falls Prey to Elite Hackers Disguised as US Officials
A prominent expert on Russian information operations was targeted by a sophisticated spear phishing attack likely coming from Russian hackers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russia-expert-elite-hackers-us/
-
UNC1151 Exploits Roundcube Flaw in Spear Phishing Attack
The post UNC1151 Exploits Roundcube Flaw in Spear Phishing Attack appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/unc1151-exploits-roundcube-flaw-in-spear-phishing-attack/
-
APT37 Hackers Fake Academic Forum Invites to Deliver Malicious LNK Files via Dropbox Platform
The North Korean state-sponsored hacking group APT37 has launched a sophisticated spear phishing campaign in March 2025, targeting activists focused on North Korean issues. Disguised as invitations to an academic forum hosted by a South Korean national security think tank, these emails cleverly referenced a real event titled “Trump 2.0 Era: Prospects and South Korea’s…
-
Fake Recruiter Emails Target CFOs Using Legit NetBird Tool Across 6 Global Regions
Cybersecurity researchers have warned of a new spear-phishing campaign that uses a legitimate remote access tool called Netbird to target Chief Financial Officers (CFOs) and financial executives at banks, energy companies, insurers, and investment firms across Europe, Africa, Canada, the Middle East, and South Asia. “In what appears to be a multi-stage phishing operation, the…
-
NetBird malware spread in advanced finance exec-targeted spear-phishing
First seen on scworld.com Jump to article: www.scworld.com/brief/netbird-malware-spread-in-advanced-finance-exec-targeted-spear-phishing