Tag: spear-phishing
-
Spear-Phishing Campaign Abuses Argentine Federal Court Rulings to Deliver Covert RAT
Seqrite Labs has uncovered a sophisticated spear-phishing campaign targeting Argentina’s judicial sector with a multi-stage infection chain designed to deploy a stealthy Rust-based Remote Access Trojan (RAT). The campaign primarily targets Argentina’s judicial institutions, legal professionals, justice-adjacent government bodies, and academic legal organizations. Attackers abuse legitimate Argentine federal court rulings specifically, preventive detention review documents…
-
Spear-Phishing Campaign Leverages Google Ads to Distribute EndRAT Malware
Genians Security Center has published an in-depth analysis of Operation Poseidon, a sophisticated APT campaign attributed to the Konni threat group that exploits legitimate advertising infrastructure to distribute EndRAT malware. This advanced spear-phishing operation demonstrates how threat actors leverage trusted platforms to circumvent traditional security defenses while targeting South Korean financial institutions and human rights…
-
Hackers Exploiting PDF24 App to Deploy Stealthy PDFSIDER Backdoor
Resecurity has identified PDFSIDER malware that exploits the legitimate PDF24 App to covertly steal data and allow remote access. Learn how this APT-level campaign targets corporate networks through spear-phishing and encrypted communications. First seen on hackread.com Jump to article: hackread.com/hackers-exploit-pdf24-app-pdfsider-backdoor/
-
PDFSIDER Malware Actively Exploited to Evade Antivirus and EDR Defenses
Security researchers have identified a sophisticated backdoor malware variant, PDFSIDER, that leverages DLL side-loading to evade endpoint detection and response (EDR) systems. The threat demonstrates advanced persistent threat (APT) tradecraft, combining evasion mechanisms with encrypted command-and-control capabilities to maintain covert access on compromised systems. PDFSIDER’s infection chain originates through spear-phishing campaigns delivering ZIP archives containing…
-
North Korealinked APT Kimsuky behind quishing attacks, FBI warns
FBI warns that North Korealinked APT group Kimsuky is targeting governments, think tanks, and academic institutions with quishing attacks. North Korealinked APT group Kimsuky is targeting government agencies, academic institutions, and think tanks using spear-phishing emails that contain malicious QR codes (quishing), the FBI warns. >>As of 2025, Kimsuky actors have targeted think tanks, academic…
-
MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors
The Iranian threat actor known as MuddyWater has been attributed to a spear-phishing campaign targeting diplomatic, maritime, financial, and telecom entities in the Middle East with a Rust-based implant codenamed RustyWater.”The campaign uses icon spoofing and malicious Word documents to deliver Rust based implants capable of asynchronous C2, anti-analysis, registry persistence, and modular First seen…
-
FBI Warns of North Korean QR Phishing Campaigns
The FBI says North Korea’s Kimsuky APT group is using QR codes in spear phishing campaigns First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fbi-warns-north-korean-qr-phishing/
-
FBI Warns of North Korean QR Phishing Campaigns
The FBI says North Korea’s Kimsuky APT group is using QR codes in spear phishing campaigns First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fbi-warns-north-korean-qr-phishing/
-
FBI Warns North Korean Hackers Using Malicious QR Codes in Spear-Phishing
The U.S. Federal Bureau of Investigation (FBI) on Thursday released an advisory warning of North Korean state-sponsored threat actors leveraging malicious QR codes in spear-phishing campaigns targeting entities in the country.”As of 2025, Kimsuky actors have targeted think tanks, academic institutions, and both U.S. and foreign government entities with embedded malicious Quick Response (QR) First…
-
New Spear-Phishing Attack Targeting Security Individuals in the Israel Region
Israel’s National Cyber Directorate has issued an urgent alert warning of an active spear-phishing campaign specifically targeting individuals employed in security and defense-related sectors. The operation, linked to infrastructure associated with APT42 (also known as Charming Kitten), represents a deliberate and sophisticated threat targeting high-value personnel rather than opportunistic mass phishing. The attack leverages WhatsApp…
-
27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials
Cybersecurity researchers have disclosed details of what has been described as a “sustained and targeted” spear-phishing campaign that has published over two dozen packages to the npm registry to facilitate credential theft.The activity, which involved uploading 27 npm packages from six different npm aliases, has primarily targeted sales and commercial personnel at critical First seen…
-
Blind Eagle Hackers Target Government Agencies Using PowerShell Scripts
Tags: access, cyber, cyberattack, cybersecurity, email, government, group, hacker, phishing, powershell, spear-phishing, threatColombian government institutions are facing a sophisticated multi-stage cyberattack campaign orchestrated by the BlindEagle threat group, which leveraged compromised internal email accounts, PowerShell scripts, and steganography to deploy remote access trojans on target systems, according to Zscaler ThreatLabz researchers. The cybersecurity firm discovered the spear-phishing operation in early September 2025, revealing that BlindEagle targeted agencies…
-
BlindEagle Targets Colombian Government Agency with Caminho and DCRAT
Tags: access, attack, authentication, cloud, communications, control, cybercrime, defense, detection, dkim, dmarc, dns, email, encryption, flaw, government, group, infrastructure, injection, Internet, malicious, malware, microsoft, open-source, phishing, powershell, rat, service, spear-phishing, startup, tactics, threat, tool, update, usa, windowsIntroductionIn early September 2025, Zscaler ThreatLabz discovered a new spear phishing campaign attributed to BlindEagle, a threat actor who operates in South America and targets users in Spanish-speaking countries, such as Colombia. In this campaign, BlindEagle targeted a government agency under the control of the Ministry of Commerce, Industry and Tourism (MCIT) in Colombia using…
-
Blind Eagle Hackers Exploit Trust to Bypass Email Security Controls
Tags: attack, control, cyber, cybersecurity, email, exploit, government, group, hacker, malware, phishing, spear-phishing, threatBlindEagle threat actors are exploiting compromised internal email accounts to launch spear-phishing campaigns that bypass traditional email security controls, targeting Colombian government agencies with sophisticated multi-stage malware attacks, according to Zscaler ThreatLabz research. The cybersecurity firm discovered the campaign in early September 2025, revealing that the South American threat group targeted a government agency under…
-
Russian Calisto Hackers Target NATO Research with ClickFix Malware
Tags: credentials, cyber, defense, hacker, intelligence, malicious, malware, phishing, russia, service, spear-phishing, threat, ukraineRussian intelligence-linked cyber threat actors have intensified their operations against NATO research organizations, Western defense contractors, and NGOs supporting Ukraine, employing sophisticated phishing and credential harvesting techniques. The Calisto intrusion set, attributed to Russia’s FSB intelligence service, has escalated its spear-phishing campaigns throughout 2025, leveraging the ClickFix malicious code technique to target high-value entities across…
-
5 Reasons Why Attackers Are Phishing Over LinkedIn
Phishing attacks are no longer confined to the email inbox, with 1 in 3 phishing attacks now taking place over non-email channels like social media, search engines, and messaging apps.LinkedIn in particular has become a hotbed for phishing attacks, and for good reason. Attackers are running sophisticated spear-phishing attacks against company executives, with recent campaigns…
-
Emulating the Espionage-Oriented Group SideWinder
Tags: attack, cyber, espionage, exploit, government, group, microsoft, military, office, phishing, spear-phishing, threat, vulnerabilityAttackIQ has released a new attack graph that emulates the behaviors exhibited by SideWinder, a threat actor with a long history of cyber espionage dating back to 2012. The group has primarily targeted government, military, and maritime sectors across South Asia and nearby regions through sophisticated spear-phishing campaigns, exploitation of Microsoft Office vulnerabilities, and the…
-
Emulating the Espionage-Oriented Group SideWinder
Tags: attack, cyber, espionage, exploit, government, group, microsoft, military, office, phishing, spear-phishing, threat, vulnerabilityAttackIQ has released a new attack graph that emulates the behaviors exhibited by SideWinder, a threat actor with a long history of cyber espionage dating back to 2012. The group has primarily targeted government, military, and maritime sectors across South Asia and nearby regions through sophisticated spear-phishing campaigns, exploitation of Microsoft Office vulnerabilities, and the…
-
China-Aligned UTA0388 Uses AI Tools in Global Phishing Campaigns
Volexity has linked spear phishing operations to China-aligned UTA0388 in new campaigns using advanced tactics and LLMs First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/china-aligned-uta0388-ai-tools/
-
Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine
A previously unknown threat activity cluster has been observed impersonating Slovak cybersecurity company ESET as part of phishing attacks targeting Ukrainian entities.The campaign, detected in May 2025, is tracked by the security outfit under the moniker InedibleOchotense, describing it as Russia-aligned.”InedibleOchotense sent spear-phishing emails and Signal text messages, containing a link First seen on thehackernews.com…
-
APT60 Campaign: Malicious VHDX Hosted on Google Drive Lures Job Applicants
JPCERT/CC has issued an urgent warning about ongoing attacks by the advanced persistent threat group APT-C-60, which continues to target recruitment professionals in Japan through sophisticated spear-phishing campaigns. The attack campaign specifically impersonates job seekers contacting recruitment staff, exploiting the natural workflow of human resources professionals who regularly review candidate submissions. Between June and August…
-
APT60 Campaign: Malicious VHDX Hosted on Google Drive Lures Job Applicants
JPCERT/CC has issued an urgent warning about ongoing attacks by the advanced persistent threat group APT-C-60, which continues to target recruitment professionals in Japan through sophisticated spear-phishing campaigns. The attack campaign specifically impersonates job seekers contacting recruitment staff, exploiting the natural workflow of human resources professionals who regularly review candidate submissions. Between June and August…
-
Silent Lynx APT New Attack Targeting Governmental Employees Posing as Officials
Seqrite Labs’ APT Team has documented fresh campaigns from Silent Lynx, a sophisticated threat actor group known for orchestrating spear-phishing operations that impersonate government officials to target diplomatic and governmental employees across Central Asia. The group, also tracked under aliases including YoroTrooper, Sturgeon Phisher, and Cavalry Werewolf, continues its espionage-focused activities with minimal operational security…
-
NDSS 2025 The Philosopher’s Stone: Trojaning Plugins Of Large Language Models
Tags: attack, conference, control, data, defense, exploit, LLM, malicious, malware, network, open-source, phishing, spear-phishingSESSION Session 2A: LLM Security Authors, Creators & Presenters: Tian Dong (Shanghai Jiao Tong University), Minhui Xue (CSIRO’s Data61), Guoxing Chen (Shanghai Jiao Tong University), Rayne Holland (CSIRO’s Data61), Yan Meng (Shanghai Jiao Tong University), Shaofeng Li (Southeast University), Zhen Liu (Shanghai Jiao Tong University), Haojin Zhu (Shanghai Jiao Tong University) PAPER The Philosopher’s Stone:…
-
Cyber-espionage campaign mirroring Sandworm TTPs hit Russian and Belarusian military
A spear-phishing campaign aimed to compromise Russian and Belarusian military personnel by using military-themed documents as a lure has been flagged by Cyble and Seqrite … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/03/russian-belarusian-military-spear-phishing/
-
New HttpTroy Backdoor Poses as VPN Invoice in Targeted Cyberattack on South Korea
Tags: attack, backdoor, cyberattack, email, korea, north-korea, phishing, spear-phishing, threat, vpnThe North Korea-linked threat actor known as Kimsuky has distributed a previously undocumented backdoor codenamed HttpTroy as part of a likely spear-phishing attack targeting a single victim in South Korea.Gen Digital, which disclosed details of the activity, did not reveal any details on when the incident occurred, but noted that the phishing email contained a…
-
UNC6384 Targets European Diplomatic Entities With Windows Exploit
The spear-phishing campaign uses fake European Commission and NATO-themed lures to trick diplomatic personnel into clicking malicious links. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/unc6384-european-diplomat-windows