Tag: spear-phishing
-
APT36 Targets Indian Government with Golang-Based DeskRAT Malware Campaign
A Pakistan-nexus threat actor has been observed targeting Indian government entities as part of spear-phishing attacks designed to deliver a Golang-based malware known as DeskRAT.The activity, observed in August and September 2025 by Sekoia, has been attributed to Transparent Tribe (aka APT36), a state-sponsored hacking group known to be active since at least 2013. It…
-
Blitz Spear Phishing Campaign Targets NGOs Supporting Ukraine
A spear phishing campaign dubbed PhantomCaptcha targeted Ukraine’s war relief efforts and regional government administrations for a single day in October First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/blitz-spear-phishing-ngos-ukraine/
-
PhantomCaptcha targets Ukraine relief groups with WebSocket RAT in October 2025
PhantomCaptcha phishing campaign hit Ukraine relief groups with a WebSocket RAT on Oct 8, 2025, targeting Red Cross, UNICEF, and others. SentinelOne researchers uncovered PhantomCaptcha, a coordinated spear-phishing campaign on October 8, 2025, targeting Ukraine war relief groups, including Red Cross, UNICEF, NRC, and local administrations. Threat actors used fake emails to deploy a WebSocket-based…
-
Ukraine Aid Groups Targeted Through Fake Zoom Meetings and Weaponized PDF Files
Cybersecurity researchers have disclosed details of a coordinated spear-phishing campaign dubbed PhantomCaptcha targeting organizations associated with Ukraine’s war relief efforts to deliver a remote access trojan that uses a WebSocket for command-and-control (C2).The activity, which took place on October 8, 2025, targeted individual members of the International Red Cross, Norwegian Refugee First seen on thehackernews.com…
-
Cavalry Werewolf APT Targets Multiple Sectors Using FoalShell and StallionRAT
From May to August 2025, an advanced persistent threat group known as Cavalry Werewolf”, also tracked as YoroTrooper and Silent Lynx”, executed a sophisticated attack campaign targeting Russia’s public sector and vital industries such as energy, mining, and manufacturing. The coordinated offensive leveraged trusted relationships for highly targeted spear-phishing and deployed a custom multi-language malware…
-
Pakistani Cyber Actors Impersonating ‘NIC eEmail Services’ to Target Indian Government
Tags: attack, credentials, cyber, email, government, group, india, infrastructure, phishing, service, spear-phishing, threatPakistan-based advanced persistent threat group APT36, also known as TransparentTribe, is actively targeting Indian government entities with a sophisticated spear-phishing campaign using email lures themed as “NIC eEmail Services.” This campaign leverages lookalike domains and weaponized infrastructure to steal credentials and enable long-term espionage. The attack begins with email messages that convincingly mimic official notifications…
-
Pakistani Cyber Actors Impersonating ‘NIC eEmail Services’ to Target Indian Government
Tags: attack, credentials, cyber, email, government, group, india, infrastructure, phishing, service, spear-phishing, threatPakistan-based advanced persistent threat group APT36, also known as TransparentTribe, is actively targeting Indian government entities with a sophisticated spear-phishing campaign using email lures themed as “NIC eEmail Services.” This campaign leverages lookalike domains and weaponized infrastructure to steal credentials and enable long-term espionage. The attack begins with email messages that convincingly mimic official notifications…
-
Pakistani Cyber Actors Impersonating ‘NIC eEmail Services’ to Target Indian Government
Tags: attack, credentials, cyber, email, government, group, india, infrastructure, phishing, service, spear-phishing, threatPakistan-based advanced persistent threat group APT36, also known as TransparentTribe, is actively targeting Indian government entities with a sophisticated spear-phishing campaign using email lures themed as “NIC eEmail Services.” This campaign leverages lookalike domains and weaponized infrastructure to steal credentials and enable long-term espionage. The attack begins with email messages that convincingly mimic official notifications…
-
Operation Silk Lure: Weaponizing Windows Scheduled Tasks for ValleyRAT Delivery
A targeted cyber-espionage campaign exploiting Windows Scheduled Tasks and DLL side-loading to deploy the sophisticated ValleyRAT backdoor. The operation pivots on tailored spear-phishing emails, weaponized Windows shortcuts, and a persistent task scheduler mechanism, all delivering a multi-stage malware payload designed to harvest sensitive intelligence from Chinese FinTech and cryptocurrency firms. Adversaries behind Operation Silk Lure…
-
Operation Silk Lure: Weaponizing Windows Scheduled Tasks for ValleyRAT Delivery
A targeted cyber-espionage campaign exploiting Windows Scheduled Tasks and DLL side-loading to deploy the sophisticated ValleyRAT backdoor. The operation pivots on tailored spear-phishing emails, weaponized Windows shortcuts, and a persistent task scheduler mechanism, all delivering a multi-stage malware payload designed to harvest sensitive intelligence from Chinese FinTech and cryptocurrency firms. Adversaries behind Operation Silk Lure…
-
From HealthKick to GOVERSHELL: The Evolution of UTA0388’s Espionage Malware
A China-aligned threat actor codenamed UTA0388 has been attributed to a series of spear-phishing campaigns targeting North America, Asia, and Europe that are designed to deliver a Go-based implant known as GOVERSHELL.”The initially observed campaigns were tailored to the targets, and the messages purported to be sent by senior researchers and analysts from legitimate-sounding, completely…
-
APT Hackers Abuse ChatGPT to Develop Advanced Malware and Phishing Campaigns
Tags: ai, apt, chatgpt, china, cyber, cyberattack, email, group, hacker, intelligence, malware, phishing, spear-phishing, threatSecurity researchers at Volexity have uncovered compelling evidence that China-aligned threat actors are leveraging artificial intelligence platforms like ChatGPT to enhance their sophisticated cyberattack capabilities. The group, tracked as UTA0388, has been conducting sophisticated spear phishing campaigns since June 2025, using AI assistance to develop malware and craft multilingual phishing emails targeting organizations across North…
-
APT Meets GPT: China-Aligned UTA0388 Used ChatGPT for Automated, Multilingual Spear-Phishing
The post APT Meets GPT: China-Aligned UTA0388 Used ChatGPT for Automated, Multilingual Spear-Phishing appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/apt-meets-gpt-china-aligned-uta0388-used-chatgpt-for-automated-multilingual-spear-phishing/
-
Neue SpearKampagne fokussiert auf Führungskräfte
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/neu-spear-phishing-kampagne-fokus-fuehrungskraefte
-
Neue SpearKampagne fokussiert auf Führungskräfte
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/neu-spear-phishing-kampagne-fokus-fuehrungskraefte
-
Neue SpearWelle trifft Managementebene
Die aktuelle Angriffswelle zeigt eindrucksvoll, wie geschickt Cyberkriminelle psychologische Taktiken und scheinbar vertrauliche Informationen nutzen, um Vertrauen zu erschleichen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/neue-spear-phishing-welle-trifft-managementebene/a42266/
-
Phishing-Kampagne zielt auf Führungskräfte
Sicherheitsforscher warnen vor einer gezielten Welle von Spear-Phishing-Angriffen, die insbesondere Führungskräfte und leitende Angestellte in verschiedenen Branchen ins Visier nehmen. Die Angreifer tarnen ihre Nachrichten als Benachrichtigungen zur Freigabe von Onedrive-Dokumenten und versehen sie mit Betreffzeilen wie ‘Gehaltsänderung” oder ‘FIN_SALARY”. Ein Klick auf den enthaltenen Link führt die Empfänger auf eine täuschend echt gestaltete Anmeldeseite…
-
Neue Phishing-Variante greift Gmail-Nutzer an
Tags: access, adobe, awareness, cio, ciso, cyberattack, hacker, intelligence, mail, malware, phishing, ransomware, risk, spear-phishing, threat, tool, zero-trustHacker haben gefälschte PDF-Dateien an Gmail-Nutzer verschickt, die täuschend echt wirken. Forscher des Sicherheitsunternehmens Varonis haben eine raffinierte Phishing-Methode entdeckt, die auf Gmail-Nutzer zielt. Dabei kommt eine Malware zum Einsatz, die sich nicht nur als PDF-Anhang tarnt, sondern die Opfer automatisch dazu auffordert, diesen zu öffnen.’Der Dateityp .PDF ist im privaten und geschäftlichen Bereich allgegenwärtig…
-
Confucius Hackers Hit Pakistan With New WooperStealer and Anondoor Malware
The threat actor known as Confucius has been attributed to a new phishing campaign that has targeted Pakistan with malware families like WooperStealer and Anondoor.”Over the past decade, Confucius has repeatedly targeted government agencies, military organizations, defense contractors, and critical industries — especially in Pakistan using spear-phishing and malicious documents as initial First seen on…
-
Malicious ZIP Files Use Windows Shortcuts to Drop Malware
Cybersecurity firm Blackpoint Cyber reveals a new spear phishing campaign targeting executives. Learn how attackers use fraudulent document ZIPs containing malicious shortcut files, leveraging ‘living off the land’ tactics, and a unique Anti-Virus check to deliver a custom payload First seen on hackread.com Jump to article: hackread.com/malicious-zip-files-windows-shortcuts-malware/
-
New Spear-Phishing Attack Deploys DarkCloud Malware to Steal Keystrokes and Credentials
Tags: attack, credentials, cyber, detection, intelligence, malware, phishing, soc, spear-phishing, threatAdversaries don’t work 95 and neither do we. At eSentire, our 24/7 SOCs are staffed with elite threat hunters and cyber analysts who hunt, investigate, contain and respond to threats within minutes. Backed by threat intelligence, tactical threat response and advanced threat analytics from our Threat Response Unit (TRU), eSentire delivers rapid detection and disruption…
-
Nimbus Manticore Targets Defense and Telecom Industries with New Malware Attack
Check Point Research has identified a long-running campaign by the Iranian-aligned threat actor Nimbus Manticore”, also known as UNC1549, Smoke Sandstorm, and the “Iranian Dream Job” operation”, targeting defense manufacturers, telecommunications, and aviation entities aligned with IRGC priorities. Recent activity demonstrates a sharpened focus on Western Europe, notably Denmark, Sweden, and Portugal, with spear-phishing lures…
-
Nimbus Manticore Targets Defense and Telecom Industries with New Malware Attack
Check Point Research has identified a long-running campaign by the Iranian-aligned threat actor Nimbus Manticore”, also known as UNC1549, Smoke Sandstorm, and the “Iranian Dream Job” operation”, targeting defense manufacturers, telecommunications, and aviation entities aligned with IRGC priorities. Recent activity demonstrates a sharpened focus on Western Europe, notably Denmark, Sweden, and Portugal, with spear-phishing lures…
-
Breach Roundup: Microsoft, Cloudflare Dismantle RaccoonO365
Tags: ai, breach, china, data, data-breach, hacker, microsoft, phishing, privacy, service, spear-phishing, technologyAlso, Colt Services Outage Persists, Finland Charges Americans in Vastaamo Hack. This week, Microsoft hit RaccoonO365, Colt Technology Services, Finland charged a U.S. citizen in Vastaamo hack. RevengeHotels hackers used AI, Meta can’t overturn a privacy case verdict. Chinese hackers unleashed spear phishing emails. Prosper confirmed a data breach, as did Kering fashion houses. First…
-
Chinese TA415 Uses VS Code Remote Tunnels to Spy on U.S. Economic Policy Experts
A China-aligned threat actor known as TA415 has been attributed to spear-phishing campaigns targeting the U.S. government, think tanks, and academic organizations utilizing U.S.-China economic-themed lures.”In this activity, the group masqueraded as the current Chair of the Select Committee on Strategic Competition between the United States and the Chinese Communist Party (CCP), as well as…
-
Kimsuky Group Weaponizes AI Deepfakes in New Spear-Phishing Campaign
The post Kimsuky Group Weaponizes AI Deepfakes in New Spear-Phishing Campaign appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/kimsuky-group-weaponizes-ai-deepfakes-in-new-spear-phishing-campaign/
-
AI-Forged Military IDs Used in North Korean Phishing Attack
Genians observed the Kimsuky group impersonate a defense institution in a spear-phishing attack, leveraging ChatGPT to create fake military ID cards First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ai-military-ids-north-korea/