Collecting Cyber-News from over 60 sources

Tag: spear-phishing

APT37 Targets Windows with Rust Backdoor and Python Loader

Sep 8, 2025 5:08 PM

Tags: api, attack, backdoor, cctv, cloud, computer, control, data, detection, exploit, government, group, infection, injection, jobs, korea, malicious, malware, microsoft, monitoring, north-korea, organized, password, phishing, powershell, programming, rust, service, social-engineering, spear-phishing, startup, tactics, theft, threat, tool, update, vulnerability, windows

IntroductionAPT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima) is a North Korean-aligned threat actor active since at least 2012. APT37 primarily targets South Korean individuals connected to the North Korean regime or involved in human rights activism, leveraging custom malware and adopting emerging technologies.In recent campaigns, APT37 utilizes a single command-and-control (C2) server…
APT37 Targets Windows with Rust Backdoor and Python Loader

Sep 8, 2025 5:08 PM

Tags: api, attack, backdoor, cctv, cloud, computer, control, data, detection, exploit, government, group, infection, injection, jobs, korea, malicious, malware, microsoft, monitoring, north-korea, organized, password, phishing, powershell, programming, rust, service, social-engineering, spear-phishing, startup, tactics, theft, threat, tool, update, vulnerability, windows

IntroductionAPT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima) is a North Korean-aligned threat actor active since at least 2012. APT37 primarily targets South Korean individuals connected to the North Korean regime or involved in human rights activism, leveraging custom malware and adopting emerging technologies.In recent campaigns, APT37 utilizes a single command-and-control (C2) server…
APT37 Targets Windows with Rust Backdoor and Python Loader

Sep 8, 2025 5:08 PM

Tags: api, attack, backdoor, cctv, cloud, computer, control, data, detection, exploit, government, group, infection, injection, jobs, korea, malicious, malware, microsoft, monitoring, north-korea, organized, password, phishing, powershell, programming, rust, service, social-engineering, spear-phishing, startup, tactics, theft, threat, tool, update, vulnerability, windows

IntroductionAPT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima) is a North Korean-aligned threat actor active since at least 2012. APT37 primarily targets South Korean individuals connected to the North Korean regime or involved in human rights activism, leveraging custom malware and adopting emerging technologies.In recent campaigns, APT37 utilizes a single command-and-control (C2) server…
Iran-Nexus Hackers Impersonate Omani MFA to Target Governments Entities

Sep 4, 2025 7:21 PM

Tags: breach, communications, cyber, cybersecurity, exploit, government, group, hacker, intelligence, iran, malicious, mfa, phishing, spear-phishing

Cybersecurity researchers uncovered a sophisticated, Iran-linked spear-phishing operation that exploited a compromised Ministry of Foreign Affairs (MFA) mailbox in Oman to deliver malicious payloads to government entities worldwide. Analysts attribute the operation to the “Homeland Justice” group, believed to be aligned with Iran’s Ministry of Intelligence and Security (MOIS). Leveraging stolen diplomatic communications, encoded macros,…
Iranian Hackers Exploit 100+ Embassy Email Accounts in Global Phishing Targeting Diplomats

Sep 3, 2025 1:19 PM

Tags: cyber, cybersecurity, email, exploit, group, hacker, iran, phishing, spear-phishing

An Iran-nexus group has been linked to a “coordinated” and “multi-wave” spear-phishing campaign targeting the embassies and consulates in Europe and other regions across the world.The activity has been attributed by Israeli cybersecurity company Dream to Iranian-aligned operators connected to broader offensive cyber activity undertaken by a group known as Homeland Justice.”Emails were sent to…
Iran-Nexus Hackers Exploit Omani Mailbox to Target Governments

Sep 2, 2025 2:19 PM

Tags: authentication, communications, cyber, exploit, government, group, hacker, intelligence, iran, mfa, phishing, spear-phishing

A sophisticated spear-phishing campaign that exploited a compromised mailbox belonging to the Ministry of Foreign Affairs of Oman. The operation, attributed to an Iranian-aligned group known as Homeland Justice and linked to Iran’s Ministry of Intelligence and Security (MOIS), masqueraded as legitimate multi-factor authentication (MFA) communications to infiltrate governments and diplomatic missions around the world.…
North Korean Hackers Weaponize Seoul Intelligence Files to Target South Koreans

Aug 29, 2025 5:23 PM

Tags: group, hacker, hacking, intelligence, north-korea, phishing, spear-phishing

Pyongyang-backed hacking group APT37 leveraged an internal South Korean intelligence briefing in a spear phishing campaign First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korea-apt37-spear-phishing/
Credential harvesting campaign targets ScreenConnect cloud administrators

Aug 25, 2025 5:54 PM

Tags: attack, cloud, credentials, email, phishing, ransomware, spear-phishing

Researchers warn that attackers are using compromised Amazon email accounts in spear-phishing attacks that may lead to ransomware infections. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/credential-harvesting–screenconnect-cloud-administrators/758508/
Transparent Tribe Targets Indian Govt With Weaponized Desktop Shortcuts via Phishing

Aug 25, 2025 11:55 AM

Tags: access, attack, email, government, india, linux, malicious, phishing, spear-phishing, threat, windows

The advanced persistent threat (APT) actor known as Transparent Tribe has been observed targeting both Windows and BOSS (Bharat Operating System Solutions) Linux systems with malicious Desktop shortcut files in attacks targeting Indian Government entities.”Initial access is achieved through spear-phishing emails,” CYFIRMA said. “Linux BOSS environments are targeted via weaponized .desktop First seen on thehackernews.com…
Fake CoinMarketCap Journalists Targeting Crypto Executives in Spear-Phishing Campaign

Aug 23, 2025 12:54 PM

Tags: crypto, data, malware, phishing, spear-phishing, theft

Fake CoinMarketCap journalist profiles used in spear-phishing target crypto execs via Zoom interviews, risking malware, data theft, and… First seen on hackread.com Jump to article: hackread.com/fake-coinmarketcap-journalists-crypto-executives-spear-phishing/
MuddyWater APT Targets CFOs via OpenSSH; Enables RDP and Scheduled Tasks

Aug 21, 2025 5:54 PM

Tags: apt, captcha, cyber, detection, finance, group, iran, phishing, spear-phishing, usa

A sophisticated spear-phishing campaign attributed to the Iranian-linked APT group MuddyWater is actively compromising CFOs and finance executives across Europe, North America, South America, Africa, and Asia. The attackers impersonate recruiters from Rothschild & Co, deploying Firebase-hosted phishing pages that incorporate custom math-based CAPTCHA challenges to evade detection and lend legitimacy. These lures lead victims…
DPRK, China Suspected in South Korean Embassy Attacks

Aug 21, 2025 5:54 AM

Tags: attack, china, email, government, korea, north-korea, phishing, spear-phishing

Detailed spear-phishing emails sent to European government entities in Seoul are being tied to North Korea, China, or both. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/china-dprk-south-korean-embassy-attacks
North Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ Firms

Aug 20, 2025 11:53 AM

Tags: attack, cyber, email, espionage, github, korea, north-korea, phishing, spear-phishing, threat

North Korean threat actors have been attributed to a coordinated cyber espionage campaign targeting diplomatic missions in their southern counterpart between March and July 2025.The activity manifested in the form of at least 19 spear-phishing emails that impersonated trusted diplomatic contacts with the goal of luring embassy staff and foreign ministry personnel with convincing meeting…
Noodlophile Stealer evolution

Aug 19, 2025 8:54 PM

Tags: email, malware, phishing, spear-phishing, threat

Noodlophile malware spreads via copyright phishing, targeting firms in the U.S., Europe, Baltics & APAC with tailored spear-phishing lures. The Noodlophile malware campaign is expanding globally, using spear-phishing emails disguised as copyright notices. Threat actors tailor lures with details like Facebook Page IDs and company ownership data. Active for over a year, it now targets…
Weaponized Copyright Documents Used by Threat Actors to Target Key Employees with Noodlophile Stealer

Aug 19, 2025 5:54 PM

Tags: ai, cyber, email, malware, phishing, spear-phishing, threat

The Noodlophile Stealer malware, initially uncovered in campaigns leveraging fake AI video generation platforms, has evolved into a targeted spear-phishing operation that weaponizes copyright infringement notices to infiltrate enterprises with substantial Facebook presences. This updated variant, active for over a year, shifts from broad social media lures to highly personalized emails impersonating legal entities, incorporating…
North Korean Kimsuky Hackers Use GitHub to Target Foreign Embassies with XenoRAT Malware

Aug 19, 2025 1:54 PM

Tags: cyber, data-breach, email, espionage, github, group, hacker, malware, north-korea, password, phishing, spear-phishing

The Trellix Advanced Research Center exposed a DPRK-linked espionage operation attributed to the Kimsuky group (APT43), targeting diplomatic missions in South Korea. Between March and July, at least 19 spear-phishing emails impersonated trusted diplomatic contacts, delivering malware via password-protected ZIP archives hosted on Dropbox and Daum. These emails lured embassy staff with credible invitations to…
Noodlophile Stealer Hides Behind Bogus Copyright Complaints

Aug 18, 2025 10:54 PM

Tags: attack, phishing, spear-phishing

Noodlophile is targeting enterprises in spear-phishing attacks using copyright claims as phishing lures. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/noodlophile-stealer-bogus-copyright-complaints
Noodlophile Malware Campaign Expands Global Reach with Copyright Phishing Lures

Aug 18, 2025 9:54 PM

Tags: attack, email, malware, phishing, spear-phishing, threat

The threat actors behind the Noodlophile malware are leveraging spear-phishing emails and updated delivery mechanisms to deploy the information stealer in attacks aimed at enterprises located in the U.S., Europe, Baltic countries, and the Asia-Pacific (APAC) region.”The Noodlophile campaign, active for over a year, now leverages advanced spear-phishing emails posing as copyright infringement First seen…
Noodlophile infostealer is hiding behind fake copyright and PI infringement notices

Aug 18, 2025 3:54 PM

Tags: email, phishing, spear-phishing

Attackers pushing the Noodlophile infostealer are targeting businesses with spear-phishing emails threatening legal action due to copyright or intellectual property … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/18/noodlophile-infostealer-spear-phishing-campaign-copyright-infingement/
UAC-0099 Tactics, Techniques, Procedures and Attack Methods Revealed

Aug 11, 2025 5:12 PM

Tags: attack, cyber, defense, email, espionage, government, malicious, military, phishing, powershell, spear-phishing, tactics, threat, ukraine

UAC-0099, a persistent threat actor active since at least 2022, has conducted sophisticated cyber-espionage operations against Ukrainian government, military, and defense entities, evolving its toolkit across three major campaigns documented in CERT-UA alerts from June 2023, December 2024, and August 2025. Initially relying on the PowerShell-based LONEPAGE loader delivered via spear-phishing emails with malicious attachments…
Cyberspionage via Sicherheitslücke in WinRAR

Aug 11, 2025 3:12 PM

Tags: bug, cyberattack, cyberespionage, phishing, spear-phishing, vulnerability

ESET-Forscher haben eine bisher unbekannte Schwachstelle im beliebten Komprimierungsprogramm entdeckt, die von der russlandnahen Hackergruppe Romcom ausgenutzt wurde. Laut ESET-Telemetriedaten hat die Gruppe zwischen dem 18. und 21. Juli 2025 bösartige Archive in Spear-Phishing-Kampagnen eingesetzt, die sich gegen Finanz-, Fertigungs-, Rüstungs- und Logistikunternehmen in Europa und Kanada richteten. Das Ziel der Angriffe war Cyberspionage. […]…
Weaponizing Microsoft 365 Direct Send to Bypass Email Security Defenses

Aug 7, 2025 4:11 PM

Tags: ai, attack, corporate, cyber, data-breach, defense, email, exploit, microsoft, phishing, service, spear-phishing

Security researchers at StrongestLayer, in collaboration with Jeremy, a seasoned Security Architect at a major manufacturing firm, have exposed a multi-layered spear phishing attack that exploits Microsoft 365’s Direct Send feature to infiltrate corporate email systems. The campaign, flagged initially by StrongestLayer’s AI system TRACE, masqueraded as innocuous voicemail notifications from services like RingCentral, but…
Mustang Panda Targets Windows Users with ToneShell Malware Disguised as Google Chrome

Aug 6, 2025 10:11 PM

Tags: backdoor, browser, china, chrome, cyber, email, google, government, group, malicious, malware, military, phishing, spear-phishing, threat, windows

The China-aligned threat actor Mustang Panda, also known as Earth Preta, HIVE0154, RedDelta, and Bronze President, has been deploying the ToneShell backdoor against Windows users, primarily targeting government and military entities in the Asia-Pacific and Europe. Active since at least 2012, the group leverages spear-phishing emails with military-themed lures to deliver malicious archives, such as…
Tangled in the web: Scattered Spider’s tactics changing to snare more victims

Jul 31, 2025 5:28 AM

Tags: access, attack, authentication, awareness, business, cisa, control, credentials, cybersecurity, data, defense, detection, google, group, guide, identity, marketplace, mfa, microsoft, mitigation, monitoring, network, nist, password, phishing, phone, social-engineering, software, spear-phishing, tactics, threat, tool, training, vpn

-helpdesk or a type of SSO to add credibility.In some instances, Scattered Spider members purchase employee or contractor credentials on illicit marketplaces to gain access. More commonly, they search business-to-business websites to gather information about specific individuals. Once they identify usernames, passwords, personally identifiable information (PII), and conduct SIM swapping (transferring a victim’s phone number…
New Spear Phishing Attack Distributes VIP Keylogger Through Email Attachment

Jul 30, 2025 5:28 PM

Tags: attack, cyber, data, email, malware, phishing, spear-phishing, threat

Threat actors have revived the sophisticated VIP keylogger malware, previously detailed in an earlier white paper for its use of spear-phishing and steganography to infiltrate systems and steal data from web browsers and user credentials. This iteration introduces an AutoIt-based injector to deploy the final payload, marking a shift from prior methods while maintaining core…
Patchwork Targets Turkish Defense Firms with Spear-Phishing Using Malicious LNK Files

Jul 25, 2025 5:27 PM

Tags: conference, defense, malicious, phishing, spear-phishing, threat

The threat actor known as Patchwork has been attributed to a new spear-phishing campaign targeting Turkish defense contractors with the goal of gathering strategic intelligence.”The campaign employs a five-stage execution chain delivered via malicious LNK files disguised as conference invitations sent to targets interested in learning more about unmanned vehicle systems,” Arctic Wolf Labs said…
Operation CargoTalon Targets Russian Aerospace Defense to Deploy EAGLET Implant

Jul 23, 2025 9:12 PM

Tags: apt, cyber, defense, malicious, phishing, russia, spear-phishing

SEQRITE Labs’ APT-Team has uncovered a sophisticated spear-phishing campaign dubbed Operation CargoTalon, targeting employees at Russia’s Voronezh Aircraft Production Association (VASO), a key aerospace entity. The operation leverages malicious attachments disguised as Ñ‚Ð¾Ð²Ð°Ñ€Ð½Ð¾-Ñ‚Ñ€Ð°Ð½ÑÐ¿Ð¾Ñ€Ñ‚Ð½Ð°Ñ Ð½Ð°ÐºÐ»Ð°Ð´Ð½Ð°Ñ (TTN) logistics documents, critical for Russian supply chains. Discovered on June 27 via VirusTotal hunting, the campaign employs a malicious EML…
China-Backed Hackers Intensify Attacks on Taiwan Chipmakers

Jul 18, 2025 1:40 AM

Tags: attack, china, espionage, finance, group, hacker, phishing, spear-phishing, threat

3 State-Sponsored Groups Spear-Phish Semiconductor Ecosystem. Chinese state-aligned hackers have ramped up espionage efforts against Taiwan’s semiconductor ecosystem through spear-phishing campaigns. Three distinct threat actors targeted chipmakers, packaging and testing firms, equipment suppliers and financial analysts. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/china-backed-hackers-intensify-attacks-on-taiwan-chipmakers-a-29004
Chinese Hackers Target Taiwan’s Semiconductor Sector with Cobalt Strike, Custom Backdoors

Jul 17, 2025 11:40 AM

Tags: backdoor, china, finance, hacker, phishing, service, spear-phishing, supply-chain, threat

The Taiwanese semiconductor industry has become the target of spear-phishing campaigns undertaken by three Chinese state-sponsored threat actors.”Targets of these campaigns ranged from organizations involved in the manufacturing, design, and testing of semiconductors and integrated circuits, wider equipment and services supply chain entities within this sector, as well as financial investment First seen on thehackernews.com…
North Korean Hackers Exploit Zoom Invites in Attacks on Crypto Companies

Jul 15, 2025 1:40 PM

Tags: attack, blockchain, crypto, cyber, cybersecurity, data-breach, exploit, hacker, jobs, malware, north-korea, phishing, spear-phishing, tactics, threat

Cybersecurity firm SentinelOne has exposed an ongoing malware campaign orchestrated by North Korean threat actors, known for their persistent >>fake interview