Tag: spear-phishing
-
Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware
The threat actor known as Gamaredon has been observed leveraging Cloudflare Tunnels as a tactic to conceal its staging infrastructure hosting a malware called GammaDrop.The activity is part of an ongoing spear-phishing campaign targeting Ukrainian entities since at least early 2024 that’s designed to drop the Visual Basic Script malware, Recorded Future’s Insikt Group said…
-
ANEL and NOOPDOOR Backdoors Weaponized in New MirrorFace Campaign Against Japan
The China-linked threat actor known as MirrorFace has been attributed to a new spear-phishing campaign mainly targeting individuals and organizations in Japan since June 2024.The aim of the campaign is to deliver backdoors known as NOOPDOOR (aka HiddenFace) and ANEL (aka UPPERCUT), Trend Micro said in a technical analysis.”An interesting aspect of this campaign is…
-
Iranische Angreifer missbrauchen Backdoor für SpearAngriffe
In den meisten Beispielen erstellt BugSleep eine geplante Aufgabe mit demselben Namen wie die Mutex, die die Persistenz der Malware gewährleistet. Die… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/iranische-angreifer-missbrauchen-backdoor-fuer-phishing-angriffe/a37886/
-
Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files
First seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/midnight-blizzard-conducts-large-scale-spear-phishing-campaign-using-rdp-files/
-
ANEL Backdoor Reactivated in Earth Kasha Cyber-Espionage Campaign
In June 2024, Trend Micro identified a new spear-phishing campaign targeting political organizations, research institutions, and think tanks in Japan. This operation, attributed to the cyber-espionage group Earth Kasha, marks... First seen on securityonline.info Jump to article: securityonline.info/anel-backdoor-reactivated-in-earth-kasha-cyber-espionage-campaign/
-
Earth Kasha Upgraded Their Arsenal With New Tactics To Attack Organizations
Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to India, Taiwan, and Japan, leveraging spear-phishing and exploiting vulnerabilities in public-facing applications like SSL-VPN and file storage services. The group has deployed various backdoors, including Cobalt Strike, LODEINFO, and the newly discovered NOOPDOOR, to maintain persistent access to compromised networks, which…
-
Phishing-Angriffswelle auf LinkedIn nimmt Arbeitssuchende ins Visier
Laut einem kürzlich von Malwarebyte-Forschern veröffentlichten Bericht sind Cyberkriminelle zunehmend auf LinkedIn aktiv. Mit Phishing- und Spear-Phishing-Kampagnen versuchen sie, an die Anmeldedaten ihrer Opfer, die auf LinkedIn nach einer (besseren) Anstellung suchen, zu gelangen. Hierzu erstellen die Betrüger gefälschte Recruiter-Profile. Sie nutzen die Namen real existierender Personen und deren Profilbilder oder lassen sich welche von…
-
Industrial companies in Europe targeted with GuLoader
A recent spear-phishing campaign targeting industrial and engineering companies in Europe was aimed at saddling victims with the popular GuLoader downloader and, ultimately, a … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/07/industrial-europe-spear-phishing-guloader/
-
Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations
First seen on techrepublic.com Jump to article: www.techrepublic.com/article/midnight-blizzard-spearphishing-us-officials/
-
Massive Midnight Blizzard Phishing Attack Using Weaponized RDP Files
Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals in various sectors. The attacks inv… First seen on gbhackers.com Jump to article: gbhackers.com/midnight-blizzard-rdp-attack/
-
Midnight Blizzard Targets 100+ Organizations in RDP Phishing Attack
Microsoft Threat Intelligence has issued a warning about a new spear-phishing campaign orchestrated by the Russian state-sponsored threat actor Midnig… First seen on securityonline.info Jump to article: securityonline.info/midnight-blizzard-targets-100-organizations-in-rdp-phishing-attack/
-
Russia-linked Midnight Blizzard APT targeted 100+ organizations with a spear-phishing campaign using RDP files
Microsoft warns of a new phishing campaign by Russia-linked APT Midnight Blizzard targeting hundreds of organizations. Microsoft warns of a large-scal… First seen on securityaffairs.com Jump to article: securityaffairs.com/170398/apt/midnight-blizzard-apt-targeted-100-organizations.html
-
Global Midnight Blizzard spear-phishing operation underway
First seen on scworld.com Jump to article: www.scworld.com/brief/global-midnight-blizzard-spear-phishing-operation-underway
-
Microsoft Warns of Russian Spear-Phishing Attacks Targeting Over 100 Organizations
Microsoft says a new spear-phishing campaign by Russia’s Midnight Blizzard uses RDP files, a new vector for this threat group. The post Microsoft Warn… First seen on securityweek.com Jump to article: www.securityweek.com/microsoft-warns-of-russian-spear-phishing-attacks-targeting-over-100-organizations/
-
UK on high alert over Iranian spear phishing attacks, says NCSC
The NCSC and counterpart agencies in the US have issued a warning over enhanced Iranian spear phishing activity targeting politicians, journalists, ac… First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366612026/UK-on-high-alert-over-Iranian-spear-phishing-attacks-says-NCSC
-
Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack
A new spear-phishing campaign targeting Brazil has been found delivering a banking malware called Astaroth (aka Guildma) by making use of obfuscated J… First seen on thehackernews.com Jump to article: thehackernews.com/2024/10/astaroth-banking-malware-resurfaces-in.html
-
Brazil subjected to Astaroth malware-deploying spear-phishing campaign
First seen on scworld.com Jump to article: www.scworld.com/brief/brazil-subjected-to-astaroth-malware-deploying-spear-phishing-campaign
-
>>Water Makara<< Employs Astaroth Malware in Targeted Attacks on Brazilian Organizations
In a new report by Trend Micro Research, a spear-phishing campaign has emerged in Brazil, using a combination of obfuscated JavaScript and Astaroth ma… First seen on securityonline.info Jump to article: securityonline.info/water-makara-employs-astaroth-malware-in-targeted-attacks-on-brazilian-organizations/
-
Fake Job Applications Deliver Dangerous More_eggs Malware to HR Professionals
A spear-phishing email campaign has been observed targeting recruiters with a JavaScript backdoor called More_eggs, indicating persistent efforts to s… First seen on thehackernews.com Jump to article: thehackernews.com/2024/10/fake-job-applications-deliver-dangerous.html
-
Chinese national accused by Feds of spear-phishing for NASA, military source code
First seen on theregister.com Jump to article: www.theregister.com/2024/09/17/chinese_national_nasa_phishing_indictment/
-
Cyberattackers Use HR Targets to Lay More_Eggs Backdoor
The FIN6 group is the likely culprit behind a spear-phishing campaign that demonstrates a shift in tactics, from targeting job seekers to going after … First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/attackers-targeting-recruiters-more_eggs-backdoor
-
US, Microsoft Seize Domains Used in Russian Spear-Phishing
FSB Hackers Stripped of 107 Domains Used to Steal Credentials. The U.S. Department of Justice and Microsoft seized more than 100 websites allegedly us… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/us-microsoft-seize-domains-used-in-russian-spear-phishing-a-26443
-
UK and US Warn of Growing Iranian Spear Phishing Threat
First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/uk-us-warn-iranian-spearphishing/
-
China’s ‘Earth Baxia’ Spies Exploit Geoserver to Target APAC Orgs
The APT group uses spear-phishing and a vulnerability in a geospatial data-sharing server to compromise organizations in Taiwan, Japan, the Philippine… First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/china-earth-baxia-spies-geoserver-apac-orgs
-
RansomHub Ransomware Using Multiple Techniques To Disable EDR And Antivirus
The RansomHub ransomware group tracked as Water Bakunawa, employs targeted spear-phishing to exploit the Zerologon vulnerability, allowing them to gai… First seen on gbhackers.com Jump to article: gbhackers.com/ransomhub-ransomware-edr-bypass/
-
Sophisticated Spear Phishing Attack Falls Flat Against ITDR
Last month, a threat actor used stolen credentials in an unsuccessful attempt to access a client’s One Drive account. On the surface, this was just an… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/sophisticated-spear-phishing-attack-falls-flat-against-itdr/
-
US charges Chinese national over spear-phishing attacks against agencies
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/us-charges-chinese-national-over-spear-phishing-attacks-against-agencies
-
Chinese man charged for spear-phishing against NASA and US Government
US DoJ charged a Chinese national who used spear-phishing emails to obtain sensitive info from NASA, the U.S. Air Force, Navy, Army, and the FAA. The … First seen on securityaffairs.com Jump to article: securityaffairs.com/168514/cyber-crime/chinese-man-spear-phishing-nasa-us-government.html