Tag: spear-phishing
-
Windows Backdoor Targets Members of Exiled Uyghur Community
A spear-phishing campaign sent Trojanized versions of legitimate word-processing software to members of the World Uyghur Congress as part of China’s continued cyber-espionage activity against the ethnic minority. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/windows-backdoor-targets-members-exhiled-uyghur-community
-
Malware Attack Targets World Uyghur Congress Leaders via Trojanized UyghurEdit++ Tool
In a new campaign detected in March 2025, senior members of the World Uyghur Congress (WUC) living in exile have been targeted by a Windows-based malware that’s capable of conducting surveillance.The spear-phishing campaign involved the use of a trojanized version of a legitimate open-source word processing and spell check tool called UyghurEdit++ developed to support…
-
19 APT Hackers Target Asia-based Company Servers Using Exploited Vulnerabilities and Spear Phishing Email
Tags: apt, attack, cyber, email, espionage, exploit, government, hacker, infrastructure, phishing, spear-phishing, threat, vulnerabilityThe NSFOCUS Fuying Laboratory’s global threat hunting system identified 19 sophisticated Advanced Persistent Threat (APT) attack campaigns, predominantly targeting regions across South Asia, East Asia, Eastern Europe, and South America. These incursions highlighted a continuation of targeted cyber espionage and sabotage activities, primarily focusing on government agencies, critical infrastructure, and prominent industry sectors through a…
-
Uyghur Diaspora Group Targeted with Remote Surveillance Malware
Members of the World Uyghur Congress living in exile were targeted with a spear phishing campaign deploying surveillance malware, according to the Citizen Lab First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/uyghur-diaspora-surveillance/
-
BSidesLV24 Ground Truth Devising And Detecting Spear Phishing
Authors/Presenters: Arun Vishwanath, Fred Heiding, Simon Lermen Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/bsideslv24-ground-truth-devising-and-detecting-spear-phishing/
-
New Midnight Blizzard spear-phishing campaign targets European diplomatic orgs
First seen on scworld.com Jump to article: www.scworld.com/brief/new-midnight-blizzard-spear-phishing-campaign-targets-european-diplomatic-orgs
-
Midnight Blizzard deploys new GrapeLoader malware in embassy phishing
Russian state-sponsored espionage group Midnight Blizzard is behind a new spear-phishing campaign targeting diplomatic entities in Europe, including embassies. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/midnight-blizzard-deploys-new-grapeloader-malware-in-embassy-phishing/
-
Possible Russian Hackers Targeted UK Ministry of Defense
Spear-Phishing Campaign Used RomCom Malware Variant. A phishing campaign wielding malware previously associated with Russian-speaking hackers targeted the U.K. Ministry of Defense in late 2024. It is unclear if the campaign is tied to a data leak of 600 armed personnel, civil servants, and defense contractors reported late last year. First seen on govinfosecurity.com Jump…
-
Targeted phishing gets a new hook with real-time email validation
Tags: api, authentication, awareness, ciso, credentials, data-breach, defense, email, infosec, mail, password, phishing, sans, service, spam, spear-phishing, threat, training‘A little bit of hype’: David Shipley, head of Canadian-based security awareness training firm Beauceron Security, said “there’s a little bit of hype” in giving the tactic a fancy name for what is in fact spear phishing, although, he admitted, it’s “rapid-fire spear phishing.”The reason, he said, is that “spray-and-pray” mass phishing campaigns today are…
-
Precision-validated phishing: The rise of sophisticated credential theft
Tags: api, authentication, awareness, ciso, credentials, data-breach, defense, email, infosec, mail, password, phishing, sans, service, spam, spear-phishing, theft, threat, training‘A little bit of hype’: David Shipley, head of Canadian-based security awareness training firm Beauceron Security, said “there’s a little bit of hype” in giving the tactic a fancy name for what is in fact spear phishing, although, he admitted, it’s “rapid-fire spear phishing.”The reason, he said, is that “spray-and-pray” mass phishing campaigns today are…
-
AI Now Outsmarts Humans in Spear Phishing, Analysis Shows
Agentic AI has improved spear phishing effectiveness by 55% since 2023, research shows. The post AI Now Outsmarts Humans in Spear Phishing, Analysis Shows appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/ai-now-outsmarts-humans-in-spear-phishing-analysis-shows/
-
Hellcat Ransomware Upgrades Arsenal to Target Government, Education, and Energy Sectors
Tags: attack, cyber, cybersecurity, exploit, government, group, phishing, ransomware, service, spear-phishing, tactics, vulnerability, zero-dayThe cybersecurity community has raised alarms over the rapid evolution of the Hellcat ransomware group, which has escalated its tactics to target critical sectors. Hellcat, which emerged in mid-2024, now employs a sophisticated blend of psychological manipulation, zero-day vulnerabilities, and Ransomware-as-a-Service (RaaS) to expand its influence. Spear Phishing and Zero-day Exploits Hellcat operators initiate attacks…
-
AI Outsmarts Human Red Teams in Phishing Tests
Hoxhunt Predicts Phishing-as-a-Service Will Adopt AI Spear Phishing Agents. AI surpassed human red teams in crafting phishing attacks, at scale and with alarming success, asserts research from cybersecurity training firm Hoxhunt. The company’s proprietary AI spear phishing agent, outperformed human counterparts by 24%, a turnaround from a31% deficit in 2023. First seen on govinfosecurity.com Jump…
-
AI Surpasses Elite Red Teams in Crafting Effective Spear Phishing Attacks
In a groundbreaking development in the field of cybersecurity, AI has reached a pivotal moment, surpassing elite human red teams in the creation of effective spear phishing attacks. According to research conducted by Hoxhunt, AI agents have demonstrated a 24% higher effectiveness rate compared to human teams in simulated phishing campaigns against millions of global…
-
Russia-linked Gamaredon targets Ukraine with Remcos RAT
Tags: apt, attack, cyberespionage, group, phishing, powershell, rat, russia, spear-phishing, ukraineRussia-linked Gamaredon targets Ukraine with a phishing campaign using troop-related lures to deploy the Remcos RAT via PowerShell downloader. Talos researchers warn that Russia-linked APT group Gamaredon (a.k.a. Armageddon, Primitive Bear, ACTINIUM, Callisto) targets Ukraine with a phishing campaign. The cyberespionage group is behind a long series of spear-phishing attacks targeting Ukrainian entities, and organizations related…
-
Gamaredon Hackers Weaponize LNK Files to Deliver Remcos Backdoor
Cisco Talos has uncovered an ongoing cyber campaign by the Gamaredon threat actor group, targeting Ukrainian users with malicious LNK files to deliver the Remcos backdoor. Active since at least November 2024, this campaign employs spear-phishing tactics, leveraging themes related to the Ukraine conflict to lure victims into executing the malicious files. The LNK files,…
-
SvcStealer Malware Strikes, Harvesting Sensitive Data from Browsers and Applications
Tags: attack, cyber, cybersecurity, data, email, malicious, malware, phishing, spear-phishing, threatA new strain of malware, known as SvcStealer, has emerged as a significant threat in the cybersecurity landscape. This malware is primarily delivered through spear phishing attacks, where malicious attachments are sent via email to unsuspecting victims. The SvcStealer campaign was first observed in late January 2025 and has been designed to harvest a wide…
-
A Persistent Threat in the Age of AI dup
Tags: ai, attack, awareness, cyber, cybercrime, intelligence, phishing, spear-phishing, threat, toolPhishing is one of the most common and dangerous cyber threats facing organizations today. Despite growing awareness, employees often still fall victim to these attacks. Even worse, cybercriminals now have more sophisticated tools at their disposal fueled by artificial intelligence (AI). What once required a team of attackers to conduct a spear-phishing attack can […]…
-
Ukrainian military targeted in new Signal spear-phishing attacks
Ukraine’s Computer Emergency Response Team (CERT-UA) is warning about highly targeted attacks employing compromised Signal accounts to send malware to employees of defense industry firms and members of the country’s army forces. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ukrainian-military-targeted-in-new-signal-spear-phishing-attacks/
-
A Persistent Threat in the Age of AI
Tags: ai, attack, awareness, cyber, cybercrime, intelligence, phishing, spear-phishing, threat, toolPhishing is one of the most common and dangerous cyber threats facing organizations today. Despite growing awareness, employees often still fall victim to these attacks. Even worse, cybercriminals now have more sophisticated tools at their disposal fueled by artificial intelligence (AI). What once required a team of attackers to conduct a spear-phishing attack can […]…
-
Studie: Fertigungsbranche häufigstes Ziel von SpearAngriffen
Aktuelle Studienergebnisse belegen, dass die Fertigungsbranche das Hauptziel von Spear-Phishing-Angriffen ist. In den vergangenen sechs Monaten entfielen nicht weniger als 41 Prozent aller verifizierten Sicherheitsalarme in diesem Sektor auf diese Angriffsmethode. First seen on itsicherheit-online.com Jump to article: www.itsicherheit-online.com/news/cybersecurity/studie-fertigungsbranche-haeufigstes-ziel-von-spear-phishing-angriffen/
-
Fertigungsbranche am häufigsten mit SpearAngriffen konfrontiert
Kürzlich ist eine neue Studie über Cyberangriffe auf Industrieunternehmen erschienen, der zufolge Unternehmen der Fertigungsbranche in den vergangenen sechs Monaten am häufigsten mit Spear-Phishing-Angriffen attackiert worden sind. Ganze 41 Prozent aller ‘True-Positive”-Alarmmeldungen der Branche entfielen auf diesen Angriffstyp. Spear Phishing-Angriffe erfolgen, im Gegensatz zu einfachen Phishing-Angriffen, zielgerichtet auf einzelne Personen oder Organisationen. Sie ermöglichen es…
-
Arten von Spoofing-Angriffen
Im Frühjahr 2024 warnte das FBI die US-Bürger vor einer Spear-Phishing-Kampagne durch staatlich unterstützte nordkoreanische Bedrohungsakteure. Durch die Ausnutzung eines inkorrekt konfigurierten E-Mail-Sicherheitsprotokolls (DMARC, Domain-Based Message Authentication, Reporting, and Conformance) umgingen die nordkoreanischen Hacker Sicherheitsvorkehrungen, die bei ordnungsgemäßer Aktivierung und Durchsetzung dazu beitragen, E-Mail-Domänen vor unbefugter Nutzung zu schützen. So war es ihnen möglich, über…
-
Microsoft 365 accounts targeted in device code spear-phishing scheme
First seen on scworld.com Jump to article: www.scworld.com/news/microsoft-365-accounts-targeted-in-device-code-spear-phishing-scheme
-
Kimsuky APT group used custom RDP Wrapper version and forceCopy stealer
Tags: apt, attack, control, group, intelligence, kaspersky, korea, north-korea, phishing, spear-phishingResearchers spotted North Korea’s Kimsuky APT group launching spear-phishing attacks to deliver forceCopy info-stealer malware. Researchers from AhnLab Security Intelligence Center (ASEC) observed North Korea’s Kimsuky APT group conducting spear-phishing attacks to deliver forceCopy info-stealer malware. Kimsuky cyberespionage group (aka ARCHIPELAGO, Black Banshee, Thallium, Velvet Chollima, APT43) was first spotted by Kaspersky researchers in 2013. The group works under the control…
-
Kimsuky Group Leverages RDP Wrapper for Persistent Cyber Espionage
The notorious North Korean APT group Kimsuky has continued its cyber espionage operations, leveraging spear-phishing attacks and remote First seen on securityonline.info Jump to article: securityonline.info/kimsuky-group-leverages-rdp-wrapper-for-persistent-cyber-espionage/
-
North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials
Tags: apt, attack, credentials, email, group, hacking, intelligence, korea, malware, microsoft, north-korea, office, phishing, spear-phishing, windowsThe North Korea-linked nation-state hacking group known as Kimsuky has been observed conducting spear-phishing attacks to deliver an information stealer malware named forceCopy, according to new findings from the AhnLab Security Intelligence Center (ASEC).The attacks commence with phishing emails containing a Windows shortcut (LNK) file that’s disguised as a Microsoft Office or PDF document. First…
-
Hacker nehmen Diplomaten ins Visier
Die russische Hackergruppe Star Blizzard hat offenbar eine neue Spear-Phishing-Kampagne gestartet, um WhatsApp-Accounts von hochrangigen Diplomaten und politisch aktiven Personen zu kompromittieren. First seen on 8com.de# Jump to article: www.8com.de#