Collecting Cyber-News from over 60 sources

Tag: spear-phishing

AI-supported spear phishing fools more than 50% of targets

Jan 21, 2025 6:22 PM

Tags: ai, phishing, spear-phishing

First seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/ai-supported-spear-phishing-fools-more-than-50-of-targets/
Star Blizzard Shifts Tactics: Spear-Phishing Campaign Targets WhatsApp Accounts

Jan 20, 2025 5:22 AM

Tags: blizzard, intelligence, microsoft, phishing, russia, spear-phishing, tactics, threat

Microsoft Threat Intelligence has uncovered a new spear-phishing campaign orchestrated by the Russian threat actor known as Star First seen on securityonline.info Jump to article: securityonline.info/star-blizzard-shifts-tactics-spear-phishing-campaign-targets-whatsapp-accounts/
Star Blizzard hackers abuse WhatsApp to target high-value diplomats

Jan 19, 2025 6:22 PM

Tags: blizzard, defense, hacker, international, phishing, russia, spear-phishing, ukraine

Russian nation-state actor Star Blizzard has been running a new spear-phishing campaign to compromise WhatsApp accounts of targets in government, diplomacy, defense policy, international relations, and Ukraine aid organizations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/star-blizzard-hackers-abuse-whatsapp-to-target-high-value-diplomats/
China-linked hackers target Japan’s national security and high-tech industries

Jan 9, 2025 2:20 PM

Tags: advisory, ai, attack, automation, breach, business, china, ciso, communications, corporate, cyber, cyberattack, cybersecurity, data, data-breach, defense, detection, endpoint, espionage, exploit, finance, government, group, hacker, healthcare, incident response, infrastructure, intelligence, malicious, malware, microsoft, network, organized, penetration-testing, phishing, powershell, risk, risk-management, social-engineering, spear-phishing, strategy, supply-chain, tactics, technology, threat, tool, training, vulnerability, windows, zero-day

Japan’s National Police Agency (NPA) and the National Center of Incident Readiness and Strategy for Cybersecurity (NISC) have exposed a long-running cyber espionage campaign, “MirrorFace” (also known as Earth Kasha), allegedly linked to China.The campaign, operational since 2019, has targeted Japanese organizations, businesses, and individuals, primarily to exfiltrate sensitive data related to national security and…
Forscher: KI sorgt für effektiveres Phishing

Jan 8, 2025 4:18 PM

Tags: ai, LLM, phishing, spear-phishing

Wie wirksam ist per LLM automatisch erzeugtes Phishing? Es ist gleichauf mit menschlich erzeugtem Spear-Phishing, sagen Forscher. First seen on heise.de Jump to article: www.heise.de/news/Forscher-KI-sorgt-fuer-effektiveres-Phishing-10232370.html
SecurityTrainings ein Ratgeber

Dec 27, 2024 5:42 AM

Tags: awareness, breach, cyberattack, cybersecurity, cyersecurity, data, data-breach, framework, mail, nis-2, nist, open-source, password, phishing, risk, sans, service, social-engineering, spear-phishing, strategy, tool, training
The 2024 cyberwar playbook: Tricks used by nation-state actors

Dec 25, 2024 7:43 AM

Tags: access, ai, apt, at&t, attack, authentication, backdoor, blizzard, botnet, breach, china, cisa, cloud, control, credentials, cve, cvss, cyber, cybersecurity, data, ddos, defense, detection, email, espionage, exploit, flaw, fortinet, google, government, group, hacker, hacking, healthcare, india, infrastructure, iran, ivanti, linux, login, malicious, malware, mfa, microsoft, mobile, network, offense, office, open-source, password, phishing, powershell, remote-code-execution, router, russia, service, social-engineering, software, spear-phishing, spy, strategy, supply-chain, tactics, theft, threat, tool, unauthorized, update, vpn, vulnerability, warfare, windows, worm, zero-day

In 2024, nation-state cyber activity was off the charts, with Chinese, Russian, and Iranian actors leading the charge. Their campaigns weren’t just relentless, they were innovative, using a crafty mix of Tactics, Techniques, and Procedures (TTPs) to gain footholds, stay hidden, and spy-like pros.”There was definitely a continued and noted uptick in nation-state activity in…
New Python NodeStealer Attacking Facebook Business To Steal Login Credentials

Dec 23, 2024 12:44 PM

Tags: business, credentials, credit-card, cyber, data, email, finance, login, malicious, malware, phishing, powershell, spear-phishing, threat

NodeStealer, initially a JavaScript-based malware, has evolved into a more sophisticated Python-based threat that targets Facebook Ads Manager accounts, stealing sensitive financial and business data in addition to credit card details and browser information. The malware is delivered through spear-phishing emails with malicious links, uses DLL sideloading and encoded PowerShell for stealthy execution, and exfiltrates…
Cybercriminals Go Mobile: Executives Targeted in Advanced Phishing Campaigns

Dec 23, 2024 5:42 AM

Tags: attack, corporate, cybercrime, exploit, mobile, phishing, spear-phishing, vulnerability

Cybercriminals are targeting corporate executives with highly advanced mobile spear phishing attacks, leveraging sophisticated evasion techniques and exploiting the inherent vulnerabilities of mobile devices, a new report reveals. In today’s... First seen on securityonline.info Jump to article: securityonline.info/cybercriminals-go-mobile-executives-targeted-in-advanced-phishing-campaigns/
Earth Koshchei’s Rogue RDP Campaign: A Sophisticated APT Attack Targets Governments and Enterprises

Dec 20, 2024 5:43 AM

Tags: apt, attack, email, espionage, government, group, phishing, spear-phishing, threat

Trend Micro has unveiled a large-scale rogue remote desktop protocol (RDP) campaign conducted by the threat group Earth Koshchei. Known for their espionage operations, Earth Koshchei leveraged spear-phishing emails and... First seen on securityonline.info Jump to article: securityonline.info/earth-koshcheis-rogue-rdp-campaign-a-sophisticated-apt-attack-targets-governments-and-enterprises/
Mobile Spear Phishing Targets Executive Teams

Dec 18, 2024 11:42 PM

Tags: mobile, phishing, spear-phishing

Over the past few months, enterprises have observed a pattern of sophisticated spearphishing attempts targeting their executives, with some specifically targeting their mobile devices. Our blog shares the details. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/mobile-spear-phishing-targets-executive-teams/
KI-gestützte Cybersicherheit 10 Prognosen für das Jahr 2025

Dec 18, 2024 2:42 PM

Tags: ai, cyberattack, cyersecurity, deep-fake, phishing, spear-phishing

Schon seit vielen Jahren warnen Cybersicherheitsexperten auf der ganzen Welt vor den Gefahren KI-gestützter Cyberangriffe. Langsam werden diese Warnungen nun Realität. In diesem Jahr kam KI noch vor allem in Deepfake-, Phishing- und Spear Phishing-Kampagnen zum Einsatz. Für die kommenden Jahre ist aber mit einem deutlichen Anstieg der Anwendungsfälle zu rechnen. KI-gestützte Cyberangriffe werden mehr…
The 7 most in-demand cybersecurity skills today

Dec 12, 2024 12:05 PM

Tags: access, ai, api, application-security, attack, backup, best-practice, breach, business, cloud, compliance, computing, control, cyber, cyberattack, cybersecurity, data, defense, encryption, exploit, framework, gartner, GDPR, google, governance, grc, group, hacker, Hardware, healthcare, incident response, infrastructure, injection, intelligence, jobs, LLM, malicious, mitigation, ml, network, penetration-testing, phishing, privacy, ransomware, risk, risk-analysis, risk-assessment, risk-management, saas, service, skills, social-engineering, software, spear-phishing, strategy, technology, threat, tool, training, update, vulnerability, zero-trust

Cybersecurity teams find themselves understaffed, overburdened, and rushing to keep up with a rapidly changing threat landscape, as cyberattackers continually devise new ways to attack organizations, and organizations accelerate their embrace of the latest technologies.As a result, security professionals must continually upskill themselves to ensure they keep pace with organizations’ latest skill demands. Unfortunately, deciding…
Five Ways Spear Phishing Tactics are Evolving in 2025

Dec 10, 2024 4:07 PM

Tags: defense, phishing, spear-phishing, tactics

What type of phishing became very effective around 2010 and still worries security teams today? Spear phishing. Spear phishing remains highly effective and is getting more dangerous by the day. What is spear phishing? What new technologies and methods will attackers use to get around common defenses? How will they become more precise and convincing?……
Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware

Dec 6, 2024 9:52 AM

Tags: dns, group, hacker, infrastructure, malware, phishing, spear-phishing, threat, ukraine

The threat actor known as Gamaredon has been observed leveraging Cloudflare Tunnels as a tactic to conceal its staging infrastructure hosting a malware called GammaDrop.The activity is part of an ongoing spear-phishing campaign targeting Ukrainian entities since at least early 2024 that’s designed to drop the Visual Basic Script malware, Recorded Future’s Insikt Group said…
ANEL and NOOPDOOR Backdoors Weaponized in New MirrorFace Campaign Against Japan

Dec 5, 2024 9:48 AM

Tags: backdoor, china, phishing, spear-phishing, threat

The China-linked threat actor known as MirrorFace has been attributed to a new spear-phishing campaign mainly targeting individuals and organizations in Japan since June 2024.The aim of the campaign is to deliver backdoors known as NOOPDOOR (aka HiddenFace) and ANEL (aka UPPERCUT), Trend Micro said in a technical analysis.”An interesting aspect of this campaign is…
A Look at the Social Engineering Element of Spear Phishing Attacks

Dec 3, 2024 9:48 PM

Tags: attack, phishing, social-engineering, spear-phishing

First seen on scworld.com Jump to article: www.scworld.com/native/a-look-at-the-social-engineering-element-of-spear-phishing-attacks
Iranische Angreifer missbrauchen Backdoor für SpearAngriffe

Dec 1, 2024 5:27 PM

Tags: backdoor, cyberattack, malware, phishing, spear-phishing

In den meisten Beispielen erstellt BugSleep eine geplante Aufgabe mit demselben Namen wie die Mutex, die die Persistenz der Malware gewährleistet. Die… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/iranische-angreifer-missbrauchen-backdoor-fuer-phishing-angriffe/a37886/
Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files

Dec 1, 2024 4:20 AM

Tags: blizzard, phishing, spear-phishing

First seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/midnight-blizzard-conducts-large-scale-spear-phishing-campaign-using-rdp-files/
ANEL Backdoor Reactivated in Earth Kasha Cyber-Espionage Campaign

Nov 28, 2024 5:24 AM

Tags: backdoor, cyber, espionage, group, phishing, spear-phishing

In June 2024, Trend Micro identified a new spear-phishing campaign targeting political organizations, research institutions, and think tanks in Japan. This operation, attributed to the cyber-espionage group Earth Kasha, marks... First seen on securityonline.info Jump to article: securityonline.info/anel-backdoor-reactivated-in-earth-kasha-cyber-espionage-campaign/
Earth Kasha Upgraded Their Arsenal With New Tactics To Attack Organizations

Nov 22, 2024 3:53 PM

Tags: access, attack, backdoor, cyber, exploit, group, india, network, phishing, spear-phishing, tactics, threat, vpn, vulnerability

Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to India, Taiwan, and Japan, leveraging spear-phishing and exploiting vulnerabilities in public-facing applications like SSL-VPN and file storage services. The group has deployed various backdoors, including Cobalt Strike, LODEINFO, and the newly discovered NOOPDOOR, to maintain persistent access to compromised networks, which…
Phishing-Angriffswelle auf LinkedIn nimmt Arbeitssuchende ins Visier

Nov 12, 2024 2:04 PM

Tags: linkedin, phishing, spear-phishing

Laut einem kürzlich von Malwarebyte-Forschern veröffentlichten Bericht sind Cyberkriminelle zunehmend auf LinkedIn aktiv. Mit Phishing- und Spear-Phishing-Kampagnen versuchen sie, an die Anmeldedaten ihrer Opfer, die auf LinkedIn nach einer (besseren) Anstellung suchen, zu gelangen. Hierzu erstellen die Betrüger gefälschte Recruiter-Profile. Sie nutzen die Namen real existierender Personen und deren Profilbilder oder lassen sich welche von…
Industrial companies in Europe targeted with GuLoader

Nov 7, 2024 3:04 PM

Tags: phishing, spear-phishing

A recent spear-phishing campaign targeting industrial and engineering companies in Europe was aimed at saddling victims with the popular GuLoader downloader and, ultimately, a … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/07/industrial-europe-spear-phishing-guloader/
Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations

Nov 6, 2024 11:01 PM

Tags: attack, blizzard, phishing, spear-phishing

First seen on techrepublic.com Jump to article: www.techrepublic.com/article/midnight-blizzard-spearphishing-us-officials/
Massive Midnight Blizzard Phishing Attack Using Weaponized RDP Files

Nov 6, 2024 12:56 PM

Tags: attack, blizzard, phishing, russia, spear-phishing, threat

Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals in various sectors. The attacks inv… First seen on gbhackers.com Jump to article: gbhackers.com/midnight-blizzard-rdp-attack/
Midnight Blizzard Targets 100+ Organizations in RDP Phishing Attack

Nov 4, 2024 2:51 AM

Tags: attack, blizzard, intelligence, microsoft, phishing, russia, spear-phishing, threat

Microsoft Threat Intelligence has issued a warning about a new spear-phishing campaign orchestrated by the Russian state-sponsored threat actor Midnig… First seen on securityonline.info Jump to article: securityonline.info/midnight-blizzard-targets-100-organizations-in-rdp-phishing-attack/
Russia-linked Midnight Blizzard APT targeted 100+ organizations with a spear-phishing campaign using RDP files

Nov 3, 2024 1:55 PM

Tags: apt, blizzard, microsoft, phishing, russia, spear-phishing

Microsoft warns of a new phishing campaign by Russia-linked APT Midnight Blizzard targeting hundreds of organizations. Microsoft warns of a large-scal… First seen on securityaffairs.com Jump to article: securityaffairs.com/170398/apt/midnight-blizzard-apt-targeted-100-organizations.html
Global Midnight Blizzard spear-phishing operation underway

Nov 1, 2024 8:55 PM

Tags: blizzard, phishing, spear-phishing

First seen on scworld.com Jump to article: www.scworld.com/brief/global-midnight-blizzard-spear-phishing-operation-underway
Microsoft Warns of Russian Spear-Phishing Attacks Targeting Over 100 Organizations

Nov 1, 2024 8:55 AM

Tags: attack, blizzard, microsoft, phishing, russia, spear-phishing, threat

Microsoft says a new spear-phishing campaign by Russia’s Midnight Blizzard uses RDP files, a new vector for this threat group. The post Microsoft Warn… First seen on securityweek.com Jump to article: www.securityweek.com/microsoft-warns-of-russian-spear-phishing-attacks-targeting-over-100-organizations/
UK on high alert over Iranian spear phishing attacks, says NCSC

Oct 30, 2024 6:56 PM

Tags: attack, iran, phishing, spear-phishing

The NCSC and counterpart agencies in the US have issued a warning over enhanced Iranian spear phishing activity targeting politicians, journalists, ac… First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366612026/UK-on-high-alert-over-Iranian-spear-phishing-attacks-says-NCSC