Tag: credential phishing

6 Attack Reports | 0 Vulnerabilities

Attack reports

Latest goon squad to use fake helpdesk calls to steal creds

A new extortion group called Pink, tracked as cluster CL-CRI-1147, employs voice phishing and fake IT helpdesk impersonation to compromise organizations. The gang steals employee credentials, bypasses multi-factor authentication, and exfiltrates data from cloud storage platforms like SharePoint and…
social engineering
extortion
vishing
mfa bypass
credential phishing
the com
2026-06-04
cloud data theft
helpdesk impersonation
Published: June 4, 2026
Downloadable IOCs: 2

The GHOST STADIUM Score: Billions At Stake At The World’s Largest Football Tournament

Researchers uncovered a massive fraud ecosystem targeting the 2026 FIFA World Cup, identifying over 4,300 fraudulent domains impersonating FIFA's official website since August 2025. At the center operates GHOST STADIUM, a Chinese-speaking threat actor running a sophisticated phishing campaign acros…
credential phishing
phishing-as-a-service
cryptocurrency fraud
2026-05-27
facebook advertising exploitation
fifa world cup 2026
ghost stadium
ticket fraud
Published: May 27, 2026
Downloadable IOCs: 19

Payroll pirate attacks targeting Canadian employees

Microsoft Incident Response researchers identified Storm-2755, a financially motivated threat actor conducting payroll pirate attacks against Canadian users. The campaign uses malvertising and SEO poisoning on generic search terms like "Office 365" to lure victims to a fraudulent sign-in page. Thro…
aitm
malvertising
seo poisoning
credential phishing
CVE-2025-27152
session hijacking
token theft
2026-04-09
canadian targeting
payroll fraud
Published: April 9, 2026
Linked vulnerabilities : CVE-2025-27152
Downloadable IOCs: 1

Security Brief: Threat Actors Gift Holiday Lures to Threat Landscape

As the holiday season approaches, threat actors are exploiting people's desires for deals, jobs, and end-of-year bonuses. Researchers have observed an increase in themed content delivering malware, fraud, and credential phishing campaigns. Examples include a 'Winter Holiday Promotion' campaign deli…
qr codes
remcos rat
credential phishing
2024-12-19
adversary-in-the-middle (aitm)
employment fraud
tycoon phishing-as-a-service (phaas)
open office xml (ooxml)
Published: December 19, 2024
Downloadable IOCs: 0

CHARMING KITTEN

Since June 2024, the Iran-nexus actor CHARMING KITTEN has been creating new network infrastructure for credential phishing, targeting individuals perceived as threats to the Iranian regime. The actor's infrastructure, known as Cluster B, uses domains with specific characteristics like similar TLDs,…
iran
infrastructure
domain registration
2024-10-04
spear-phishing
credential phishing
mint sandstorm
ta453
apt42
Published: October 4, 2024
Downloadable IOCs: 11

Credential Phishing Pages Mimicking Legitimate Webmail Login Portals

Since August 2024, an India-linked threat actor has been targeting entities in China and South Asia using credential phishing pages that mimic legitimate webmail login portals. The campaign primarily focuses on government and defense sectors. The phishing domains share common characteristics, inclu…
china
government
2024-09-18
south asia
domain spoofing
credential phishing
Published: September 18, 2024
Downloadable IOCs: 20
Click here to see more Attack Reports