Tag: impersonation

16 Attack Reports | 0 Vulnerabilities

Attack reports

The Transparent Tribe Vibe: APT36 Returns With CapraRAT Impersonating Viber

APT36, also known as Transparent Tribe, has been observed using VPS provider Contabo to host malicious infrastructure for CapraRAT and Crimson RAT. Their latest tactic involves disguising spyware as the popular messaging app Viber, granting extensive permissions to record calls, read messages, and …
impersonation
android
crimson rat
spyware
transparent tribe
caprarat
contabo
2025-06-03
vps
androrat
viber
Published: June 3, 2025
Downloadable IOCs: 3

Campaigns Impersonate the CIA to Target Ukraine Sympathizers, Russian Citizens and Informants

Silent Push Threat Analysts have uncovered a sophisticated phishing campaign targeting individuals sympathetic to Ukraine's defense, Russian citizens, and potential informants. The operation, believed to be orchestrated by Russian Intelligence Services, employs four major phishing clusters imperson…
phishing
impersonation
state-sponsored
russia
ukraine
russian volunteer corps
2025-04-01
hochuzhit
cia
intelligence gathering
legion liberty
Published: April 1, 2025
Downloadable IOCs: 0

Investigating Scam Crypto Investment Platforms Using Pyramid Schemes to Defraud Victims

A campaign distributing thousands of fraudulent cryptocurrency investment platforms via websites and mobile applications has been uncovered. The operation impersonates well-known brands and organizations, luring victims with unrealistic promises of high returns. The consistent design of the platfor…
impersonation
cryptocurrency
telegram
2025-03-13
mobile applications
investment scam
pyramid scheme
Published: March 13, 2025
Downloadable IOCs: 36

Hundreds of thousands of rubles for your secrets: cyber spies disguise themselves as recruiters

Cybercriminals impersonating a real company are sending fake job descriptions to employees of targeted organizations. The attackers, known as Squid Werewolf, are offering substantial sums of money, potentially hundreds of thousands of rubles, in exchange for sensitive information. This sophisticate…
phishing
social engineering
impersonation
cyber espionage
2025-03-12
fake job offers
recruitment scam
Published: March 12, 2025
Downloadable IOCs: 6

Unwrapping the AIZ—Aggressive Inventory Zombies—Retail & Crypto Phishing Network Campaign

A large-scale phishing campaign targeting retail brands and cryptocurrency users has been uncovered. The campaign, dubbed 'Aggressive Inventory Zombies' (AIZ), initially impersonated Etsy but expanded to target major retailers like Amazon, BestBuy, and eBay. The threat actor uses a popular website …
phishing
impersonation
e-commerce
2024-12-13
retail
Published: December 13, 2024
Downloadable IOCs: 59

Analyzing threat actor Kimsuky email phishing campaign

The report provides an in-depth analysis of the email phishing campaigns conducted by the Kimsuky threat actor group. It highlights their tactics of using diverse themes and subjects to pique the curiosity of recipients, targeting researchers and individuals related to North Korean affairs in an at…
phishing
north korea
impersonation
credential theft
2024-12-04
malwareless
Published: December 4, 2024
Downloadable IOCs: 24

Iranian Cyber Actors Targeting Personal Accounts to Support Operations

Cyber actors working for Iran's Islamic Revolutionary Guard Corps (IRGC) are targeting individuals connected to Iranian and Middle Eastern affairs, including government officials, think tank personnel, journalists, activists, and lobbyists. They use social engineering techniques, impersonating cont…
phishing
social engineering
impersonation
iran
credential theft
2024-09-30
two-factor authentication
political campaigns
Published: September 30, 2024
Downloadable IOCs: 65

Marko Polo Navigates Uncharted Waters with Infostealer Empire

An analysis has uncovered a highly adaptable cybercriminal group, codenamed 'Marko Polo', that operates sophisticated scams employing information-stealing malware to target individuals and organizations globally. They primarily operate through social media, impersonating legitimate brands in sector…
impersonation
infostealers
scams
social_engineering
2024-09-17
cybercriminal
marko polo
Published: September 17, 2024
Downloadable IOCs: 47

The Emerging Dynamics of Deepfake Scam Campaigns on the Web

Researchers have uncovered dozens of scam campaigns utilizing deepfake videos featuring public figures like CEOs, news anchors, and government officials. These campaigns target victims in multiple countries using various languages. The scams promote fake investment schemes and government giveaways.…
phishing
social engineering
impersonation
fraud
ai
scams
2024-08-29
genai
deepfakes
2024-09-02
investment fraud
infrastructure analysis
Published: September 2, 2024
Downloadable IOCs: 428

Malicious Inauthentic Falcon Crash Reporter Installer Distributed to German Entity

On July 24, 2024, CrowdStrike Intelligence identified an unattributed spearphishing attempt delivering an inauthentic installer impersonating CrowdStrike's Crash Reporter through a website targeting a German entity. The site utilized JavaScript obfuscation to deliver the malicious installer, which …
obfuscation
impersonation
spearphishing
installer
2024-07-31
Published: July 31, 2024
Downloadable IOCs: 5

Threat Actor Uses Fake Recovery Manual to Deliver Unidentified Stealer

An intelligence report outlines a campaign where an unidentified threat actor impersonated a Microsoft recovery manual through a malicious Word document containing macros. Upon execution, the macros downloaded a novel stealer now tracked as Daolpu. This stealer targets credentials stored in web bro…
impersonation
stealer
exfiltration
credential
2024-07-24
daolpu
malicious-document
Published: July 24, 2024
Downloadable IOCs: 6

'Evil Twin' Apps Spread for Multiple Fraud Schemes

HUMAN's Satori Threat Intelligence and Research team recently uncovered a massive ad fraud operation dubbed Konfety, involving threat actors operating 'evil twin' versions of 'decoy twin' apps available on major app marketplaces. The decoy twins on official stores behave normally, while the evil tw…
obfuscation
impersonation
malvertising
2024-07-17
mobile
konfety
ad fraud
Published: July 17, 2024
Downloadable IOCs: 0

Ticket Heist: Olympic Games and Sporting Events at Risk

This analysis examines an ongoing, undetected fraudulent campaign named 'Ticket Heist' targeting Russian-speaking users, several Eastern European countries, and English-speaking individuals seeking tickets for various sporting events and festivals. The campaign involves a network of 708 fraudulent …
impersonation
fraud
2024-07-10
olympics
tickets
uefa
events
Published: July 10, 2024
Downloadable IOCs: 685

Supposed Grasshopper: operators impersonate Israeli government and private companies to deploy open-source malware

A long-running campaign was identified involving malicious actors impersonating Israeli entities and private companies. The operators delivered payloads through crafted WordPress sites, employing a mix of custom code and open-source malware like Donut and Sliver. While the motivations remain unclea…
impersonation
wordpress
sliver
golang
2024-06-28
open-source
donut
virtual disk
Published: June 28, 2024
Downloadable IOCs: 18

Smishing Triad Is Targeting Pakistan To Defraud Banking Customers At Scale

Resecurity has identified a new activity of a cybercrime group known as Smishing Triad, which has expanded its operations to Pakistan. The group is employing tactics involving sending malicious messages impersonating Pakistan Post to customers of mobile carriers via iMessage and SMS, with the goal …
impersonation
pakistan
fraud
2024-06-12
smishing
Published: June 12, 2024
Downloadable IOCs: 14

Romance Scams Urging Investment

The report details an investigation into romance scams that exploit emotional connections to solicit money under the guise of cryptocurrency investments. Perpetrators pose as potential romantic partners or friends to gain trust and eventually introduce victims to fake cryptocurrency exchanges desig…
phishing
social engineering
impersonation
cryptocurrency
2024-05-08
scam
fraud
romance
2024-05-09
2024-05-10
2024-05-13
Published: May 13, 2024
Downloadable IOCs: 3
Click here to see more Attack Reports