Tag: impersonation
10 attack reports | 0 vulnerabilities
Attack reports
Iranian Cyber Actors Targeting Personal Accounts to Support Operations
Cyber actors working for Iran's Islamic Revolutionary Guard Corps (IRGC) are targeting individuals connected to Iranian and Middle Eastern affairs, including government officials, think tank personnel, journalists, activists, and lobbyists. They use social engineering techniques, impersonating cont…
Downloadable IOCs 65
Marko Polo Navigates Uncharted Waters with Infostealer Empire
An analysis has uncovered a highly adaptable cybercriminal group, codenamed 'Marko Polo', that operates sophisticated scams employing information-stealing malware to target individuals and organizations globally. They primarily operate through social media, impersonating legitimate brands in sector…
Downloadable IOCs 47
The Emerging Dynamics of Deepfake Scam Campaigns on the Web
Researchers have uncovered dozens of scam campaigns utilizing deepfake videos featuring public figures like CEOs, news anchors, and government officials. These campaigns target victims in multiple countries using various languages. The scams promote fake investment schemes and government giveaways.…
Downloadable IOCs 428
Malicious Inauthentic Falcon Crash Reporter Installer Distributed to German Entity
On July 24, 2024, CrowdStrike Intelligence identified an unattributed spearphishing attempt delivering an inauthentic installer impersonating CrowdStrike's Crash Reporter through a website targeting a German entity. The site utilized JavaScript obfuscation to deliver the malicious installer, which …
Downloadable IOCs 5
Threat Actor Uses Fake Recovery Manual to Deliver Unidentified Stealer
An intelligence report outlines a campaign where an unidentified threat actor impersonated a Microsoft recovery manual through a malicious Word document containing macros. Upon execution, the macros downloaded a novel stealer now tracked as Daolpu. This stealer targets credentials stored in web bro…
Downloadable IOCs 6
'Evil Twin' Apps Spread for Multiple Fraud Schemes
HUMAN's Satori Threat Intelligence and Research team recently uncovered a massive ad fraud operation dubbed Konfety, involving threat actors operating 'evil twin' versions of 'decoy twin' apps available on major app marketplaces. The decoy twins on official stores behave normally, while the evil tw…
Downloadable IOCs 0
Ticket Heist: Olympic Games and Sporting Events at Risk
This analysis examines an ongoing, undetected fraudulent campaign named 'Ticket Heist' targeting Russian-speaking users, several Eastern European countries, and English-speaking individuals seeking tickets for various sporting events and festivals. The campaign involves a network of 708 fraudulent …
Downloadable IOCs 685
Supposed Grasshopper: operators impersonate Israeli government and private companies to deploy open-source malware
A long-running campaign was identified involving malicious actors impersonating Israeli entities and private companies. The operators delivered payloads through crafted WordPress sites, employing a mix of custom code and open-source malware like Donut and Sliver. While the motivations remain unclea…
Downloadable IOCs 18
Smishing Triad Is Targeting Pakistan To Defraud Banking Customers At Scale
Resecurity has identified a new activity of a cybercrime group known as Smishing Triad, which has expanded its operations to Pakistan. The group is employing tactics involving sending malicious messages impersonating Pakistan Post to customers of mobile carriers via iMessage and SMS, with the goal …
Downloadable IOCs 14
Romance Scams Urging Investment
The report details an investigation into romance scams that exploit emotional connections to solicit money under the guise of cryptocurrency investments. Perpetrators pose as potential romantic partners or friends to gain trust and eventually introduce victims to fake cryptocurrency exchanges desig…
Downloadable IOCs 3
Iranian Cyber Actors Targeting Personal Accounts to Support Operations
Cyber actors working for Iran's Islamic Revolutionary Guard Corps (IRGC) are targeting individuals connected to Iranian and Middle Eastern affairs, including government officials, think tank personnel, journalists, activists, and lobbyists. They use social engineering techniques, impersonating cont…
Downloadable IOCs 65
Marko Polo Navigates Uncharted Waters with Infostealer Empire
An analysis has uncovered a highly adaptable cybercriminal group, codenamed 'Marko Polo', that operates sophisticated scams employing information-stealing malware to target individuals and organizations globally. They primarily operate through social media, impersonating legitimate brands in sector…
Downloadable IOCs 47
The Emerging Dynamics of Deepfake Scam Campaigns on the Web
Researchers have uncovered dozens of scam campaigns utilizing deepfake videos featuring public figures like CEOs, news anchors, and government officials. These campaigns target victims in multiple countries using various languages. The scams promote fake investment schemes and government giveaways.…
Downloadable IOCs 428
Malicious Inauthentic Falcon Crash Reporter Installer Distributed to German Entity
On July 24, 2024, CrowdStrike Intelligence identified an unattributed spearphishing attempt delivering an inauthentic installer impersonating CrowdStrike's Crash Reporter through a website targeting a German entity. The site utilized JavaScript obfuscation to deliver the malicious installer, which …
Downloadable IOCs 5
Threat Actor Uses Fake Recovery Manual to Deliver Unidentified Stealer
An intelligence report outlines a campaign where an unidentified threat actor impersonated a Microsoft recovery manual through a malicious Word document containing macros. Upon execution, the macros downloaded a novel stealer now tracked as Daolpu. This stealer targets credentials stored in web bro…
Downloadable IOCs 6
'Evil Twin' Apps Spread for Multiple Fraud Schemes
HUMAN's Satori Threat Intelligence and Research team recently uncovered a massive ad fraud operation dubbed Konfety, involving threat actors operating 'evil twin' versions of 'decoy twin' apps available on major app marketplaces. The decoy twins on official stores behave normally, while the evil tw…
Downloadable IOCs 0
Ticket Heist: Olympic Games and Sporting Events at Risk
This analysis examines an ongoing, undetected fraudulent campaign named 'Ticket Heist' targeting Russian-speaking users, several Eastern European countries, and English-speaking individuals seeking tickets for various sporting events and festivals. The campaign involves a network of 708 fraudulent …
Downloadable IOCs 685
Supposed Grasshopper: operators impersonate Israeli government and private companies to deploy open-source malware
A long-running campaign was identified involving malicious actors impersonating Israeli entities and private companies. The operators delivered payloads through crafted WordPress sites, employing a mix of custom code and open-source malware like Donut and Sliver. While the motivations remain unclea…
Downloadable IOCs 18
Smishing Triad Is Targeting Pakistan To Defraud Banking Customers At Scale
Resecurity has identified a new activity of a cybercrime group known as Smishing Triad, which has expanded its operations to Pakistan. The group is employing tactics involving sending malicious messages impersonating Pakistan Post to customers of mobile carriers via iMessage and SMS, with the goal …
Downloadable IOCs 14
Romance Scams Urging Investment
The report details an investigation into romance scams that exploit emotional connections to solicit money under the guise of cryptocurrency investments. Perpetrators pose as potential romantic partners or friends to gain trust and eventually introduce victims to fake cryptocurrency exchanges desig…
Downloadable IOCs 3
Iranian Cyber Actors Targeting Personal Accounts to Support Operations
Cyber actors working for Iran's Islamic Revolutionary Guard Corps (IRGC) are targeting individuals connected to Iranian and Middle Eastern affairs, including government officials, think tank personnel, journalists, activists, and lobbyists. They use social engineering techniques, impersonating cont…
Downloadable IOCs 65
Marko Polo Navigates Uncharted Waters with Infostealer Empire
An analysis has uncovered a highly adaptable cybercriminal group, codenamed 'Marko Polo', that operates sophisticated scams employing information-stealing malware to target individuals and organizations globally. They primarily operate through social media, impersonating legitimate brands in sector…
Downloadable IOCs 47
The Emerging Dynamics of Deepfake Scam Campaigns on the Web
Researchers have uncovered dozens of scam campaigns utilizing deepfake videos featuring public figures like CEOs, news anchors, and government officials. These campaigns target victims in multiple countries using various languages. The scams promote fake investment schemes and government giveaways.…
Downloadable IOCs 428
Malicious Inauthentic Falcon Crash Reporter Installer Distributed to German Entity
On July 24, 2024, CrowdStrike Intelligence identified an unattributed spearphishing attempt delivering an inauthentic installer impersonating CrowdStrike's Crash Reporter through a website targeting a German entity. The site utilized JavaScript obfuscation to deliver the malicious installer, which …
Downloadable IOCs 5
Threat Actor Uses Fake Recovery Manual to Deliver Unidentified Stealer
An intelligence report outlines a campaign where an unidentified threat actor impersonated a Microsoft recovery manual through a malicious Word document containing macros. Upon execution, the macros downloaded a novel stealer now tracked as Daolpu. This stealer targets credentials stored in web bro…
Downloadable IOCs 6
'Evil Twin' Apps Spread for Multiple Fraud Schemes
HUMAN's Satori Threat Intelligence and Research team recently uncovered a massive ad fraud operation dubbed Konfety, involving threat actors operating 'evil twin' versions of 'decoy twin' apps available on major app marketplaces. The decoy twins on official stores behave normally, while the evil tw…
Downloadable IOCs 0
Ticket Heist: Olympic Games and Sporting Events at Risk
This analysis examines an ongoing, undetected fraudulent campaign named 'Ticket Heist' targeting Russian-speaking users, several Eastern European countries, and English-speaking individuals seeking tickets for various sporting events and festivals. The campaign involves a network of 708 fraudulent …
Downloadable IOCs 685
Supposed Grasshopper: operators impersonate Israeli government and private companies to deploy open-source malware
A long-running campaign was identified involving malicious actors impersonating Israeli entities and private companies. The operators delivered payloads through crafted WordPress sites, employing a mix of custom code and open-source malware like Donut and Sliver. While the motivations remain unclea…
Downloadable IOCs 18
Smishing Triad Is Targeting Pakistan To Defraud Banking Customers At Scale
Resecurity has identified a new activity of a cybercrime group known as Smishing Triad, which has expanded its operations to Pakistan. The group is employing tactics involving sending malicious messages impersonating Pakistan Post to customers of mobile carriers via iMessage and SMS, with the goal …
Downloadable IOCs 14
Romance Scams Urging Investment
The report details an investigation into romance scams that exploit emotional connections to solicit money under the guise of cryptocurrency investments. Perpetrators pose as potential romantic partners or friends to gain trust and eventually introduce victims to fake cryptocurrency exchanges desig…
Downloadable IOCs 3
Iranian Cyber Actors Targeting Personal Accounts to Support Operations
Cyber actors working for Iran's Islamic Revolutionary Guard Corps (IRGC) are targeting individuals connected to Iranian and Middle Eastern affairs, including government officials, think tank personnel, journalists, activists, and lobbyists. They use social engineering techniques, impersonating cont…
Downloadable IOCs 65
Marko Polo Navigates Uncharted Waters with Infostealer Empire
An analysis has uncovered a highly adaptable cybercriminal group, codenamed 'Marko Polo', that operates sophisticated scams employing information-stealing malware to target individuals and organizations globally. They primarily operate through social media, impersonating legitimate brands in sector…
Downloadable IOCs 47
The Emerging Dynamics of Deepfake Scam Campaigns on the Web
Researchers have uncovered dozens of scam campaigns utilizing deepfake videos featuring public figures like CEOs, news anchors, and government officials. These campaigns target victims in multiple countries using various languages. The scams promote fake investment schemes and government giveaways.…
Downloadable IOCs 428
Malicious Inauthentic Falcon Crash Reporter Installer Distributed to German Entity
On July 24, 2024, CrowdStrike Intelligence identified an unattributed spearphishing attempt delivering an inauthentic installer impersonating CrowdStrike's Crash Reporter through a website targeting a German entity. The site utilized JavaScript obfuscation to deliver the malicious installer, which …
Downloadable IOCs 5
Threat Actor Uses Fake Recovery Manual to Deliver Unidentified Stealer
An intelligence report outlines a campaign where an unidentified threat actor impersonated a Microsoft recovery manual through a malicious Word document containing macros. Upon execution, the macros downloaded a novel stealer now tracked as Daolpu. This stealer targets credentials stored in web bro…
Downloadable IOCs 6
'Evil Twin' Apps Spread for Multiple Fraud Schemes
HUMAN's Satori Threat Intelligence and Research team recently uncovered a massive ad fraud operation dubbed Konfety, involving threat actors operating 'evil twin' versions of 'decoy twin' apps available on major app marketplaces. The decoy twins on official stores behave normally, while the evil tw…
Downloadable IOCs 0
Ticket Heist: Olympic Games and Sporting Events at Risk
This analysis examines an ongoing, undetected fraudulent campaign named 'Ticket Heist' targeting Russian-speaking users, several Eastern European countries, and English-speaking individuals seeking tickets for various sporting events and festivals. The campaign involves a network of 708 fraudulent …
Downloadable IOCs 685
Supposed Grasshopper: operators impersonate Israeli government and private companies to deploy open-source malware
A long-running campaign was identified involving malicious actors impersonating Israeli entities and private companies. The operators delivered payloads through crafted WordPress sites, employing a mix of custom code and open-source malware like Donut and Sliver. While the motivations remain unclea…
Downloadable IOCs 18
Smishing Triad Is Targeting Pakistan To Defraud Banking Customers At Scale
Resecurity has identified a new activity of a cybercrime group known as Smishing Triad, which has expanded its operations to Pakistan. The group is employing tactics involving sending malicious messages impersonating Pakistan Post to customers of mobile carriers via iMessage and SMS, with the goal …
Downloadable IOCs 14
Romance Scams Urging Investment
The report details an investigation into romance scams that exploit emotional connections to solicit money under the guise of cryptocurrency investments. Perpetrators pose as potential romantic partners or friends to gain trust and eventually introduce victims to fake cryptocurrency exchanges desig…
Downloadable IOCs 3
Iranian Cyber Actors Targeting Personal Accounts to Support Operations
Cyber actors working for Iran's Islamic Revolutionary Guard Corps (IRGC) are targeting individuals connected to Iranian and Middle Eastern affairs, including government officials, think tank personnel, journalists, activists, and lobbyists. They use social engineering techniques, impersonating cont…
Downloadable IOCs 65
Marko Polo Navigates Uncharted Waters with Infostealer Empire
An analysis has uncovered a highly adaptable cybercriminal group, codenamed 'Marko Polo', that operates sophisticated scams employing information-stealing malware to target individuals and organizations globally. They primarily operate through social media, impersonating legitimate brands in sector…
Downloadable IOCs 47
The Emerging Dynamics of Deepfake Scam Campaigns on the Web
Researchers have uncovered dozens of scam campaigns utilizing deepfake videos featuring public figures like CEOs, news anchors, and government officials. These campaigns target victims in multiple countries using various languages. The scams promote fake investment schemes and government giveaways.…
Downloadable IOCs 428
Malicious Inauthentic Falcon Crash Reporter Installer Distributed to German Entity
On July 24, 2024, CrowdStrike Intelligence identified an unattributed spearphishing attempt delivering an inauthentic installer impersonating CrowdStrike's Crash Reporter through a website targeting a German entity. The site utilized JavaScript obfuscation to deliver the malicious installer, which …
Downloadable IOCs 5
Threat Actor Uses Fake Recovery Manual to Deliver Unidentified Stealer
An intelligence report outlines a campaign where an unidentified threat actor impersonated a Microsoft recovery manual through a malicious Word document containing macros. Upon execution, the macros downloaded a novel stealer now tracked as Daolpu. This stealer targets credentials stored in web bro…
Downloadable IOCs 6
'Evil Twin' Apps Spread for Multiple Fraud Schemes
HUMAN's Satori Threat Intelligence and Research team recently uncovered a massive ad fraud operation dubbed Konfety, involving threat actors operating 'evil twin' versions of 'decoy twin' apps available on major app marketplaces. The decoy twins on official stores behave normally, while the evil tw…
Downloadable IOCs 0
Ticket Heist: Olympic Games and Sporting Events at Risk
This analysis examines an ongoing, undetected fraudulent campaign named 'Ticket Heist' targeting Russian-speaking users, several Eastern European countries, and English-speaking individuals seeking tickets for various sporting events and festivals. The campaign involves a network of 708 fraudulent …
Downloadable IOCs 685
Supposed Grasshopper: operators impersonate Israeli government and private companies to deploy open-source malware
A long-running campaign was identified involving malicious actors impersonating Israeli entities and private companies. The operators delivered payloads through crafted WordPress sites, employing a mix of custom code and open-source malware like Donut and Sliver. While the motivations remain unclea…
Downloadable IOCs 18
Smishing Triad Is Targeting Pakistan To Defraud Banking Customers At Scale
Resecurity has identified a new activity of a cybercrime group known as Smishing Triad, which has expanded its operations to Pakistan. The group is employing tactics involving sending malicious messages impersonating Pakistan Post to customers of mobile carriers via iMessage and SMS, with the goal …
Downloadable IOCs 14
Romance Scams Urging Investment
The report details an investigation into romance scams that exploit emotional connections to solicit money under the guise of cryptocurrency investments. Perpetrators pose as potential romantic partners or friends to gain trust and eventually introduce victims to fake cryptocurrency exchanges desig…
Downloadable IOCs 3
Iranian Cyber Actors Targeting Personal Accounts to Support Operations
Cyber actors working for Iran's Islamic Revolutionary Guard Corps (IRGC) are targeting individuals connected to Iranian and Middle Eastern affairs, including government officials, think tank personnel, journalists, activists, and lobbyists. They use social engineering techniques, impersonating cont…
Downloadable IOCs 65
Marko Polo Navigates Uncharted Waters with Infostealer Empire
An analysis has uncovered a highly adaptable cybercriminal group, codenamed 'Marko Polo', that operates sophisticated scams employing information-stealing malware to target individuals and organizations globally. They primarily operate through social media, impersonating legitimate brands in sector…
Downloadable IOCs 47
The Emerging Dynamics of Deepfake Scam Campaigns on the Web
Researchers have uncovered dozens of scam campaigns utilizing deepfake videos featuring public figures like CEOs, news anchors, and government officials. These campaigns target victims in multiple countries using various languages. The scams promote fake investment schemes and government giveaways.…
Downloadable IOCs 428
Malicious Inauthentic Falcon Crash Reporter Installer Distributed to German Entity
On July 24, 2024, CrowdStrike Intelligence identified an unattributed spearphishing attempt delivering an inauthentic installer impersonating CrowdStrike's Crash Reporter through a website targeting a German entity. The site utilized JavaScript obfuscation to deliver the malicious installer, which …
Downloadable IOCs 5
Threat Actor Uses Fake Recovery Manual to Deliver Unidentified Stealer
An intelligence report outlines a campaign where an unidentified threat actor impersonated a Microsoft recovery manual through a malicious Word document containing macros. Upon execution, the macros downloaded a novel stealer now tracked as Daolpu. This stealer targets credentials stored in web bro…
Downloadable IOCs 6
'Evil Twin' Apps Spread for Multiple Fraud Schemes
HUMAN's Satori Threat Intelligence and Research team recently uncovered a massive ad fraud operation dubbed Konfety, involving threat actors operating 'evil twin' versions of 'decoy twin' apps available on major app marketplaces. The decoy twins on official stores behave normally, while the evil tw…
Downloadable IOCs 0
Ticket Heist: Olympic Games and Sporting Events at Risk
This analysis examines an ongoing, undetected fraudulent campaign named 'Ticket Heist' targeting Russian-speaking users, several Eastern European countries, and English-speaking individuals seeking tickets for various sporting events and festivals. The campaign involves a network of 708 fraudulent …
Downloadable IOCs 685
Supposed Grasshopper: operators impersonate Israeli government and private companies to deploy open-source malware
A long-running campaign was identified involving malicious actors impersonating Israeli entities and private companies. The operators delivered payloads through crafted WordPress sites, employing a mix of custom code and open-source malware like Donut and Sliver. While the motivations remain unclea…
Downloadable IOCs 18
Smishing Triad Is Targeting Pakistan To Defraud Banking Customers At Scale
Resecurity has identified a new activity of a cybercrime group known as Smishing Triad, which has expanded its operations to Pakistan. The group is employing tactics involving sending malicious messages impersonating Pakistan Post to customers of mobile carriers via iMessage and SMS, with the goal …
Downloadable IOCs 14
Romance Scams Urging Investment
The report details an investigation into romance scams that exploit emotional connections to solicit money under the guise of cryptocurrency investments. Perpetrators pose as potential romantic partners or friends to gain trust and eventually introduce victims to fake cryptocurrency exchanges desig…
Downloadable IOCs 3
Iranian Cyber Actors Targeting Personal Accounts to Support Operations
Cyber actors working for Iran's Islamic Revolutionary Guard Corps (IRGC) are targeting individuals connected to Iranian and Middle Eastern affairs, including government officials, think tank personnel, journalists, activists, and lobbyists. They use social engineering techniques, impersonating cont…
Downloadable IOCs 65
Marko Polo Navigates Uncharted Waters with Infostealer Empire
An analysis has uncovered a highly adaptable cybercriminal group, codenamed 'Marko Polo', that operates sophisticated scams employing information-stealing malware to target individuals and organizations globally. They primarily operate through social media, impersonating legitimate brands in sector…
Downloadable IOCs 47
The Emerging Dynamics of Deepfake Scam Campaigns on the Web
Researchers have uncovered dozens of scam campaigns utilizing deepfake videos featuring public figures like CEOs, news anchors, and government officials. These campaigns target victims in multiple countries using various languages. The scams promote fake investment schemes and government giveaways.…
Downloadable IOCs 428
Malicious Inauthentic Falcon Crash Reporter Installer Distributed to German Entity
On July 24, 2024, CrowdStrike Intelligence identified an unattributed spearphishing attempt delivering an inauthentic installer impersonating CrowdStrike's Crash Reporter through a website targeting a German entity. The site utilized JavaScript obfuscation to deliver the malicious installer, which …
Downloadable IOCs 5
Threat Actor Uses Fake Recovery Manual to Deliver Unidentified Stealer
An intelligence report outlines a campaign where an unidentified threat actor impersonated a Microsoft recovery manual through a malicious Word document containing macros. Upon execution, the macros downloaded a novel stealer now tracked as Daolpu. This stealer targets credentials stored in web bro…
Downloadable IOCs 6
'Evil Twin' Apps Spread for Multiple Fraud Schemes
HUMAN's Satori Threat Intelligence and Research team recently uncovered a massive ad fraud operation dubbed Konfety, involving threat actors operating 'evil twin' versions of 'decoy twin' apps available on major app marketplaces. The decoy twins on official stores behave normally, while the evil tw…
Downloadable IOCs 0
Ticket Heist: Olympic Games and Sporting Events at Risk
This analysis examines an ongoing, undetected fraudulent campaign named 'Ticket Heist' targeting Russian-speaking users, several Eastern European countries, and English-speaking individuals seeking tickets for various sporting events and festivals. The campaign involves a network of 708 fraudulent …
Downloadable IOCs 685
Supposed Grasshopper: operators impersonate Israeli government and private companies to deploy open-source malware
A long-running campaign was identified involving malicious actors impersonating Israeli entities and private companies. The operators delivered payloads through crafted WordPress sites, employing a mix of custom code and open-source malware like Donut and Sliver. While the motivations remain unclea…
Downloadable IOCs 18
Smishing Triad Is Targeting Pakistan To Defraud Banking Customers At Scale
Resecurity has identified a new activity of a cybercrime group known as Smishing Triad, which has expanded its operations to Pakistan. The group is employing tactics involving sending malicious messages impersonating Pakistan Post to customers of mobile carriers via iMessage and SMS, with the goal …
Downloadable IOCs 14
Romance Scams Urging Investment
The report details an investigation into romance scams that exploit emotional connections to solicit money under the guise of cryptocurrency investments. Perpetrators pose as potential romantic partners or friends to gain trust and eventually introduce victims to fake cryptocurrency exchanges desig…
Downloadable IOCs 3
Iranian Cyber Actors Targeting Personal Accounts to Support Operations
Cyber actors working for Iran's Islamic Revolutionary Guard Corps (IRGC) are targeting individuals connected to Iranian and Middle Eastern affairs, including government officials, think tank personnel, journalists, activists, and lobbyists. They use social engineering techniques, impersonating cont…
Downloadable IOCs 65
Marko Polo Navigates Uncharted Waters with Infostealer Empire
An analysis has uncovered a highly adaptable cybercriminal group, codenamed 'Marko Polo', that operates sophisticated scams employing information-stealing malware to target individuals and organizations globally. They primarily operate through social media, impersonating legitimate brands in sector…
Downloadable IOCs 47
The Emerging Dynamics of Deepfake Scam Campaigns on the Web
Researchers have uncovered dozens of scam campaigns utilizing deepfake videos featuring public figures like CEOs, news anchors, and government officials. These campaigns target victims in multiple countries using various languages. The scams promote fake investment schemes and government giveaways.…
Downloadable IOCs 428
Malicious Inauthentic Falcon Crash Reporter Installer Distributed to German Entity
On July 24, 2024, CrowdStrike Intelligence identified an unattributed spearphishing attempt delivering an inauthentic installer impersonating CrowdStrike's Crash Reporter through a website targeting a German entity. The site utilized JavaScript obfuscation to deliver the malicious installer, which …
Downloadable IOCs 5
Threat Actor Uses Fake Recovery Manual to Deliver Unidentified Stealer
An intelligence report outlines a campaign where an unidentified threat actor impersonated a Microsoft recovery manual through a malicious Word document containing macros. Upon execution, the macros downloaded a novel stealer now tracked as Daolpu. This stealer targets credentials stored in web bro…
Downloadable IOCs 6
'Evil Twin' Apps Spread for Multiple Fraud Schemes
HUMAN's Satori Threat Intelligence and Research team recently uncovered a massive ad fraud operation dubbed Konfety, involving threat actors operating 'evil twin' versions of 'decoy twin' apps available on major app marketplaces. The decoy twins on official stores behave normally, while the evil tw…
Downloadable IOCs 0
Ticket Heist: Olympic Games and Sporting Events at Risk
This analysis examines an ongoing, undetected fraudulent campaign named 'Ticket Heist' targeting Russian-speaking users, several Eastern European countries, and English-speaking individuals seeking tickets for various sporting events and festivals. The campaign involves a network of 708 fraudulent …
Downloadable IOCs 685
Supposed Grasshopper: operators impersonate Israeli government and private companies to deploy open-source malware
A long-running campaign was identified involving malicious actors impersonating Israeli entities and private companies. The operators delivered payloads through crafted WordPress sites, employing a mix of custom code and open-source malware like Donut and Sliver. While the motivations remain unclea…
Downloadable IOCs 18
Smishing Triad Is Targeting Pakistan To Defraud Banking Customers At Scale
Resecurity has identified a new activity of a cybercrime group known as Smishing Triad, which has expanded its operations to Pakistan. The group is employing tactics involving sending malicious messages impersonating Pakistan Post to customers of mobile carriers via iMessage and SMS, with the goal …
Downloadable IOCs 14
Romance Scams Urging Investment
The report details an investigation into romance scams that exploit emotional connections to solicit money under the guise of cryptocurrency investments. Perpetrators pose as potential romantic partners or friends to gain trust and eventually introduce victims to fake cryptocurrency exchanges desig…
Downloadable IOCs 3
Iranian Cyber Actors Targeting Personal Accounts to Support Operations
Cyber actors working for Iran's Islamic Revolutionary Guard Corps (IRGC) are targeting individuals connected to Iranian and Middle Eastern affairs, including government officials, think tank personnel, journalists, activists, and lobbyists. They use social engineering techniques, impersonating cont…
Downloadable IOCs 65
Marko Polo Navigates Uncharted Waters with Infostealer Empire
An analysis has uncovered a highly adaptable cybercriminal group, codenamed 'Marko Polo', that operates sophisticated scams employing information-stealing malware to target individuals and organizations globally. They primarily operate through social media, impersonating legitimate brands in sector…
Downloadable IOCs 47
The Emerging Dynamics of Deepfake Scam Campaigns on the Web
Researchers have uncovered dozens of scam campaigns utilizing deepfake videos featuring public figures like CEOs, news anchors, and government officials. These campaigns target victims in multiple countries using various languages. The scams promote fake investment schemes and government giveaways.…
Downloadable IOCs 428
Malicious Inauthentic Falcon Crash Reporter Installer Distributed to German Entity
On July 24, 2024, CrowdStrike Intelligence identified an unattributed spearphishing attempt delivering an inauthentic installer impersonating CrowdStrike's Crash Reporter through a website targeting a German entity. The site utilized JavaScript obfuscation to deliver the malicious installer, which …
Downloadable IOCs 5
Threat Actor Uses Fake Recovery Manual to Deliver Unidentified Stealer
An intelligence report outlines a campaign where an unidentified threat actor impersonated a Microsoft recovery manual through a malicious Word document containing macros. Upon execution, the macros downloaded a novel stealer now tracked as Daolpu. This stealer targets credentials stored in web bro…
Downloadable IOCs 6
'Evil Twin' Apps Spread for Multiple Fraud Schemes
HUMAN's Satori Threat Intelligence and Research team recently uncovered a massive ad fraud operation dubbed Konfety, involving threat actors operating 'evil twin' versions of 'decoy twin' apps available on major app marketplaces. The decoy twins on official stores behave normally, while the evil tw…
Downloadable IOCs 0
Ticket Heist: Olympic Games and Sporting Events at Risk
This analysis examines an ongoing, undetected fraudulent campaign named 'Ticket Heist' targeting Russian-speaking users, several Eastern European countries, and English-speaking individuals seeking tickets for various sporting events and festivals. The campaign involves a network of 708 fraudulent …
Downloadable IOCs 685
Supposed Grasshopper: operators impersonate Israeli government and private companies to deploy open-source malware
A long-running campaign was identified involving malicious actors impersonating Israeli entities and private companies. The operators delivered payloads through crafted WordPress sites, employing a mix of custom code and open-source malware like Donut and Sliver. While the motivations remain unclea…
Downloadable IOCs 18
Smishing Triad Is Targeting Pakistan To Defraud Banking Customers At Scale
Resecurity has identified a new activity of a cybercrime group known as Smishing Triad, which has expanded its operations to Pakistan. The group is employing tactics involving sending malicious messages impersonating Pakistan Post to customers of mobile carriers via iMessage and SMS, with the goal …
Downloadable IOCs 14
Romance Scams Urging Investment
The report details an investigation into romance scams that exploit emotional connections to solicit money under the guise of cryptocurrency investments. Perpetrators pose as potential romantic partners or friends to gain trust and eventually introduce victims to fake cryptocurrency exchanges desig…
Downloadable IOCs 3
Iranian Cyber Actors Targeting Personal Accounts to Support Operations
Cyber actors working for Iran's Islamic Revolutionary Guard Corps (IRGC) are targeting individuals connected to Iranian and Middle Eastern affairs, including government officials, think tank personnel, journalists, activists, and lobbyists. They use social engineering techniques, impersonating cont…
Downloadable IOCs 65
Marko Polo Navigates Uncharted Waters with Infostealer Empire
An analysis has uncovered a highly adaptable cybercriminal group, codenamed 'Marko Polo', that operates sophisticated scams employing information-stealing malware to target individuals and organizations globally. They primarily operate through social media, impersonating legitimate brands in sector…
Downloadable IOCs 47
The Emerging Dynamics of Deepfake Scam Campaigns on the Web
Researchers have uncovered dozens of scam campaigns utilizing deepfake videos featuring public figures like CEOs, news anchors, and government officials. These campaigns target victims in multiple countries using various languages. The scams promote fake investment schemes and government giveaways.…
Downloadable IOCs 428
Malicious Inauthentic Falcon Crash Reporter Installer Distributed to German Entity
On July 24, 2024, CrowdStrike Intelligence identified an unattributed spearphishing attempt delivering an inauthentic installer impersonating CrowdStrike's Crash Reporter through a website targeting a German entity. The site utilized JavaScript obfuscation to deliver the malicious installer, which …
Downloadable IOCs 5
Threat Actor Uses Fake Recovery Manual to Deliver Unidentified Stealer
An intelligence report outlines a campaign where an unidentified threat actor impersonated a Microsoft recovery manual through a malicious Word document containing macros. Upon execution, the macros downloaded a novel stealer now tracked as Daolpu. This stealer targets credentials stored in web bro…
Downloadable IOCs 6
'Evil Twin' Apps Spread for Multiple Fraud Schemes
HUMAN's Satori Threat Intelligence and Research team recently uncovered a massive ad fraud operation dubbed Konfety, involving threat actors operating 'evil twin' versions of 'decoy twin' apps available on major app marketplaces. The decoy twins on official stores behave normally, while the evil tw…
Downloadable IOCs 0
Ticket Heist: Olympic Games and Sporting Events at Risk
This analysis examines an ongoing, undetected fraudulent campaign named 'Ticket Heist' targeting Russian-speaking users, several Eastern European countries, and English-speaking individuals seeking tickets for various sporting events and festivals. The campaign involves a network of 708 fraudulent …
Downloadable IOCs 685
Supposed Grasshopper: operators impersonate Israeli government and private companies to deploy open-source malware
A long-running campaign was identified involving malicious actors impersonating Israeli entities and private companies. The operators delivered payloads through crafted WordPress sites, employing a mix of custom code and open-source malware like Donut and Sliver. While the motivations remain unclea…
Downloadable IOCs 18
Smishing Triad Is Targeting Pakistan To Defraud Banking Customers At Scale
Resecurity has identified a new activity of a cybercrime group known as Smishing Triad, which has expanded its operations to Pakistan. The group is employing tactics involving sending malicious messages impersonating Pakistan Post to customers of mobile carriers via iMessage and SMS, with the goal …
Downloadable IOCs 14
Romance Scams Urging Investment
The report details an investigation into romance scams that exploit emotional connections to solicit money under the guise of cryptocurrency investments. Perpetrators pose as potential romantic partners or friends to gain trust and eventually introduce victims to fake cryptocurrency exchanges desig…
Downloadable IOCs 3