Tag: pdf

12 Attack Reports | 0 Vulnerabilities

Attack reports

Fake Dropbox Phishing Campaign via PDF and Cloud Storage

A sophisticated phishing campaign has been detected that utilizes a multi-stage approach to evade detection. The attack begins with a procurement-themed email containing a PDF attachment. This PDF redirects victims to another PDF hosted on trusted cloud storage, which then leads to a fake Dropbox l…
phishing
credential theft
pdf
multi-stage attack
telegram exfiltration
cloud storage
2026-02-02
dropbox impersonation
Published: February 2, 2026
Downloadable IOCs: 2

Email-Delivered RMM: Abusing PDFs for Silent Initial Access

A targeted campaign has been observed since November 2024, primarily affecting organizations in France and Luxembourg. The attackers use socially engineered emails to deliver PDF documents containing embedded links to Remote Monitoring and Management (RMM) tool installers. This method bypasses many…
phishing
social engineering
rmm
pdf
initial access
france
2025-08-07
luxembourg
Published: August 7, 2025
Downloadable IOCs: 51

Phishing Campaign Targets Indian Defense Using Credential-Stealing Malware

APT36, a Pakistan-based cyber espionage group, is actively targeting Indian defense personnel through sophisticated phishing campaigns. The group disseminates emails with malicious PDF attachments resembling official government documents. When opened, these PDFs display a blurred background and a b…
phishing
pakistan
cyber espionage
credential theft
pdf
transparent tribe
2025-06-21
indian defense
Published: June 21, 2025
Downloadable IOCs: 0

Cyber Attacks on Government Agencies: Detect and Investigate

This analysis examines cyber threats targeting government institutions worldwide, focusing on three case studies: a phishing email targeting the South Carolina Department of Employment and Workforce, a fraudulent domain mimicking the U.S. Social Security Administration, and a malicious PDF posing a…
screenconnect
phishing
stealer
government
pdf
remote-access
formbook
domain-spoofing
2025-06-04
credential-harvesting
Published: June 4, 2025
Downloadable IOCs: 2

Actionable threat hunting with Threat Intelligence (I) - Hunting malicious desktop files

This analysis explores the detection of malicious .desktop files used by threat actors to infect Linux systems. It explains the structure of these files and how they are manipulated to obfuscate malicious content. The report details the execution process of these files, which often involve opening …
linux
obfuscation
pdf
threat hunting
google drive
2025-05-16
xfce
desktop files
kde
google threat intelligence
gnome
Published: May 16, 2025
Downloadable IOCs: 3

Emerging Phishing Techniques: New Threats and Attack Vectors

This analysis delves into four sophisticated phishing techniques observed in 2025. These include embedding Base64-encoded JavaScript in SVG files, hiding malicious URLs in PDF annotations, using OneDrive links to deliver dynamic phishing content, and nesting MHT files within OpenXML documents. Thes…
obfuscation
phishing
pdf
qr code
svg
2025-04-28
onedrive
mht
openxml
Published: April 28, 2025
Downloadable IOCs: 0

Winos 4.0 Spreads via Impersonation of Official Email to Target Users in Taiwan

An advanced malware framework known as Winos4.0 was used to target companies in Taiwan in January 2025.
phishing
pdf
c2 server
valleyrat
wechat
screen capture
agent
2025-03-05
team
uacme
corrupt
Published: March 5, 2025
Downloadable IOCs: 55

Hidden in Plain Sight: PDF Mishing Attack

A sophisticated phishing campaign targeting mobile devices has been discovered, impersonating the United States Postal Service (USPS). The campaign uses a novel obfuscation technique in PDF files to hide malicious links, making detection difficult for many security solutions. The attack exploits us…
phishing
credential theft
pdf
2025-01-27
Published: January 27, 2025
Downloadable IOCs: 654

Beware of phishing emails impersonating major domestic entertainment agencies

ASEC (AhnLab Security Intelligence Center) has recently confirmed that phishing emails impersonating large domestic entertainment agencies are being distributed domestically.
python
infostealer
pdf
2024-10-16
Published: October 16, 2024
Downloadable IOCs: 0

Rivers of Phish: Sophisticated Phishing Targets Russia's Perceived Enemies Around the Globe

An extensive investigation uncovered an elaborate phishing campaign conducted by a Russia-based threat actor known as COLDRIVER, attributed to Russia's Federal Security Service. The campaign employed personalized social engineering tactics to target civil society groups, NGOs, journalists, and gove…
phishing
javascript
pdf
2024-08-14
coldwastrel
captcha
Published: August 14, 2024
Downloadable IOCs: 28

Exploiting CVE-2024-21412: A Stealer Campaign Unleashed

This report details a malicious campaign exploiting the CVE-2024-21412 vulnerability in Microsoft Windows SmartScreen to bypass security warnings and deliver malware. Attackers employ crafted links, LNK files, and HTA scripts to download decoy PDFs and shell code injectors, ultimately injecting ste…
malware
evasion
windows
stealer
CVE-2024-21412
injection
pdf
meduza stealer
2024-07-24
acr stealer
Published: July 24, 2024
Linked vulnerabilities : CVE-2024-21412
Downloadable IOCs: 27

PDF “Flawed Design” Exploitation

Check Point Research identified an unusual pattern involving PDF exploitation, mainly targeting users of Foxit Reader. This exploit triggers security warnings that could deceive users into executing harmful commands. The exploitation occurs through a flawed design in Foxit Reader, showing 'OK' as t…
malware
xworm
campaigns
remcos
asyncrat
2024-05-09
2024-05-14
njrat
dcrat
pdf
venomrat
exploitation
nanocore rat
pony
bladabindi
foxit
agent-tesla
njw0rm
lv
2024-05-10
Published: May 14, 2024
Downloadable IOCs: 40
Click here to see more Attack Reports