Title |
Published |
Tags |
Description |
Number of indicators |
Phishing Via Typosquatting and Brand Impersonation: Trends and Tactics |
Sept. 12, 2024, 8:23 a.m. |
|
From February to July 2024, an analysis of over 500 popular domains revealed more than 10,000 malicious lookalike domains employi… |
10 |
Ransomware in the Cloud: Scattered Spider Targeting Insurance and Financial Industries |
Sept. 11, 2024, 8:18 p.m. |
|
The Scattered Spider cybercriminal group is targeting cloud infrastructures in the insurance and financial sectors using advanced… |
12 |
BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar |
Sept. 5, 2024, 4:47 p.m. |
|
BlindEagle, an advanced persistent threat actor, has been observed targeting the Colombian insurance sector using the BlotchyQuas… |
16 |
Toneshell Backdoor Used to Target Attendees of the IISS Defence Summit |
Sept. 5, 2024, 4:10 p.m. |
|
A cyber espionage campaign using the ToneShell backdoor, associated with Mustang Panda, has been detected targeting attendees of … |
4 |
Emansrepo Stealer: Multi-Vector Attack Chains |
Sept. 4, 2024, 8:49 a.m. |
|
A Python infostealer named Emansrepo has been observed since November 2023, distributed via phishing emails containing fake purch… |
42 |
Head Mare: adventures of a unicorn in Russia and Belarus |
Sept. 2, 2024, 8:52 p.m. |
|
Head Mare is a hacktivist group targeting companies in Russia and Belarus since 2023. They use phishing campaigns exploiting the … |
52 |
Stone Wolf employs Meduza Stealer to hack Russian companies |
Sept. 2, 2024, 8:50 p.m. |
|
A malicious campaign by a group called Stone Wolf has been targeting Russian companies using phishing emails impersonating a legi… |
41 |
The trojan horse that wanted to fly |
Sept. 2, 2024, 4:18 p.m. |
|
Rocinante is a new strain of mobile malware originating from Brazil, capable of keylogging, stealing PII through phishing, and pe… |
4 |
Exploring AsyncRAT and Infostealer Plugin Delivery Through… |
Sept. 2, 2024, 4:14 p.m. |
|
This analysis details an AsyncRAT infection observed in August 2024, delivered via email. The attack chain involves a Windows Scr… |
8 |
The Emerging Dynamics of Deepfake Scam Campaigns on the Web |
Sept. 2, 2024, 3:47 p.m. |
|
Researchers have uncovered dozens of scam campaigns utilizing deepfake videos featuring public figures like CEOs, news anchors, a… |
428 |
Exploring Newly Released Top-Level Domains |
Sept. 2, 2024, 3:40 p.m. |
|
An investigation into 19 new top-level domains (TLDs) released in the past year revealed various malicious activities, including … |
22 |
Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool |
Aug. 30, 2024, 8:16 a.m. |
|
Cybercriminals are employing a sophisticated two-stage malware campaign masquerading as the Palo Alto GlobalProtect tool to infil… |
5 |
Deep Analysis of Snake Keylogger’s New Variant |
Aug. 30, 2024, 8:05 a.m. |
|
FortiGuard Labs recently caught a phishing campaign delivering a new variant of Snake Keylogger, a keylogger malware that can ste… |
8 |
Iranian backed group steps up phishing campaigns against Israel, U.S. |
Aug. 26, 2024, 12:43 p.m. |
|
An Iranian government-backed threat group known as APT42 has significantly intensified its phishing campaigns targeting high-prof… |
38 |
NGate Android malware relays NFC traffic to steal cash |
Aug. 22, 2024, 10:36 a.m. |
|
ESET researchers uncovered a crimeware campaign targeting bank customers in Czechia. The NGate Android malware can relay NFC data… |
12 |
GreenCharlie Infrastructure Linked to US Political Campaign Targeting |
Aug. 21, 2024, 10:48 a.m. |
|
An analysis by Insikt Group revealed a significant surge in cyber threat activities from GreenCharlie, an Iran-linked group assoc… |
111 |
Double Trouble: Latrodectus And ACR Stealer Observed Spreading Via Google Authenticator Phishing Site |
Aug. 20, 2024, 9:06 a.m. |
|
The Cyble Research and Intelligence Lab (CRIL) discovered a sophisticated phishing website mimicking Google Safety Centre, design… |
15 |
Ongoing Social Engineering Campaign Refreshes Payloads |
Aug. 20, 2024, 8:38 a.m. |
|
Rapid7 observed a shift in tools utilized by threat actors in an ongoing social engineering campaign. The initial lure involves a… |
43 |
2024 Paris Olympic Games Infrastructure Attack Report |
Aug. 16, 2024, 8:26 a.m. |
|
This report examines the malicious activities surrounding the 2024 Paris Olympic Games, where adversaries set up fraudulent socia… |
148 |
Campaign uses infostealers and clippers for financial gain |
Aug. 16, 2024, 8:21 a.m. |
|
Kaspersky has uncovered a complex malware campaign orchestrated by Russian-speaking cybercriminals. The threat actors create sub-… |
68 |
EastWind campaign: new CloudSorcerer attacks on government organizations in Russia |
Aug. 14, 2024, 3:32 p.m. |
|
Kaspersky detected an ongoing targeted cyberattack campaign, dubbed EastWind, targeting Russian government organizations and IT c… |
5 |
Rivers of Phish: Sophisticated Phishing Targets Russia's Perceived Enemies Around the Globe |
Aug. 14, 2024, 3:04 p.m. |
|
An extensive investigation uncovered an elaborate phishing campaign conducted by a Russia-based threat actor known as COLDRIVER, … |
28 |
Ande Loader Leads to 0bj3ctivity Stealer Infection |
Aug. 12, 2024, 11:26 a.m. |
|
In July 2024, eSentire's Threat Response Unit observed a phishing attack leading to a 0bj3ctivity Stealer malware infection. The … |
2 |
Threat actor targeting UK banks in ongoing AnyDesk social engineering campaign |
Aug. 9, 2024, 11:45 a.m. |
|
Threat analysts are tracking an ongoing campaign that employs fake websites and social engineering tactics to distribute a malici… |
50 |
APT Group Kimsuky Targets University Researchers |
Aug. 9, 2024, 11:40 a.m. |
|
A report detailing an ongoing cyberattack campaign by the North Korean APT group Kimsuky, which is targeting university staff, re… |
24 |
PureHVNC Deployed via Python Multi-stage Loader |
Aug. 9, 2024, 11:25 a.m. |
|
FortiGuard Labs uncovered a sophisticated attack campaign utilizing multiple obfuscation and evasion techniques to distribute and… |
18 |
Unmasking Cronus: How Fake PayPal Documents Execute Fileless Ransomware via PowerShell |
Aug. 7, 2024, 8:32 a.m. |
|
The analysis reveals a sophisticated campaign employing fake PayPal receipts as lures to distribute a new variant of the Cronus r… |
8 |
RHADAMANTHYS: In-Depth Analysis of a Sophisticated Stealer Targeting Israeli Users |
Aug. 5, 2024, 8:39 a.m. |
|
This comprehensive technical analysis delves into the intricate workings of an advanced and localized malware campaign employing … |
5 |
Quartet of Trouble: XWorm, AsyncRAT, VenomRAT, and... |
Aug. 5, 2024, 8:33 a.m. |
|
eSentire's Threat Response Unit (TRU) uncovered a malware campaign affecting a government customer. The infection involved multip… |
7 |
Fighting Ursa Luring Targets With Car for Sale |
Aug. 5, 2024, 8:30 a.m. |
|
This analysis examines a campaign attributed to the Russian threat actor Fighting Ursa, also known as APT28, Fancy Bear, and Sofa… |
6 |
Brief Overview of the DeerStealer Distribution Campaign |
Aug. 2, 2024, 8:50 a.m. |
|
A recent cybersecurity investigation uncovered a malware distribution campaign called DeerStealer. The malware was disseminated t… |
28 |
Social Media Malvertising Campaign Promotes Fake AI Editor Website for Credential Theft |
Aug. 1, 2024, 10:46 a.m. |
|
An examination of how threat actors hijack social media pages, rename them to resemble legitimate AI photo editors, and post mali… |
73 |
Strikes with commercial malware against organizations in Kazakhstan |
Aug. 1, 2024, 8:56 a.m. |
|
BI.ZONE experts have been monitoring the activities of a threat group called Bloody Wolf since late 2023. This group targets orga… |
10 |
Threat actor impersonates Google via fake ad for Authenticator |
July 31, 2024, 10:38 a.m. |
|
An unknown threat actor created a deceptive advertisement that appeared as if it was from a reputable company, enticing users to … |
5 |
Secret Message: Steganography Tricks of TA558 Group in Cyber Attacks on Enterprises in Russia and Belarus |
July 30, 2024, 3:54 p.m. |
|
F.A.C.C.T.'s Threat Intelligence analysts have investigated numerous cyberattacks by the TA558 group targeting enterprises, gover… |
74 |
SideWinder Utilizes New Infrastructure to Target Ports and Maritime Facilities in the Mediterranean Sea |
July 30, 2024, 3:39 p.m. |
|
BlackBerry's researchers have uncovered a new campaign by the nation-state threat actor SideWinder. The group employs sophisticat… |
47 |
Likely eCrime Actor Capitalizing on Falcon Sensor Issues |
July 29, 2024, 12:16 p.m. |
|
A cybercrime group has leveraged a content update issue with the CrowdStrike Falcon sensor to distribute malicious files targetin… |
14 |
GXC Team Unmasked: The cybercriminal group targeting Spanish bank users with AI-powered phishing tools and Android malware |
July 29, 2024, 12:03 p.m. |
|
Group-IB discovered a Spanish-speaking criminal group, GXC Team, offering a sophisticated AI-powered phishing-as-a-service platfo… |
161 |
Malware Distributed Using Falcon Sensor Update Phishing Lure |
July 29, 2024, 11:40 a.m. |
|
CrowdStrike Intelligence uncovered a phishing campaign impersonating CrowdStrike and distributing malicious files containing a Mi… |
32 |
Scam Attacks Taking Advantage of the Popularity of the Generative AI Wave |
July 26, 2024, 1:35 p.m. |
|
This analysis explores the evolution of network threats associated with generative AI (GenAI) terms, correlating with key milesto… |
31 |
Increase In The Exploitation Of Microsoft SmartScreen Vulnerability CVE-2024-21412 |
July 11, 2024, 1:12 p.m. |
|
Cyble analyzes an ongoing campaign exploiting a Microsoft SmartScreen vulnerability to deliver stealers through spam emails. The … |
12 |
FIN7: Silent Push unearths 4000+ phishing and shell domains |
July 11, 2024, 11:51 a.m. |
|
Silent Push threat analysts have uncovered an extensive series of campaigns linked to the FIN7 cybercrime group, including severa… |
94 |
Analysis of Suspected APT Attack Activities by “Silver Fox” |
July 10, 2024, 10:19 a.m. |
|
This document examines the recent activities of the Silver Fox cybercrime group, which has traditionally targeted financial and t… |
7 |
How do cryptocurrency drainer phishing scams work? |
July 10, 2024, 9:42 a.m. |
|
Cryptodrainer phishing scams have emerged as a significant threat, targeting unsuspecting individuals through deceptive tactics t… |
14 |
M365 adversary-in-the-middle campaign |
July 8, 2024, 7:46 p.m. |
|
Field Effect researchers uncovered a previously unreported campaign leveraging the Axios user agent string to facilitate business… |
19 |
The Hidden Danger of PDF Files with Embedded QR Codes |
July 5, 2024, 3:37 p.m. |
|
The report describes how malware authors are abusing PDF files with embedded QR codes to deceive users into visiting malicious ph… |
1 |
ONNX Store: Phishing-as-a-Service Platform Targeting Financial Institution |
July 2, 2024, 3:45 p.m. |
|
This intelligence report analyzes the ONNX Store, a phishing-as-a-service platform targeting financial institutions through embed… |
25 |
An Android RAT targets Telegram Users |
June 28, 2024, 2:49 p.m. |
|
This analysis discusses SpyMax, a Remote Access Trojan (RAT) that targets Android devices and specifically aims at obtaining data… |
4 |
DBatLoader Distributed via CMD Files |
June 27, 2024, 9:26 a.m. |
|
A cybersecurity analysis has identified a malicious operation involving the distribution of a downloader, dubbed DBatLoader or Mo… |
0 |
Phishing Incident Report: Facts and Timeline |
June 25, 2024, 7:41 a.m. |
|
On June 18, 2024, an employee's account at ANY.RUN was compromised and used to carry out a phishing attack against the company's … |
9 |
AdsExhaust, a Newly Discovered Adware MasqueradingOculus… |
June 24, 2024, 4:35 p.m. |
|
In June 2024, the eSentire Threat Response Unit (TRU) identified adware, which we have dubbed AdsExhaust, being distributed throu… |
17 |
espionage group targets government agencies with and more infection techniques |
June 24, 2024, 8:11 a.m. |
|
A recently discovered threat actor, dubbed 'SneakyChef,' has been conducting an ongoing espionage campaign targeting government a… |
148 |
Unveiling SpiceRAT: Latest tool targeting EMEA and Asia |
June 24, 2024, 8:03 a.m. |
|
Cisco Talos discovered a new remote access trojan (RAT) dubbed SpiceRAT, employed by the threat actor SneakyChef in a recent mali… |
6 |
SolarMarker Impersonates Job Employment Website |
June 18, 2024, 9:45 p.m. |
|
On April 2024, Cyber Analysts responded to a SolarMarker infection event. The infection occurred through a drive-by download when… |
6 |
Dipping into Danger: The WARMCOOKIE backdoor |
June 12, 2024, 10:41 a.m. |
|
Elastic Security Labs identified a new wave of email campaigns targeting environments by deploying a novel backdoor dubbed WARMCO… |
6 |
Search & Spoof: Abuse of Windows Search to Redirect to Malware |
June 11, 2024, 1:36 p.m. |
|
Trustwave SpiderLabs has uncovered a sophisticated malicious campaign that exploits the Windows search functionality embedded in … |
2 |
RAT Distributed as UUEncoding (UUE) File |
June 11, 2024, 10:11 a.m. |
|
This intelligence report describes a malicious operation where the Remcos Remote Access Trojan (RAT) is being disseminated throug… |
3 |
New Agent Tesla Campaign Targeting Spanish-Speaking People |
June 10, 2024, 11:24 a.m. |
|
This report analyzes a phishing campaign spreading a new Agent Tesla variant designed to infiltrate victims' computers and steal … |
6 |
Cybercriminals attack banking customers in EU with V3B phishing kit |
June 10, 2024, 11:20 a.m. |
|
An analysis reveals that a cybercriminal group is distributing sophisticated phishing kits to target banking customers in the Eur… |
44 |
Howling at the Inbox: Sticky Werewolf's Latest Malicious Aviation Attacks |
June 7, 2024, 8 a.m. |
|
Morphisec Labs has been monitoring increased activity associated with Sticky Werewolf, a suspected geopolitical or hacktivist gro… |
14 |
DarkGate again but... Improved? |
June 6, 2024, 8:16 a.m. |
|
The report details the latest developments surrounding the DarkGate remote access trojan, including its enhanced capabilities in … |
313 |
Warning Against Phishing Emails Prompting Execution of Commands via Paste |
June 6, 2024, 7:18 a.m. |
|
This report details a phishing campaign distributing malicious HTML files through emails. The files prompt users to paste and run… |
15 |
Fake Bahrain Government Android App Steals Personal Data Used for Financial Fraud |
June 3, 2024, 11:21 a.m. |
|
An analysis by McAfee's Mobile Research Team uncovered an Android InfoStealer malware masquerading as a government service app in… |
14 |
Chat Messenger voting topics - a new way to steal accounts is gaining momentum |
May 31, 2024, 1:24 p.m. |
|
The Government Emergency Response Team of Ukraine CERT-UA informs about the increase in the number of cyberattacks aimed at gaini… |
230 |
Disrupting FlyingYeti's campaign targeting Ukraine |
May 31, 2024, 12:19 p.m. |
|
This report details Cloudforce One's real-time effort to detect, deny, degrade, disrupt, and delay a phishing campaign by the Rus… |
8 |
'Reptile Recon': Discovering CryptoChameleon fast flux IOFAs. Hundreds of domains, IPs, and ASNs discovered |
May 30, 2024, 9:31 a.m. |
|
A report detailing the analysis of the CryptoChameleon phishing kit, which is used to harvest sensitive information from employee… |
30 |
Side Loading through IObit against Colombia |
May 29, 2024, 11:06 a.m. |
|
In May 2024, researchers detected a phishing campaign impersonating the Colombian Attorney General's Office, aiming to infect sys… |
3 |
Phishing with Cloudflare Workers: Transparent Phishing and HTML Smuggling |
May 28, 2024, 12:36 p.m. |
|
Netskope Threat Labs has been tracking an increase in phishing campaigns hosted on Cloudflare Workers. The campaigns use techniqu… |
134 |
Analysis and Detection of CLOUD#REVERSER: An Attack Involving Threat Actors Compromising Systems Using A Sophisticated Cloud-Based Malware |
May 22, 2024, 7:39 a.m. |
|
Securonix Threat Research has uncovered a sophisticated malware campaign, dubbed CLOUD#REVERSER, that leverages popular cloud sto… |
16 |
D3F@ck Loader, the New MaaS Loader |
May 21, 2024, 9:03 p.m. |
|
In March 2024, eSentire's Threat Response Unit (TRU) discovered multiple instances of D3F@ck Loader infections being propagated v… |
3 |
Banking trojan unleashed: Observing emerging global campaigns |
May 20, 2024, 9:40 a.m. |
|
IBM's X-Force has been tracking large-scale phishing campaigns distributing the Grandoreiro banking trojan, likely operated as a … |
18 |
From Document to Script: Insides of Campaign |
May 17, 2024, 9:38 a.m. |
|
This report examines a recent malicious campaign initiated via phishing emails, seemingly from 'QuickBooks,' prompting users to i… |
11 |
Payload Trends in Malicious OneNote Samples |
May 16, 2024, 5:25 p.m. |
|
This analysis examines the types of malicious payloads that attackers embed within Microsoft OneNote files to deceive users into … |
550 |
SugarGh0st RAT Used to Target American Artificial Intelligence Experts |
May 16, 2024, 10:07 a.m. |
|
This intelligence report provides details about a SugarGh0st RAT campaign conducted by an unattributed threat actor, tracked as U… |
9 |
Romance Scams Urging Investment |
May 13, 2024, 9:38 a.m. |
|
The report details an investigation into romance scams that exploit emotional connections to solicit money under the guise of cry… |
3 |
StopRansomware: Black Basta |
May 13, 2024, 9:31 a.m. |
|
This advisory details tactics, techniques, procedures and indicators of compromise related to Black Basta ransomware, a variant f… |
174 |
New Campaigns from Scattered Spider |
May 10, 2024, 8:33 a.m. |
|
Scattered Spider, a financially motivated threat actor group, has been conducting aggressive phishing campaigns targeting various… |
118 |
APT28 campaign against Polish government institutions |
May 8, 2024, 3:37 p.m. |
|
The CERT Polska team is investigating a large-scale malware campaign carried out by the Russian intelligence group APT28, which h… |
74 |
Scaly Wolf’s new loader: the right tool for the wrong job |
May 2, 2024, 2:48 p.m. |
|
The report analyzes a recent campaign by the Scaly Wolf threat group targeting organizations in Russia and Belarus. The group emp… |
23 |
Nearly 20% of Docker Hub Repositories Spread Malware & Phishing Scams |
May 1, 2024, 7:59 p.m. |
|
This report details an investigation by JFrog Security researchers on a coordinated attack on Docker Hub, where millions of malic… |
46 |
Linux Trojan - Xorddos with Filename eyshcjdmzg |
May 1, 2024, 7:55 p.m. |
|
This analysis examines a recurring Linux trojan called Xorddos, which is a distributed denial-of-service (DDoS) malware. It provi… |
11 |
FakeBat Malware Distributing via Fake Browser Updates |
April 29, 2024, 6:18 p.m. |
|
This report details a recent malware campaign leveraging fake browser update notifications to distribute the FakeBat loader. The … |
6 |