2017, Information Security and Phishing

China-based Fangxiao group behind a long-running phishing campaign

Security Affairs

NOVEMBER 17, 2022

A China-based financially motivated group, tracked as Fangxiao, is behind a large-scale phishing campaign dating back as far as 2019. Researchers from Cyjax reported that a China-based financially motivated group, dubbed Fangxiao, orchestrated a large-scale phishing campaign since 2017. SecurityAffairs – hacking, phishing).

Phishing

Phishing Adware Retail Malware

Ukraine: Belarusian APT group UNC1151 targets military personnel with spear phishing

Security Affairs

FEBRUARY 25, 2022

The CERT of Ukraine (CERT-UA) warned of a spear-phishing campaign targeting Ukrainian armed forces personnel. The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of an ongoing spear-phishing campaign targeting private email accounts belonging to Ukrainian armed forces personnel. ua-passport[.]space space and id[.]bigmir[.]space.

Phishing

Phishing Social Engineering Government Accountability

CISA warns of phishing attacks delivering KONNI RAT

Security Affairs

AUGUST 17, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) has published an alert to provide technical details on a new wave of attacks delivering the KONNI remote access Trojan (RAT). The KONNI malware also employed in at least two campaigns in 2017. Upon enabling the macros, the code will fetch and install the KONNI malware. .

Phishing

Phishing Malware Advertising Architecture

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Microsoft disrupts SEABORGIUM ’s ongoing phishing operations

Security Affairs

AUGUST 15, 2022

Microsoft has disrupted activity by SEABORGIUM, a Russia-based actor launching persistent phishing, credential and data theft, intrusions, and hack-and-leak campaigns tied to espionage. More details + TTPs in this MSTIC blog: [link] — Microsoft Security Intelligence (@MsftSecIntel) August 15, 2022. Pierluigi Paganini.

Phishing

Phishing Accountability Hacking Surveillance

Iran-Linked APT TA450 embeds malicious links in PDF attachments

Security Affairs

MARCH 25, 2024

Proofpoint researchers observed the Iran-linked APT group MuddyWater (aka SeedWorm , TEMP.Zagros , TA450, and Static Kitten ) was behind a new phishing campaign in March 2024 that attempted to drop a legitimate Remote Monitoring and Management (RMM) solution called Atera on the target systems.

Phishing

Phishing Social Engineering Telecommunications Accountability

UK NCSC warns of spear-phishing attacks from Russia-linked and Iran-linked groups

Security Affairs

JANUARY 26, 2023

National Cyber Security Centre (NCSC) warns of a surge in the number of attacks from Russian and Iranian nation-state actors. National Cyber Security Centre (NCSC) is warning of targeted phishing attacks conducted by threat actors based in Russia and Iran. The are increasingly targeting organizations and individuals.

Phishing

Phishing Media Hacking Education

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Security Affairs

APRIL 30, 2020

Group-IB uncovered a new sophisticated phishing campaign, tracked as PerSwaysion, against high-level executives of more than 150 companies worldwide. . PerSwaysion is a highly-targeted phishing campaign. New round of phishing attempts leveraging current victim’s account usually takes less than 24 hours.

Phishing

Phishing Accountability Financial Services Cloud Migration

News alert: LayerX Security raises $24M Series A funding for its ‘enterprise browser’ security platform

The Last Watchdog

MAY 2, 2024

Early adoption by Fortune 100 companies worldwide, LayerX already secures more users than any other browser security solution and enables unmatched security, performance and experience Today’s modern enterprise employees rely heavily on browser-based services and SaaS applications.

Marketing

Marketing Technology Phishing Risk

MuddyWater has been spotted targeting two Israeli entities

Security Affairs

NOVEMBER 3, 2023

Iran-linked cyberespionage group MuddyWater is targeting Israeli entities in a new spear-phishing campaign. Iran-linked APT group MuddyWater (aka SeedWorm , TEMP.Zagros , and Static Kitten ) is targeting Israeli entities in a new spear-phishing campaign, Deep Instinct’s Threat Research team reported.

Telecommunications

Telecommunications Phishing Government Hacking

IcedID malware campaign targets Zoom users

Security Affairs

JANUARY 7, 2023

Cyber researchers warn of a modified Zoom app that was used by threat actors in a phishing campaign to deliver the IcedID Malware. Cyble researchers recently uncovered a phishing campaign targeting users of the popular video conferencing and online meeting platform Zoom to deliver the IcedID malware. ” concludes the report.

Malware

Malware Phishing Banking Hacking

Top 5 Cybersecurity and Computer Threats of 2017

NopSec

FEBRUARY 9, 2017

The year 2016 will be remembered for some big moments in the world of cybersecurity: the largest known distributed denial of service (DDoS) attack, a phishing attack on a United States presidential candidate’s campaign, and ransomware attacks on major healthcare organizations are just a few. 2017 will see major advancements in technology.

Cybersecurity

Cybersecurity DDOS IoT Social Engineering

BlueCharlie changes attack infrastructure in response to reports on its activity

Security Affairs

AUGUST 6, 2023

The APT group has been active since at least 2017, its campaigns involve persistent phishing and credential theft campaigns leading to intrusions and data theft. Recently, Recorded Future Insikt Group observed BlueCharlie building a new infrastructure to launch phishing campaigns and/or credential harvesting.

Phishing

Phishing Social Engineering Authentication Cryptocurrency

North Korea-linked Konni APT uses Russian-language weaponized documents

Security Affairs

NOVEMBER 24, 2023

FortiGuard Labs researchers observed the North Korea-linked Konni APT group using a weaponized Russian-language Word document in an ongoing phishing campaign. The KONNI RAT was first spotted by Cisco Talos researchers in 2017, it has been undetected since 2014 and was employed in highly targeted attacks.

Encryption

Encryption Malware Phishing Hacking

North Korea-linked Konni APT targets Russian diplomatic bodies

Security Affairs

JANUARY 6, 2022

Security researchers at Cluster25 uncovered a recent campaign carried out by the North Korea-linked Konni APT group aimed at Russian diplomatic entities that used new versions of malware implants. The APT group carried out spear-phishing attacks using New Year’s Eve festivities as a lure.

Phishing

Phishing Malware Hacking Accountability

COVID-19 Has United Cybersecurity Experts, But Will That Unity Survive the Pandemic?

Krebs on Security

APRIL 15, 2020

The Coronavirus has prompted thousands of information security professionals to volunteer their skills in upstart collaborative efforts aimed at frustrating cybercriminals who are seeking to exploit the crisis for financial gain. “I’ve never seen this volume of phishing,” Rogers told Reuters. “I

Cybersecurity

Cybersecurity Cyber threats Government Phishing

Chinese actors behind attacks on industrial enterprises and public institutions

Security Affairs

AUGUST 9, 2022

The threat actors launched spear-phishing campaigns against the victims, in some cases, the messages contained information related to the victims which were not publicly available. The emails used weaponized Microsoft Word documents exploiting the CVE-2017-11882 vulnerability.

Encryption

Encryption Antivirus Malware Hacking

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

Crooks obtain the information by conducting spear-phishing and ransomware attacks, or other means. In 2017, crooks launched a phishing campaign against universities to compromise.edu accounts. The attackers set up fake university login pages and embedded a credential harvester link in phishing emails.

Cybercrime

Cybercrime Education Accountability Phishing

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

The researchers from Google TAG are warning of Russia-linked threat actors targeting Ukraine with phishing campaigns. Russia-linked threat actors launched large-volume phishing campaigns against hundreds of users in Ukraine to gather intelligence and aimed at spreading disinformation, states Google’s Threat Analysis Group (TAG).

Phishing

Phishing Education Accountability Telecommunications

China-linked APT uses a new backdoor in attacks at Russian defense contractor

Security Affairs

APRIL 30, 2021

The state-sponsored hackers sent spear-phishing messages to a general director working at the Rubin Design Bureau , in Saint Petersburg, which is one of three main Russian centers of submarine design. The spear-phishing messages used a malicious Rich Text File (RTF) document that included descriptions of an autonomous underwater vehicle.

Phishing

Phishing Malware Antivirus Encryption

China-linked BlackTech APT uses new Flagpro malware in recent attacks

Security Affairs

DECEMBER 29, 2021

The attack chain starts with phishing messages that were crafted for the target organization. The phishing messages are disguised as an e-mail with a target’s business partner. The spear-phishing messages use a password-protected ZIP or RAR attachment and the password is included in the content of the email. .

Malware

Malware Phishing Passwords Media

Threat actors target the Ukrainian gov with IcedID malware

Security Affairs

APRIL 16, 2022

Threat actors are targeting Ukrainian government agencies with phishing attacks delivering the IcedID malware. The Ukrainian Computer Emergency Response Team (CERT-UA) uncovered new phishing campaigns aimed at infecting systems of Ukrainian government agencies with the IcedID malware. ” reads the analysis published by CERT-UA.

Malware

Malware Phishing Banking Government

Australian ACSC ‘s report confirms the use of Chinese malware in recent attacks

Security Affairs

JUNE 28, 2020

In many cases, attackers targeted unpatched versions of Telerik user interface (UI) by exploiting CVE-2019-18935 , CVE-2017-9248 , CVE-2017-11317 , CVE-2017-11357 vulnerabilities. “The ACSC has identified instances where users have executed malware embedded in email attachments.

Malware

Malware Advertising Government Cyber Attacks

Exposed: the threat actors who are poisoning Facebook

Security Affairs

MAY 26, 2022

phishing scam on its Messenger service that had been doing the rounds since at least 2017. Upon further examination, it turned out that thousands of these phishing links had been distributed, through a devious network sprawling across the back channels of the social media platform.

Scams

Scams Phishing Media Passwords

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Security Affairs

APRIL 30, 2023

CERT-UA warns of a spear-phishing campaign conducted by APT28 group targeting Ukrainian government bodies with fake ‘Windows Update’ guides. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

System Administration

System Administration Government Phishing Malware

GhostWriter APT targets state entities of Ukraine with Cobalt Strike Beacon

Security Affairs

MARCH 28, 2022

Ukraine CERT-UA uncovered a spear-phishing campaign conducted by Belarus-linked GhostWriter APT group targeting Ukrainian state entities with Cobalt Strike Beacon. The phishing messages use a RAR-archive named “Saboteurs.rar”, which contains RAR-archive “Saboteurs 21.03.rar.”

Phishing

Phishing Government Hacking Accountability

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. According to the Google Threat Horizons report, the state-sponsored hackers sent fake job offers to employees at the security companies. . ” reads the Google Threat Horizons report.

Malware

Malware Phishing Antivirus Hacking

Kaspersky report: Malware shared by USCYBERCOM first seen in December 2016

Security Affairs

JULY 9, 2019

Last week the United States Cyber Command (USCYBERCOM) uploaded to VirusTotal a malware used by Iran-linked APT33 group in attacks in Dec 2016 and Jan 2017. USCYBERCOM has discovered active malicious use of CVE-2017-11774 and recommends immediate #patching. ” reads a report published by Kaspersky. ” reads the report.

Malware

Malware InfoSec Advertising Government

New Coronavirus-themed malspam campaign delivers FormBook Malware

Security Affairs

MARCH 8, 2020

The emails provide updates on the Coronavirus outbreak, it includes stats on the epidemic and contains an email of corona-virus@caramail.com that is likely used for phishing purposes. The final payload is the FormBook information-stealing Trojan, a malware that was first spotted by researchers at FireEye in October 2017.

Malware

Malware Scams Social Engineering Phishing

The Trouble with Politicians Sharing Passwords

Troy Hunt

DECEMBER 4, 2017

— Nadine Dorries (@NadineDorries) December 2, 2017. link] — Troy Hunt (@troyhunt) December 2, 2017. — Nick Boles MP (@NickBoles) December 3, 2017. Seems slightly unfair to vilify @NadineDorries for what is common practice — JamesClayton (@JamesClayton5) December 3, 2017. No one else has access.

Passwords

Passwords Accountability Technology InfoSec

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. ICYMI, Equifax forced to pull offline a huge database of consumer data guarded only by credentials "admin/admin" [link] — briankrebs (@briankrebs) September 13, 2017.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

Iran-linked APT42 is behind over 30 espionage attacks

Security Affairs

SEPTEMBER 11, 2022

APT42 focuses on highly targeted spear-phishing and social engineering techniques, its operations broadly fall into three categories, credential harvesting, surveillance operations, and malware deployment. They have also previously targeted human rights activists, the media sector, and interfered with the US presidential elections.

Surveillance

Surveillance Social Engineering Phishing Government

North Korea-linked TA444 group turns to credential harvesting activity

Security Affairs

JANUARY 25, 2023

According to Proofpoint the group is targeting cryptocurrencies since at least 2017. APT38 appears to be a North Korea-linked group separate from the infamous Lazarus group, it has been active since at least 2014 and it has been observed targeting over 16 organizations across 11 countries.

Cryptocurrency

Cryptocurrency Phishing Healthcare Malware

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

LeakedSource also tried to pass itself off as a legal, legitimate business that was marketing to security firms and professionals. The RCMP arrested Bloom in December 2017, and said he made approximately $250,000 selling hacked data, which included information on 37 million user accounts leaked in the 2015 Ashley Madison breach.

Hacking

Hacking Accountability Data breaches Marketing

Security Affairs newsletter Round 451 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 24, 2023

LockBit ransomware gang claims to have breached accountancy firm Xeinadin Mobile virtual network operator Mint Mobile discloses a data breach Akira ransomware gang claims the theft of sensitive data from Nissan Australia Member of Lapsus$ gang sentenced to an indefinite hospital order Real estate agency exposes details of 690k customers ESET fixed (..)

Ransomware

Ransomware Mobile Malware Marketing

Toyota discloses accidental leak of some customers’ personal information

Security Affairs

OCTOBER 11, 2022

An unauthorized third party could have had access to the details of Toyota customers between December 2017 and September 15, 2022. Users of T-Connect who registered between July 2017 and September 2022 could be exposed to fraudulent activities, including scams. The source code was leaked by a development subcontractor.

Scams

Scams Phishing Hacking Risk

Saving World Health Day: UNICC and Group-IB take down scam campaign impersonating the World Health Organization

Security Affairs

APRIL 30, 2021

In the worst-case scenarios, users would end up on a malicious or a phishing website. Like phishing kits, scam kits are sets of tools that help create and design scam pages. Most domains with phishing and scam content use CDNs (Content Delivery Networks) to hide the IP address of the real servers. Twitter | LinkedIn.

Scams

Scams Phishing Risk Information Security

UNRAVELING EternalBlue: inside the WannaCry’s enabler

Security Affairs

SEPTEMBER 1, 2023

EternalBlue is a Windows exploit created by the US National Security Agency (NSA) and used in the 2017 WannaCry ransomware attack. Targeted Phishing and Social Engineering: In some cases, attackers may employ targeted phishing emails or social engineering techniques to gain initial access to a system within the target network.

Social Engineering

Social Engineering Penetration Testing Engineering Malware

Fort Worth IT Professionals Fired for Reporting Cybersecurity Issues: What We Know

Security Affairs

JUNE 7, 2019

In October 2017, the city of Fort Worth, Texas became the target of a phishing scam. According to the arrest warrant affidavit, he withdrew thousands of dollars between November 2017 and January 2018 from the new account with Chase Bank, severely compromising the cybersecurity of Fort Worth. The Importance of Transparency.

Cybersecurity

Cybersecurity Scams Banking Accountability

China-linked Space Pirates APT targets the Russian aerospace industry

Security Affairs

MAY 19, 2022

A previously unknown Chinese cyberespionage group, tracked as ‘Space Pirates’, targets enterprises in the Russian aerospace industry with spear-phishing attacks. The group has been active since at least 2017, researchers believe it is linked with other China-linked APT groups, including APT41 (Winnti), Mustang Panda , and APT27.

Malware

Malware Phishing Government Hacking

Unprecedented cyber attack hit State Infrastructure of Montenegro

Security Affairs

AUGUST 27, 2022

In June 2017, Montenegro was targeted by the Russia-linked hacker group APT28 after Montenegro officially joined NATO alliance despite the strong opposition from the Russian Government that threatened to retaliate. Abazovic said it was politically motivated following the fall of his government last week.” ” reported the Reuters.

Cyber Attacks

Cyber Attacks Government Telecommunications Malware

McDonald’s discloses data breach in US, Taiwan and South Korea

Security Affairs

JUNE 12, 2021

The company advised employees and franchisees to watch for phishing emails and to use discretion when asked for information.” ” McDonald’s said that it was able to quickly identify the security breach and mitigate the threat. . “The company said no customer data was breached in the U.S.,

Data breaches

Data breaches Cyber Attacks Marketing Phishing

GUEST ESSAY. Everyone should grasp these facts about cyber threats that plague digital commerce

The Last Watchdog

FEBRUARY 28, 2021

Regardless of how familiar you are with Information Security, you’ve probably come across the term ‘malware’ countless times. From accessing your business-critical resources and sensitive information to halting business operations and services, a malware infection can quickly become an organization’s worst nightmare come true.

Cyber threats

Cyber threats Computers and Electronics Adware Spyware

Most ransomware attacks take place outside the working hours

Security Affairs

MARCH 17, 2020

Security experts from FireEye published an interesting report on the Ransomware deployment trends, it revealed that most of the attacks (76%) against the enterprise sector occur outside working hours. FireEye compiled the report using data from dozens of ransomware infections that it has investigated from 2017 to 2019.

Ransomware

Ransomware Advertising Malware Cybercrime

US indicted 4 Russian government employees for attacks on critical infrastructure

Security Affairs

MARCH 25, 2022

“According to the indictment, between May and September 2017, the defendant and co-conspirators hacked the systems of a foreign refinery and installed malware, which cyber security researchers have referred to as “Triton” or “Trisis,” on a safety system produced by Schneider Electric, a multinational corporation. .”

Government

Government Energy and Utilities Malware Hacking

China-based Fangxiao group behind a long-running phishing campaign

Ukraine: Belarusian APT group UNC1151 targets military personnel with spear phishing

Webinars

Trending Sources

CISA warns of phishing attacks delivering KONNI RAT

Webinars

Microsoft disrupts SEABORGIUM ’s ongoing phishing operations

Iran-Linked APT TA450 embeds malicious links in PDF attachments

UK NCSC warns of spear-phishing attacks from Russia-linked and Iran-linked groups

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

News alert: LayerX Security raises $24M Series A funding for its ‘enterprise browser’ security platform

MuddyWater has been spotted targeting two Israeli entities

IcedID malware campaign targets Zoom users

Top 5 Cybersecurity and Computer Threats of 2017

BlueCharlie changes attack infrastructure in response to reports on its activity

North Korea-linked Konni APT uses Russian-language weaponized documents

North Korea-linked Konni APT targets Russian diplomatic bodies

COVID-19 Has United Cybersecurity Experts, But Will That Unity Survive the Pandemic?

Chinese actors behind attacks on industrial enterprises and public institutions

FBI: Compromised US academic credentials available on various cybercrime forums

Google TAG warns of Russia-linked APT groups targeting Ukraine

China-linked APT uses a new backdoor in attacks at Russian defense contractor

China-linked BlackTech APT uses new Flagpro malware in recent attacks

Threat actors target the Ukrainian gov with IcedID malware

Australian ACSC ‘s report confirms the use of Chinese malware in recent attacks

Exposed: the threat actors who are poisoning Facebook

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

GhostWriter APT targets state entities of Ukraine with Cobalt Strike Beacon

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Kaspersky report: Malware shared by USCYBERCOM first seen in December 2016

New Coronavirus-themed malspam campaign delivers FormBook Malware

The Trouble with Politicians Sharing Passwords

Top Cybersecurity Accounts to Follow on Twitter

Iran-linked APT42 is behind over 30 espionage attacks

North Korea-linked TA444 group turns to credential harvesting activity

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Security Affairs newsletter Round 451 by Pierluigi Paganini – INTERNATIONAL EDITION

Toyota discloses accidental leak of some customers’ personal information

Saving World Health Day: UNICC and Group-IB take down scam campaign impersonating the World Health Organization

UNRAVELING EternalBlue: inside the WannaCry’s enabler

Fort Worth IT Professionals Fired for Reporting Cybersecurity Issues: What We Know

China-linked Space Pirates APT targets the Russian aerospace industry

Unprecedented cyber attack hit State Infrastructure of Montenegro

McDonald’s discloses data breach in US, Taiwan and South Korea

GUEST ESSAY. Everyone should grasp these facts about cyber threats that plague digital commerce

Most ransomware attacks take place outside the working hours

US indicted 4 Russian government employees for attacks on critical infrastructure

Stay Connected