Cybercrime, Document, Information Security and Phishing

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Security Affairs

MAY 13, 2024

Experts reported that since April, the Phorpiex botnet sent millions of phishing emails to spread LockBit Black ransomware. Subject lines included “your document” and “photo of you???”. Phishing Reporting : Report phishing emails and other malicious cyber activities to relevant authorities like the FBI’s IC3 and the NJCCIC.

Phishing

Phishing Ransomware Security Awareness Authentication

FIN7 targeted a large U.S. carmaker phishing attacks

Security Affairs

APRIL 18, 2024

carmaker with spear-phishing attacks. In late 2023, BlackBerry researchers spotted the threat actor FIN7 targeting a large US automotive manufacturer with a spear-phishing campaign. BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large U.S. com”, which is a free online scanner.

Phishing

Phishing Cybercrime Manufacturing Hacking

DEV-1101 AiTM phishing kit is fueling large-scale phishing campaigns

Security Affairs

MARCH 14, 2023

Microsoft warns of large-scale phishing attacks orchestrated with an open-source adversary-in-the-middle (AiTM) phishing kit available in the cybercrime ecosystem Adversary-in-the-middle (AiTM) phishing kits are becoming an essential technology in the cybercrime ecosystem that is used by multiple threat actors to launch phishing attacks.

Phishing

Phishing Cybercrime Authentication Mobile

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Police seized BulletProftLink phishing-as-a-service (PhaaS) platform

Security Affairs

NOVEMBER 11, 2023

The Royal Malaysian Police announced the seizure of the notorious BulletProftLink phishing-as-a-service (PhaaS) platform. The Royal Malaysian Police announced to have dismantled the notorious BulletProftLink phishing-as-a-service (PhaaS) platform. The operation was first documented on OSINT Fans by Gabor Szathmari in October 2020.

Phishing

Phishing Cybercrime Advertising Hacking

TA558 cybercrime group targets hospitality and travel orgs

Security Affairs

AUGUST 20, 2022

TA558 cybercrime group is behind a malware campaign targeting hospitality, hotel, and travel organizations in Latin America. Researchers from Proofpoint are monitoring a malware campaign conducted by a cybercrime group, tracked as TA558, that is targeting hospitality, hotel, and travel organizations in Latin America.

Cybercrime

Cybercrime Malware Phishing Internet

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

Security Affairs

APRIL 23, 2022

Ukraine CERT-UA warns of phishing attacks on state organizations of Ukraine using the topic “Azovstal” and Cobalt Strike Beacon. The analysis of encryption techniques employed in the attack allowed the government experts to associate the campaign with the cybercrime group Trickbot. To nominate, please visit:?

Phishing

Phishing Cybercrime Ransomware Encryption

Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks

Security Affairs

MAY 29, 2023

Experts warn of phishing attacks that are combining the use of compromised Microsoft 365 accounts and.rpmsg encrypted emails. Trustwave researchers have observed threat actors using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts in a phishing campaign aimed at stealing Microsoft credentials.

Encryption

Encryption Phishing Accountability Authentication

Russian Cybercrime Trickbot Group is systematically attacking Ukraine

Security Affairs

JULY 8, 2022

. “The systematic attacks observed against Ukraine include reported and suspected phishing attacks against Ukrainian state authorities, Ukrainian individuals and organizations, and the general population.” In some of the attacks, threat actors used an Excel document named Nuclear.xls, suggesting an alarming lure.

Cybercrime

Cybercrime Malware DDOS Ransomware

Microsoft warns of a evasive year-long spear-phishing campaign targeting Office 365 users

Security Affairs

AUGUST 12, 2021

Microsoft warns of a long-running spear-phishing campaign that has targeted Office 365 customers in multiple attacks since July 2020. Microsoft revealed that a year-long spear-phishing campaign has targeted Office 365 customers in multiple attacks starting with July 2020. SecurityAffairs – hacking, cybercrime). com , or api[.]statvoo[.]com

Phishing

Phishing Passwords Encryption Cybercrime

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

Security Affairs

NOVEMBER 3, 2022

It focused on deploying POS malware and launching targeted spear-phishing attacks against organizations worldwide. The Sentinel Labs’s analysis revealed that Black Basta ransomware operators develop and maintain their own toolkit, they documented only collaboration with a limited and trusted set of affiliates. Pierluigi Paganini.

Cybercrime

Cybercrime Ransomware Antivirus Malware

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Security Affairs

JUNE 17, 2021

UNC2465 cybercrime group that is affiliated with the Darkside ransomware gang has infected with malware the website of a CCTV camera vendor. In the documented attack, once the backdoor is deployed, UNC2465 interactively established an NGROK tunnel and performed lateral movements in less than 24 hours. Pierluigi Paganini.

Cybercrime

Cybercrime Ransomware Antivirus Software

Omicron-themed phishing attacks spread Dridex and taunt with funeral helpline

Security Affairs

DECEMBER 25, 2021

The phishing messages use weaponized Word or Excel attachments to install the Dridex banking Trojan. “This letter is to inform you that you have been exposed to a coworker who tested positive for OMICRON variant of COVID-19 sometime between December 18th and 20th,” reads a phishing message shared by Bleeping Computer.

Phishing

Phishing Passwords Banking Malware

Threat actors leak Activision employee data on hacking forum

Security Affairs

FEBRUARY 27, 2023

Data allegedly stolen from the American gaming giant Activision in December security breach were leaked on a cybercrime forum. The Threat Actors successfully phished a privileged user on the network. They exfiltrated sensitive work place documents as well as scheduled to be released content dating to November 17th, 2023.

Hacking

Hacking Cybercrime Social Engineering Data breaches

APWG: Phishing maintained near-record levels in the first quarter of 2021

Security Affairs

JUNE 13, 2021

The Anti-Phishing Working Group (APWG) revealed that the number of phishing websites peaked at record levels in the first quarter of 2021. The Anti-Phishing Working Group (APWG) has published its new Phishing Activity Trends Report related to the first quarter of 2021. Reported Phishing Websites for Q1 2021.

Phishing

Phishing Advertising Cryptocurrency Encryption

U.S. taxpayers hit by a phishing campaign delivering the Amadey bot

Security Affairs

SEPTEMBER 20, 2019

Cofense researchers spotted a phishing campaign that is targeting taxpayers in the United States to infect them with the Amadey malware. Security experts at Cofense uncovered a phishing campaign that is targeting taxpayers in the United States attempting to infect them with a new piece of malware named Amadey. The post U.S.

Phishing

Phishing Social Engineering Malware Advertising

Spain police dismantled a cybercriminal group who stole the data of 4 million individuals

Security Affairs

OCTOBER 23, 2023

Criminal activities conducted by the group are smishing , phishing and vishing campaigns, and the ‘son in distress’ scam. The leaders of the criminal organization used false documentation and spoofing techniques to hide their identity and invested their profits in crypto assets to launder the proceeds.

Computers and Electronics

Computers and Electronics Scams Cybercrime Phishing

Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

APRIL 21, 2024

carmaker with phishing attacks Law enforcement operation dismantled phishing-as-a-service platform LabHost Previously unknown Kapeka backdoor linked to Russian Sandworm APT Cisco warns of a command injection escalation flaw in its IMC.

Data breaches

Data breaches Phishing Ransomware Malware

Recent DarkGate campaign exploited Microsoft Windows zero-day

Security Affairs

MARCH 14, 2024

In the campaign observed by ZDI, threat actors used PDF documents lures that contained Google DoubleClick Digital Marketing (DDM) open redirects. “The phishing campaign employed open redirect URLs from Google Ad technologies to distribute fake Microsoft software installers (.MSI) MSI) installers. net domain inside the PDF file.

Phishing

Phishing Malware Software Internet

Ransomware en masse on the wane: top threats inside web-phishing in H1 2020

Security Affairs

SEPTEMBER 18, 2020

Web-phishing targeting various online services almost doubled during the COVID-19 pandemic , it accounted for 46 percent of the total number of fake web pages. Secure web- phishing. In the light of global pandemic and the businesses’ dive into online world, the share of this phishing category increased to remarkable 46 percent.

Phishing

Phishing Ransomware Spyware Banking

Unpatched Office zero-day CVE-2023-36884 actively exploited in targeted attacks

Security Affairs

JULY 12, 2023

The issue, tracked as CVE-2023-36884 , was exploited by nation-state actors and cybercriminals to gain remote code execution via malicious Office documents. The company revealed that it is aware of high-targeted attacks that attempt to exploit these issues through specially-crafted Office documents. ” reads the post.

Phishing

Phishing Cybercrime Hacking Government

Blackbasta group claims to have hacked Atlas, one of the largest US oil distributors

Security Affairs

MAY 21, 2024

The gang published a series of documents as proof of the hack, including people’s ID cards, data sheets, payroll payment requesters and a picture of the folder exfiltrated from the victim’s systems. The attacks began with a spam/phishing email containing malicious URL links. Sunoco is the largest at 8 billion gallons.

Hacking

Hacking Ransomware Phishing Malware

FIN7 group leverages Windows 11 Alpha-Themed docs to drop Javascript payloads

Security Affairs

SEPTEMBER 4, 2021

FIN7 cybercrime gang used weaponized Windows 11 Alpha-themed Word documents to drop malicious payloads, including a JavaScript backdoor. Anomali Threat Research experts have monitored recent spear-phishing attacks conducted by financially motivated threat actor FIN7. The attack chain began with a Microsoft Word document (.doc)

Cybercrime

Cybercrime Retail Phishing Hacking

Daixin Team group claimed the hack of North Texas Municipal Water District

Security Affairs

NOVEMBER 28, 2023

The ransomware gang claims the theft of board meeting minutes, internal project documentation, personnel details, audit reports, and more. In October 2022, CISA, the FBI, and the Department of Health and Human Services (HHS) warned that the Daixin Team cybercrime group is actively targeting U.S.

Hacking

Hacking VPN Ransomware Cybercrime

Microsoft Patch Tuesday for August 2023 fixed 2 actively exploited flaws

Security Affairs

AUGUST 8, 2023

The issue, tracked as CVE-2023-36884 , was exploited by nation-state actors and cybercriminals to gain remote code execution via malicious Office documents. The company revealed that it is aware of high-targeted attacks that attempt to exploit these issues through specially-crafted Office documents. “An reads the post.

Phishing

Phishing Cybercrime Hacking Government

Real estate agency exposes details of 690k customers

Security Affairs

DECEMBER 21, 2023

Businesses employ MongoDB to organize and store large swaths of document-oriented information. The exposed database hosted over 100K links with scanned documents hosted on a Goyzer domain. The data was leaked via a publicly exposed and passwordless MongoDB database, which has since been closed.

Identity Theft

Identity Theft Scams Phishing Accountability

Security Affairs newsletter Round 440 by Pierluigi Paganini – International edition

Security Affairs

OCTOBER 8, 2023

Belgian intelligence service VSSE accused Alibaba of ‘possible espionage’ at European hub in Liege A WhatsApp zero-day exploit can cost several million dollars CISA adds JetBrains TeamCity and Windows flaws to its Known Exploited Vulnerabilities catalog NATO is investigating a new cyber attack claimed by the SiegedSec group Global CRM Provider Exposed (..)

Data breaches

Data breaches Cybercrime Ransomware Hacking

North Korea-linked Andariel APT used a new malware named EarlyRat last year

Security Affairs

JUNE 29, 2023

The experts also identified a set of off-the-shelf tools used by Andariel during the command execution phase, including: Supremo remote desktop; 3Proxy; Powerline; Putty; Dumpert; NTDSDumpEx; ForkDump; The malware EarlyRat was dropped via phishing messages using weaponized documents. ” concludes the report.

Malware

Malware Cybercrime Phishing Internet

Cybercriminals Implemented Artificial Intelligence (AI) for Invoice Fraud

Security Affairs

JANUARY 3, 2024

This involves specifying the credentials, as well as the IBAN and BIC codes that will be used for the ‘swapping’ or spoofing process in the documents. The necessary login credentials for online banking systems are previously harvested through a phishing kit. Decision-making and automation of cybercriminal operations.

Artificial Intelligence

Artificial Intelligence Banking Scams Cybercrime

Hackers target COVID-19 vaccine supply chain and sell the vaccine in Darkweb

Security Affairs

DECEMBER 18, 2020

Cybercrime organizations continue to be very active while pharmaceutical organizations are involved in the development of a COVID-19 vaccine and medicines to cure the infections. The experts uncovered a large scale spear-phishing campaign that has been ongoing since September 2020. ” continues the report.

Phishing

Phishing Cybercrime Internet Internet

State-sponsored hackers are launching Coronavirus-themed attacks

Security Affairs

MARCH 13, 2020

In the last weeks, security experts reported many Coronavirus-themed attacks carried out by cybercrime gangs, now experts warn of similar attacks from nation – s tate actors. North Korea's BabyShark malware has been found in the form of document on South Korea's response to COVID-19.

Cybercrime

Cybercrime Malware Advertising Phishing

Security Affairs newsletter Round 462 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MARCH 10, 2024

Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp Cybercrime BlackCat Ransomware Affiliate TTPs American Express credit cards EXPOSED in third-party vendor data breach – account numbers and names among details accessed in hack LockBit 3.0’S

Spyware

Spyware Data breaches Hacking Ransomware

TA505 cybercrime group use SDBbot RAT in recent campaigns

Security Affairs

OCTOBER 20, 2019

TA505 cybercrime group that operated the Dridex Trojan and Locky ransomware, has been using a new RAT dubbed SDBbot in recent attacks. Security experts at Proofpoint observed the notorious TA505 cybercrime group that has been using a new RAT dubbed SDBbot in recent attacks. Pierluigi Paganini.

Cybercrime

Cybercrime Advertising Retail Banking

IKEA hit by a cyber attack that uses stolen internal reply-chain emails

Security Affairs

NOVEMBER 27, 2021

Threat actors are targeting IKEA employees in an internal phishing campaign leveraging stolen reply-chain emails. According to BleepingComputer, threat actors are targeting IKEA employees in phishing attacks using stolen reply-chain emails. The company also shared an example of a phishing email sent to its employees.

Cyber Attacks

Cyber Attacks Phishing Malware Hacking

Iranian threat actors exploit MS MSHTML bug to steal Google and Instagram credentials

Security Affairs

NOVEMBER 25, 2021

The PowerShortShell stealer is also used for Telegram surveillance and gathering system information from infected systems. Upon opening the document a DLL is dropped on the target system, then it is used to execute the PowerShortShell stealer payload. ” reads the analysis published by SafeBreach Labs.

Surveillance

Surveillance Social Engineering Cybercrime Phishing

Experts observed Amadey malware deploying LockBit 3.0 Ransomware

Security Affairs

NOVEMBER 9, 2022

The malware is available for sale in illegal forums, in the past, it was used by cybercrime gangs like TA505 to install GandCrab ransomware or the FlawedAmmyy RAT. ” reads the report published by the security firm. ” reads the report published by the security firm. Pierluigi Paganini.

Malware

Malware Ransomware Cybercrime Phishing

Reading the 2019 Internet Crime Complaint Center (IC3) report

Security Affairs

FEBRUARY 12, 2020

The FBI’s Internal Crime Complaint Center (IC3) released the FBI 2019 Internet Crime Report , a document that outlines cybercrime trends over the past year. Here we are to analyze the annual FBI 2019 Internet Crime Complaint Center (IC3) , one of the most interesting documents on the crime trends observed in the last 12 months.

Internet

Internet Internet Scams Cybercrime

IcedID malware campaign targets Zoom users

Security Affairs

JANUARY 7, 2023

Cyber researchers warn of a modified Zoom app that was used by threat actors in a phishing campaign to deliver the IcedID Malware. Cyble researchers recently uncovered a phishing campaign targeting users of the popular video conferencing and online meeting platform Zoom to deliver the IcedID malware. ” concludes the report.

Malware

Malware Phishing Banking Hacking

WikiLoader malware-as-a-service targets Italian organizations

Security Affairs

AUGUST 1, 2023

Threat actors are targeting Italian organizations with a phishing campaign aimed at delivering a new malware called WikiLoader. WikiLoader is a new piece of malware that is employed in a phishing campaign that is targeting Italian organizations. ” continues the report. ” concludes the report. ” concludes the report.

Malware

Malware Phishing Banking Hacking

Logistics giant D.W. Morgan exposed 100 GB worth of clients’ data, including Fortune 500 Clients

Security Affairs

DECEMBER 28, 2021

” Clients of the company could be targeted by malicious activities, such as phishing campaigns and scams, due to the exposure of their data. In particular, businesses could experience criminal activities and forms of cybercrime as a result of the open bucket.” ” reads the post published by Website Planet. “D.W.

Data breaches

Data breaches Scams Cybercrime Phishing

FBI: Ransomware actors abuse third parties and legitimate system tools for initial access

Security Affairs

NOVEMBER 8, 2023

The FBI also reported, as of June 2023, that the Silent Ransom Group (SRG), also known as Luna Moth, had been observed conducting callback phishing data theft and extortion attacks. The threat actors sent victims a phone number in a phishing attempt, often related to pending charges on their accounts.

Ransomware

Ransomware Backups Encryption Phishing

Rent a hacker: Group-IB uncovers corporate espionage group RedCurl

Security Affairs

AUGUST 13, 2020

The attackers seek to steal documents that contain commercial secrets and employee personal data. In all campaigns, RedCurl’s main goal was to steal confidential corporate documents such as contracts, financial documents, employee personal records, and records of legal actions and facility construction.

Phishing

Phishing Social Engineering Banking Advertising

Qakbot is back and targets the Hospitality industry

Security Affairs

DECEMBER 18, 2023

Experts warn of a new phishing campaign distributing the QakBot malware, months after law enforcement dismantled its infrastructure. Threat actors sent a PDF to the victims, the document comes from a user masquerading as an IRS employee. The PDF contained a URL that downloads a digitally signed Windows Installer (.msi).

Malware

Malware Phishing Ransomware Hacking

Threat actor has been targeting the aviation industry since at least 2018

Security Affairs

SEPTEMBER 18, 2021

Security researchers from the Cisco Talos team uncovered a spear-phishing campaign targeting the aviation industry for two years avoiding detection. Security researchers from Cisco Talos uncovered a spear-phishing campaign targeting, dubbed Operation Layover, that targeted the aviation industry for two years without being detected.

Malware

Malware Phishing DNS Cybercrime

FIN11 gang started deploying ransomware to monetize its operations

Security Affairs

OCTOBER 18, 2020

Researchers from FireEye’s Mandiant observed FIN11 hackers using spear-phishing messages distributing a malware downloader dubbed FRIENDSPEAK. ” The attack chain starts when the victims enable the macro embedded in an Excel spreadsheet that came with the phishing e-mails. .” ” reads the analysis published by FireEye.

Ransomware

Ransomware Malware Telecommunications Advertising

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

FIN7 targeted a large U.S. carmaker phishing attacks

Webinars

Trending Sources

DEV-1101 AiTM phishing kit is fueling large-scale phishing campaigns

Webinars

Police seized BulletProftLink phishing-as-a-service (PhaaS) platform

TA558 cybercrime group targets hospitality and travel orgs

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks

Russian Cybercrime Trickbot Group is systematically attacking Ukraine

Microsoft warns of a evasive year-long spear-phishing campaign targeting Office 365 users

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Omicron-themed phishing attacks spread Dridex and taunt with funeral helpline

Threat actors leak Activision employee data on hacking forum

APWG: Phishing maintained near-record levels in the first quarter of 2021

U.S. taxpayers hit by a phishing campaign delivering the Amadey bot

Spain police dismantled a cybercriminal group who stole the data of 4 million individuals

Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION

Recent DarkGate campaign exploited Microsoft Windows zero-day

Ransomware en masse on the wane: top threats inside web-phishing in H1 2020

Unpatched Office zero-day CVE-2023-36884 actively exploited in targeted attacks

Blackbasta group claims to have hacked Atlas, one of the largest US oil distributors

FIN7 group leverages Windows 11 Alpha-Themed docs to drop Javascript payloads

Daixin Team group claimed the hack of North Texas Municipal Water District

Microsoft Patch Tuesday for August 2023 fixed 2 actively exploited flaws

Real estate agency exposes details of 690k customers

Security Affairs newsletter Round 440 by Pierluigi Paganini – International edition

North Korea-linked Andariel APT used a new malware named EarlyRat last year

Cybercriminals Implemented Artificial Intelligence (AI) for Invoice Fraud

Hackers target COVID-19 vaccine supply chain and sell the vaccine in Darkweb

State-sponsored hackers are launching Coronavirus-themed attacks

Security Affairs newsletter Round 462 by Pierluigi Paganini – INTERNATIONAL EDITION

TA505 cybercrime group use SDBbot RAT in recent campaigns

IKEA hit by a cyber attack that uses stolen internal reply-chain emails

Iranian threat actors exploit MS MSHTML bug to steal Google and Instagram credentials

Experts observed Amadey malware deploying LockBit 3.0 Ransomware

Reading the 2019 Internet Crime Complaint Center (IC3) report

IcedID malware campaign targets Zoom users

WikiLoader malware-as-a-service targets Italian organizations

Logistics giant D.W. Morgan exposed 100 GB worth of clients’ data, including Fortune 500 Clients

FBI: Ransomware actors abuse third parties and legitimate system tools for initial access

Rent a hacker: Group-IB uncovers corporate espionage group RedCurl

Qakbot is back and targets the Hospitality industry

Threat actor has been targeting the aviation industry since at least 2018

FIN11 gang started deploying ransomware to monetize its operations

Stay Connected