Cybercrime, Hacking, Malware and Phishing

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Krebs on Security

APRIL 3, 2024

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “ The Manipulaters ,” a sprawling web hosting network of phishing and spam delivery platforms. Manipulaters advertisement for “Office 365 Private Page with Antibot” phishing kit sold on the domain heartsender,com.

Phishing

Phishing Cybercrime Malware Advertising

Cryptocurrencies and cybercrime: A critical intermingling

Security Affairs

APRIL 26, 2024

As cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement in this sector Cryptocurrencies have revolutionized the financial world, offering new investment opportunities and decentralized transactions. Compromised websites and malware are often at the root of these types of attacks.

Cryptocurrency

Cryptocurrency Cybercrime Education Scams

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Krebs on Security

AUGUST 29, 2023

government today announced a coordinated crackdown against QakBot , a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. QakBot is most commonly delivered via email phishing lures disguised as something legitimate and time-sensitive, such as invoices or work orders.

Hacking

Hacking Malware Ransomware Government

Karma Catches Up to Global Phishing Service 16Shop

Krebs on Security

AUGUST 17, 2023

You’ve probably never heard of “ 16Shop ,” but there’s a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. The INTERPOL statement says the platform sold hacking tools to compromise more than 70,000 users in 43 countries.

Phishing

Phishing Passwords Internet Internet

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Security Affairs

MAY 13, 2024

Experts reported that since April, the Phorpiex botnet sent millions of phishing emails to spread LockBit Black ransomware. Endpoint Security : Install endpoint security solutions to fortify defenses against malware attacks. In December 2021, experts at Check Point Research observed the resurgence of the Phorpiex botnet.

Phishing

Phishing Ransomware Security Awareness Authentication

Aurora Stealer Malware is becoming a prominent threat in the cybercrime ecosystem

Security Affairs

NOVEMBER 22, 2022

Researchers warn of threat actors employing a new Go-based malware dubbed Aurora Stealer in attacks in the wild. Aurora Stealer is an info-stealing malware that was first advertised on Russian-speaking underground forums in April 2022. Aurora was offered as Malware-as-a-Service (MaaS) by a threat actor known as Cheshire.

Cybercrime

Cybercrime Malware Cryptocurrency Advertising

As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide

Security Affairs

MAY 12, 2024

Some of the victims’ ransom payments were sent by both Conti and Black Basta groups to the gang behind the Qakbot malware. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, cybercrime) 61,9% of the victims are in the US, 15.8% in Germany, and 5.9%

Ransomware

Ransomware Hacking Healthcare Retail

FIN7 targeted a large U.S. carmaker phishing attacks

Security Affairs

APRIL 18, 2024

carmaker with spear-phishing attacks. In late 2023, BlackBerry researchers spotted the threat actor FIN7 targeting a large US automotive manufacturer with a spear-phishing campaign. ” Pierluigi Paganini Follow me on Twitter: @securityaffairs and Facebook and Mastodon ( SecurityAffairs – hacking, FIN7)

Phishing

Phishing Cybercrime Manufacturing Hacking

UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malware

Security Affairs

MAY 5, 2021

A new cybercrime gang, tracked as UNC2529 , has targeted many organizations in the US and other countries using new sophisticated malware. A new financially motivated threat actor, tracked by FireEye Experts as UNC2529, has targeted many organizations in the United States and other countries using several new pieces of malware.

Cybercrime

Cybercrime Malware Manufacturing Retail

Cybercrime Statistics in 2019

Security Affairs

JANUARY 18, 2020

I’m preparing the slides for my next speech and I decided to create this post while searching for interesting cybercrime statistics in 2020. Cybercrime will cost as much as $6 trillion annually by 2021. The global expense for organizations to protect their systems from cybercrime attacks will continue to grow.

Cybercrime

Cybercrime Small Business Data breaches Mobile

TA558 cybercrime group targets hospitality and travel orgs

Security Affairs

AUGUST 20, 2022

TA558 cybercrime group is behind a malware campaign targeting hospitality, hotel, and travel organizations in Latin America. Researchers from Proofpoint are monitoring a malware campaign conducted by a cybercrime group, tracked as TA558, that is targeting hospitality, hotel, and travel organizations in Latin America.

Cybercrime

Cybercrime Malware Phishing Internet

Carbanak malware returned in ransomware attacks

Security Affairs

DECEMBER 26, 2023

Researchers at NCC Group reported that in November they observed the return of the infamous banking malware Carbanak in ransomware attacks. The cybersecurity firm NCC Group reported that in November the banking malware Carbanak was observed in ransomware attacks. ” reads the report published by NCC Group.

Malware

Malware Ransomware Banking Healthcare

Hackers abusing the Ngrok platform phishing attacks

Security Affairs

FEBRUARY 16, 2021

Researchers from threat intelligence Cyble have discovered threat actors abusing the Ngrok platform in a fresh phishing campaign. Researchers at the threat intelligence firm Cyble discovered a new wave of phishing attacks targeting multiple organizations that are abusing the ngrok platform, a secure and introspectable tunnel to the localhost.

Phishing

Phishing Cybercrime Mobile Internet

Operation Synergia led to the arrest of 31 individuals

Security Affairs

FEBRUARY 2, 2024

An international law enforcement operation, named Synergia, led to the arrest of 31 individuals involved in ransomware, banking malware, and phishing attacks. The international law enforcement operation was launched to curb the escalation and professionalisation of transnational cybercrime.

Cybercrime

Cybercrime Banking Phishing Malware

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

Security Affairs

APRIL 23, 2022

Ukraine CERT-UA warns of phishing attacks on state organizations of Ukraine using the topic “Azovstal” and Cobalt Strike Beacon. The analysis of encryption techniques employed in the attack allowed the government experts to associate the campaign with the cybercrime group Trickbot. SecurityAffairs – hacking, Ukraine).

Phishing

Phishing Cybercrime Ransomware Encryption

Phishing, the campaigns that are targeting Italy

Security Affairs

OCTOBER 12, 2023

This post analyzed the numerous phishing campaigns targeting users and organizations in Italy. Phishing is a ploy to trick users into revealing personal or financial information through an e-mail, Web site, and even through instant messaging. Phishing can also be used as a precursor attack to drop malware.

Phishing

Phishing Scams Education Passwords

Raccoon Malware, a success case in the cybercrime ecosystem

Security Affairs

FEBRUARY 24, 2020

Raccoon Malware is a recently discovered infostealer that can extract sensitive data from about 60 applications on a targeted system. Racoon malware , Legion, Mohazo, and Racealer, is an infostealer that recently appeared in the threat landscape that is advertised in hacking forums. ” continues the analysis.

Cybercrime

Cybercrime Malware Cryptocurrency Advertising

Russian Cybercrime Trickbot Group is systematically attacking Ukraine

Security Affairs

JULY 8, 2022

The operators behind the TrickBot malware are systematically targeting Ukraine since the beginning of the war in February 2022. Since February, the Conti ransomware group has taken over TrickBot malware operation and also planned to replace it with BazarBackdoor malware. SecurityAffairs – hacking, Ukraine).

Cybercrime

Cybercrime Malware DDOS Ransomware

Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

Security Affairs

JULY 6, 2021

The alleged perpetrator, who turned out to be a citizen of Morocco, was arrested in May by the Moroccan police based on the data about his cybercrimes that was provided by Group-IB. Almost each of the scripts contained in the phishing kit had its creator’s nickname, Dr HeX, and contact email address.

Cybercrime

Cybercrime Phishing Banking Telecommunications

IcedID malware campaign targets Zoom users

Security Affairs

JANUARY 7, 2023

Cyber researchers warn of a modified Zoom app that was used by threat actors in a phishing campaign to deliver the IcedID Malware. Cyble researchers recently uncovered a phishing campaign targeting users of the popular video conferencing and online meeting platform Zoom to deliver the IcedID malware. Pierluigi Paganini.

Malware

Malware Phishing Banking Hacking

North Korea-linked Andariel APT used a new malware named EarlyRat last year

Security Affairs

JUNE 29, 2023

North Korea-linked cyberespionage group Andariel used a previously undocumented malware called EarlyRat. Kaspersky researchers reported that the North Korea-linked APT group Andariel used a previously undocumented malware dubbed EarlyRat in attacks exploiting the Log4j Log4Shell vulnerability last year.

Malware

Malware Cybercrime Phishing Internet

North Korea dedicates a hacking group to fund cyber crime

CyberSecurity Insiders

APRIL 5, 2023

North Korea has established a hacking group named APT43 to fund its cybercrime activities, aimed at advancing Pyongyang’s geopolitical interests. Additionally, a new spying team named Archipelago, a subset of APT43, has emerged and is using phishing tactics to tar-get potential victims.

Hacking

Hacking Social Engineering Cryptocurrency Manufacturing

Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

APRIL 21, 2024

carmaker with phishing attacks Law enforcement operation dismantled phishing-as-a-service platform LabHost Previously unknown Kapeka backdoor linked to Russian Sandworm APT Cisco warns of a command injection escalation flaw in its IMC.

Data breaches

Data breaches Phishing Ransomware Malware

Daixin Team group claimed the hack of North Texas Municipal Water District

Security Affairs

NOVEMBER 28, 2023

The Daixin Team group claims to have hacked the North Texas Municipal Water District (US) and threatened to leak the stolen data. In October 2022, CISA, the FBI, and the Department of Health and Human Services (HHS) warned that the Daixin Team cybercrime group is actively targeting U.S.

Hacking

Hacking VPN Ransomware Cybercrime

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

SecureList

OCTOBER 20, 2021

Having been in the field for so long, we have witnessed some major changes in the cybercrime world’s modus operandi. This report shares our insights into the Russian-speaking cybercrime world and the changes in how it operates that have happened in the past five years. Client-side attacks on the wane.

Cybercrime

Cybercrime Banking Malware Ransomware

China-based Fangxiao group behind a long-running phishing campaign

Security Affairs

NOVEMBER 17, 2022

A China-based financially motivated group, tracked as Fangxiao, is behind a large-scale phishing campaign dating back as far as 2019. Researchers from Cyjax reported that a China-based financially motivated group, dubbed Fangxiao, orchestrated a large-scale phishing campaign since 2017. SecurityAffairs – hacking, phishing).

Phishing

Phishing Adware Retail Malware

Mobile Malware Uses Deepfakes, Social Engineering to Bypass Biometric Authentication

SecureWorld News

FEBRUARY 15, 2024

A sophisticated form of mobile malware dubbed "GoldPickaxe" has been uncovered, which collects facial recognition data to produce deepfake videos, enabling hackers to bypass biometric authentication protections on banking apps. The malware has been active since 2023, specifically targeting victims in Vietnam and Thailand.

Social Engineering

Social Engineering Mobile Authentication Engineering

New TA886 group targets companies with custom Screenshotter malware

Security Affairs

FEBRUARY 10, 2023

The TA886 hacking group targets organizations in the United States and Germany with new spyware tracked as Screenshotter. A recently discovered threat actor, tracked as TA886 by security firm Proofpoint, is targeting organizations in the United States and Germany with new malware dubbed Screenshotter.

Malware

Malware Phishing Spyware Cybercrime

Xenomorph malware is back after months of hiatus and expands the list of targets

Security Affairs

SEPTEMBER 26, 2023

A new campaign is spreading Xenomorph malware to Android users in the United States, Spain, Portugal, Italy, Canada, and Belgium. Researchers from ThreatFabric uncovered a new campaign spreading Xenomorph malware to Android users in the United States and all over the world. that was significantly improved.

Malware

Malware Banking Phishing Engineering

Info stealers and how to protect against them

Security Affairs

DECEMBER 18, 2023

Info stealers, the type of malware with its purpose in the name, can cripple businesses and everyday users alike. Info stealers, also known as information stealers, are a type of malicious software (malware) designed to covertly collect sensitive and personal information from a victim’s computer or network.

Banking

Banking Cybercrime Malware Accountability

FraudGPT, a new malicious generative AI tool appears in the threat landscape

Security Affairs

JULY 26, 2023

FraudGPT is another cybercrime generative artificial intelligence (AI) tool that is advertised in the hacking underground. According to Netenrich, this generative AI bot was trained for offensive purposes, such as creating spear phishing emails, conducting BEC attacks, cracking tools, and carding.

Artificial Intelligence

Artificial Intelligence Cybercrime Phishing Advertising

WikiLoader malware-as-a-service targets Italian organizations

Security Affairs

AUGUST 1, 2023

Threat actors are targeting Italian organizations with a phishing campaign aimed at delivering a new malware called WikiLoader. WikiLoader is a new piece of malware that is employed in a phishing campaign that is targeting Italian organizations. ” reads the post published by Proofpoint. ” continues the report.

Malware

Malware Phishing Banking Hacking

Rise of AI in Cybercrime: How ChatGPT is revolutionizing ransomware attacks and what your business can do

CyberSecurity Insiders

JUNE 13, 2023

Using ChatGPT’s large language model, anyone can easily generate malicious code or craft convincing phishing emails, all without any technical expertise or coding knowledge. They’re using machine learning algorithms to simulate trusted entities, create convincing phishing emails, and even evade detection.

Cybercrime

Cybercrime Ransomware Phishing Artificial Intelligence

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

Security Affairs

NOVEMBER 3, 2022

Sentinel Labs found evidence that links the Black Basta ransomware gang to the financially motivated hacking group FIN7. It focused on deploying POS malware and launching targeted spear-phishing attacks against organizations worldwide. SecurityAffairs – hacking, FIN7). Pierluigi Paganini.

Cybercrime

Cybercrime Ransomware Antivirus Malware

Security Affairs newsletter Round 466 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

APRIL 7, 2024

More than 16,000 Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894 Cisco warns of XSS flaw in end-of-life small business routers Magento flaw exploited to deploy persistent backdoor hidden in XML Cyberattack disrupted services at Omni Hotels & Resorts HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks US cancer center (..)

Data breaches

Data breaches Small Business Hacking Malware

Cybercriminals Use Azure Front Door in Phishing Attacks

Security Affairs

JUNE 21, 2022

Experts identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. USA) has identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. 1 – Example of Phishing Page Delivered by Azure Front Door (AFD).

Phishing

Phishing Accountability Hacking Scams

Threat actors use Quantum Builder to deliver Agent Tesla malware

Security Affairs

SEPTEMBER 29, 2022

The recently discovered malware builder Quantum Builder is being used by threat actors to deliver the Agent Tesla RAT. A recently discovered malware builder called Quantum Builder is being used to deliver the Agent Tesla remote access trojan (RAT), Zscaler ThreatLabz researchers warn. ” concludes the report.

Malware

Malware Cybercrime Phishing Hacking

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Security Affairs

JUNE 17, 2021

UNC2465 cybercrime group that is affiliated with the Darkside ransomware gang has infected with malware the website of a CCTV camera vendor. “UNC2465’s move from drive-by attacks on website visitors or phishing emails to this software supply chain attack shows a concerning shift that presents new challenges for detection. .

Cybercrime

Cybercrime Ransomware Antivirus Software

Recent DarkGate campaign exploited Microsoft Windows zero-day

Security Affairs

MARCH 14, 2024

“The phishing campaign employed open redirect URLs from Google Ad technologies to distribute fake Microsoft software installers (.MSI) “The fake installers contained a sideloaded DLL file that decrypted and infected users with a DarkGate malware payload.” MSI) installers. In mid-February, U.S.

Phishing

Phishing Malware Software Internet

FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks

Security Affairs

OCTOBER 22, 2021

FIN7 hacking group created fake cybersecurity companies to hire experts and involve them in ransomware attacks tricking them of conducting a pentest. The FIN7 hacking group is attempting to enter in the ransomware business and is doing it with an interesting technique. SecurityAffairs – hacking, cyber security).

Cybercrime

Cybercrime Ransomware Cybersecurity Backups

LogoKit update – The phishing kit leveraging Open Redirect Vulnerabilities

Security Affairs

AUGUST 8, 2022

LogoKit – Threat actors leveraging Open Redirect Vulnerabilities popular in online services and apps to bypass spam filters in phishing campaigns. Using highly trusted service domains like Snapchat and other online-services, they create special URLs which lead to malicious resources with phishing kits. Resecurity, Inc.

Phishing

Phishing Passwords Threat Detection Cybercrime

News Alert: HostingAdvice poll finds one in three Americans hacked upon visiting sketchy websites

The Last Watchdog

JULY 18, 2023

July 18, 2022 – Around 30,000 websites get hacked every day , with the majority of those cyberattacks due to human error. This has projected costs associated with cybercrimes to hit the tens of trillions by 2025, highlighting the vital need for web hosts to implement staunch security. Gainesville, Fla.,

Hacking

Hacking DDOS Small Business Spyware

HTML Smuggling technique used in phishing and malspam campaigns

Security Affairs

NOVEMBER 12, 2021

Threat actors are increasingly using the HTML smuggling technique in phishing campaigns, Microsoft researchers warn. Microsoft experts warn that threat actors are increasingly using the HTML smuggling technique in phishing campaigns to stealthily deliver threats. SecurityAffairs – hacking, phishing). Pierluigi Paganini.

Phishing

Phishing Banking Passwords Firewall

Large phishing campaign targets EMEA and APAC governments

Security Affairs

SEPTEMBER 20, 2021

Security researchers uncovered a large phishing campaign targeting multiple government departments in APAC and EMEA countries. . Researchers from cybersecurity firm Cyjax uncovered a large phishing campaign targeting multiple government departments in APAC and EMEA countries. . SecurityAffairs – hacking, phishing).

Phishing

Phishing Government Cybercrime Hacking

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Cryptocurrencies and cybercrime: A critical intermingling

Trending Sources

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Karma Catches Up to Global Phishing Service 16Shop

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Aurora Stealer Malware is becoming a prominent threat in the cybercrime ecosystem

As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide

FIN7 targeted a large U.S. carmaker phishing attacks

UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malware

Cybercrime Statistics in 2019

TA558 cybercrime group targets hospitality and travel orgs

Carbanak malware returned in ransomware attacks

Hackers abusing the Ngrok platform phishing attacks

Operation Synergia led to the arrest of 31 individuals

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

Phishing, the campaigns that are targeting Italy

Raccoon Malware, a success case in the cybercrime ecosystem

Russian Cybercrime Trickbot Group is systematically attacking Ukraine

Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

IcedID malware campaign targets Zoom users

North Korea-linked Andariel APT used a new malware named EarlyRat last year

North Korea dedicates a hacking group to fund cyber crime

Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION

Daixin Team group claimed the hack of North Texas Municipal Water District

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

China-based Fangxiao group behind a long-running phishing campaign

Mobile Malware Uses Deepfakes, Social Engineering to Bypass Biometric Authentication

New TA886 group targets companies with custom Screenshotter malware

Xenomorph malware is back after months of hiatus and expands the list of targets

Info stealers and how to protect against them

FraudGPT, a new malicious generative AI tool appears in the threat landscape

WikiLoader malware-as-a-service targets Italian organizations

Rise of AI in Cybercrime: How ChatGPT is revolutionizing ransomware attacks and what your business can do

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

Security Affairs newsletter Round 466 by Pierluigi Paganini – INTERNATIONAL EDITION

Cybercriminals Use Azure Front Door in Phishing Attacks

Threat actors use Quantum Builder to deliver Agent Tesla malware

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Recent DarkGate campaign exploited Microsoft Windows zero-day

FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks

LogoKit update – The phishing kit leveraging Open Redirect Vulnerabilities

News Alert: HostingAdvice poll finds one in three Americans hacked upon visiting sketchy websites

HTML Smuggling technique used in phishing and malspam campaigns

Large phishing campaign targets EMEA and APAC governments

Stay Connected