Information Security, Phishing and Security Intelligence

HTML Smuggling technique used in phishing and malspam campaigns

Security Affairs

NOVEMBER 12, 2021

Threat actors are increasingly using the HTML smuggling technique in phishing campaigns, Microsoft researchers warn. Microsoft experts warn that threat actors are increasingly using the HTML smuggling technique in phishing campaigns to stealthily deliver threats. — Microsoft Security Intelligence (@MsftSecIntel) July 23, 2021.

Phishing

Phishing Banking Passwords Malware

North Korea-linked APT Emerald Sleet is using a new tactic

Security Affairs

FEBRUARY 12, 2025

The threat actor impersonates a South Korean government official to build trust with the target before sending a spear-phishing email with a bait PDF attachment. The IT giant recommends training users about phishing and employing attack surface reduction rules. LNK shortcut files, disguised as Office documents.

Phishing

Phishing Malware Security Intelligence Hacking

Kimsuky APT exploited BlueKeep RDP flaw in attacks against South Korea and Japan

Security Affairs

APRIL 21, 2025

While investigating a security breach, the AhnLab SEcurity intelligence Center (ASEC) researchers discovered a North Korea-linked group Kimsuky ‘s campaign, tracked as Larva-24005. Experts observed Kimsuky sending phishing emails targeting Korea and Japan from compromised systems.

Phishing

Phishing Malware Security Intelligence Hacking

Kimsuky APT group used custom RDP Wrapper version and forceCopy stealer

Security Affairs

FEBRUARY 8, 2025

Researchers spotted North Korea’s Kimsuky APT group launching spear-phishing attacks to deliver forceCopy info-stealer malware. Researchers from AhnLab Security Intelligence Center (ASEC) observed North Korea’s Kimsuky APT group conducting spear-phishing attacks to deliver forceCopy info-stealer malware.

Malware

Malware Phishing Security Intelligence Hacking

UK NCSC warns of spear-phishing attacks from Russia-linked and Iran-linked groups

Security Affairs

JANUARY 26, 2023

National Cyber Security Centre (NCSC) warns of a surge in the number of attacks from Russian and Iranian nation-state actors. National Cyber Security Centre (NCSC) is warning of targeted phishing attacks conducted by threat actors based in Russia and Iran. The are increasingly targeting organizations and individuals.

Phishing

Phishing Media Hacking Education

RevengeRAT and AysncRAT target aerospace and travel sectors

SC Magazine

MAY 14, 2021

Microsoft Security Intelligence earlier this week tweeted out that it has been tracking a campaign of remote access trojans (RATs) targeting the aerospace and travel industries with spear-phishing emails that distribute an actively developed loader, which then delivers RevengeRAT or AysncRAT. Photo by Joe Raedle/Getty Images).

Phishing

Phishing Scams Security Awareness Security Intelligence

Microsoft warns TA505 changed tactic in an ongoing malware campaign

Security Affairs

FEBRUARY 2, 2020

An ongoing phishing campaign launched by TA505 is using attachments featuring HTML redirectors for delivering malicious Excel docs. pic.twitter.com/mcRyEBUmQH — Microsoft Security Intelligence (@MsftSecIntel) January 30, 2020. TA505 hacking group has been active since 2014 focusing on Retail and banking sectors.

Malware

Malware Security Intelligence Banking Phishing

Threat actor has been targeting the aviation industry since at least 2018

Security Affairs

SEPTEMBER 18, 2021

Security researchers from the Cisco Talos team uncovered a spear-phishing campaign targeting the aviation industry for two years avoiding detection. Security researchers from Cisco Talos uncovered a spear-phishing campaign targeting, dubbed Operation Layover, that targeted the aviation industry for two years without being detected.

Malware

Malware Phishing DNS Cybercrime

Russia-linked Nobelium APT targets orgs in the global IT supply chain

Security Affairs

OCTOBER 25, 2021

Microsoft is sharing information about the latest activity observed from the threat actor NOBELIUM, which has been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain: [link] — Microsoft Security Intelligence (@MsftSecIntel) October 25, 2021.

Telecommunications

Telecommunications Technology Hacking Malware

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

OCTOBER 6, 2020

The alert published by CISA was based on data provided by the Multi-State Information Sharing & Analysis Center (MS-ISAC) and the CISA itself since July 2020. “Since August, CISA and MS-ISAC have seen a significant increase in malicious cyber actors targeting state and local governments with Emotet phishing emails.

Government

Government Banking Advertising Malware

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Security Affairs

DECEMBER 1, 2020

Learn how the group tried to stay under the radar using threats perceived to be less alarming: [link] — Microsoft Security Intelligence (@MsftSecIntel) November 30, 2020. New blog: The threat actor BISMUTH, which has been running increasingly complex targeted attacks, deployed coin miners in campaigns from July to August 2020.

Cryptocurrency

Cryptocurrency Antivirus Government Manufacturing

A new Astaroth Trojan Campaign uncovered by Microsoft

Security Affairs

JULY 9, 2019

See how #MicrosoftDefenderATP next-gen protection defeated the #fileless attack: [link] — Microsoft Security Intelligence (@MsftSecIntel) July 8, 2019. The malware is able to log the users’ keystrokes, collect information through hooking, access clipboard content, and monitor the keystate. .

Antivirus

Antivirus Malware Advertising Security Intelligence

Iran-linked Phosphorous APT hacked emails of security conference attendees

Security Affairs

OCTOBER 29, 2020

.” Microsoft Threat Intelligence Information Center (MSTIC) has uncovered activity by the threat actor PHOSPHOROUS, which has been masquerading as conference organizers and sending spoofed invitations by email to high-profile individuals. Saudi Arabia, and Iraq.

Hacking

Hacking Security Intelligence Advertising Accountability

Cybersecurity Checklist for Political Campaigns

Lenny Zeltser

MAY 3, 2019

Campaign attackers have been highly effective at fooling victims into revealing their logon credentials to copycat websites (phishing). Attackers stole campaign participants’ access credentials. They’ve also tricked people into granting malicious applications access to email and other sensitive resources. government.

Cybersecurity

Cybersecurity Social Engineering Authentication Software

Hackers Also Have Financial Reporting And Quotas :)

Security Boulevard

JUNE 18, 2022

Ransomware attacks, phishing attacks, and business email compromises continue to impact organizations more frequently than a year ago. Security breaches cause foreseeable financial damage to the organization. In many cases, more significant than the amount spent on combined network security, cloud security, and artificial intelligence.

Hacking

Hacking CISO Cybersecurity Banking

Cyber Security Awareness and Risk Management

Spinone

DECEMBER 26, 2018

Social engineering attacks , including phishing, spam, and viruses introduced via clickable links within e-mail affected 80% of the banking institutions in 2016. VoIP phishing and impersonation also victimized millions of corporate employees across the world , contributing to an even greater cyber threat.

Security Awareness

Security Awareness Risk Cyber threats Cyber Risk

Microsoft disrupts SEABORGIUM ’s ongoing phishing operations

Security Affairs

AUGUST 15, 2022

Microsoft has disrupted activity by SEABORGIUM, a Russia-based actor launching persistent phishing, credential and data theft, intrusions, and hack-and-leak campaigns tied to espionage. More details + TTPs in this MSTIC blog: [link] — Microsoft Security Intelligence (@MsftSecIntel) August 15, 2022. Pierluigi Paganini.

Phishing

Phishing Accountability Hacking Surveillance

Cyber Security Informer

HTML Smuggling technique used in phishing and malspam campaigns

North Korea-linked APT Emerald Sleet is using a new tactic

Trending Sources

Kimsuky APT exploited BlueKeep RDP flaw in attacks against South Korea and Japan

Kimsuky APT group used custom RDP Wrapper version and forceCopy stealer

UK NCSC warns of spear-phishing attacks from Russia-linked and Iran-linked groups

RevengeRAT and AysncRAT target aerospace and travel sectors

Microsoft warns TA505 changed tactic in an ongoing malware campaign

Threat actor has been targeting the aviation industry since at least 2018

Russia-linked Nobelium APT targets orgs in the global IT supply chain

CISA alert warns of Emotet attacks on US govt entities

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

A new Astaroth Trojan Campaign uncovered by Microsoft

Iran-linked Phosphorous APT hacked emails of security conference attendees

Cybersecurity Checklist for Political Campaigns

Hackers Also Have Financial Reporting And Quotas :)

Cyber Security Awareness and Risk Management

Microsoft disrupts SEABORGIUM ’s ongoing phishing operations

Stay Connected