Campaign combines WhatsApp with legit cloud platforms to deliver malicious VBS files
Attackers continue to evade defenders by using legitimate platforms like AWS and Microsoft utilities.
Campaigns
20 articles
CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails
The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a new phishing campaign in which the cybersecurity agency itself was imper...
Bogus LinkedIn message alerts enable credential siphoning
Malicious actors have been distributing fraudulent LinkedIn alert messages for potential job opportunities to facilitate credential exfiltration in a new phi...
Report sheds more light on Phantom Stealer
Attacks involving the .NET-based Phantom Stealer, which has been bundled with a crypter and a remote access tool under the Phantom Project cybercrime kit, ha...
Widespread Microsoft 365 account compromise sought by Iran-linked hackers
Widespread Microsoft 365 account compromise sought by Iran-linked hackers More than 300 organizations in Israel, over 25 others in the United Arab Emirates, ...
AWS environments targeted by TeamPCP
Threat operation TeamPCP, also known as PCPcat, DeadCatx3, and ShellForce, has tapped credentials siphoned from its sweeping supply chain attacks against Tri...
North Korean hackers blamed for axios supply chain hack
North Korean threat operation UNC1069 was noted by the Google Threat Intelligence Group to have perpetrated the npm supply chain attack against the widely us...
European-Chinese geopolitical issues drive renewed cyberespionage campaign
Proofpoint researchers say the group behind the surge, TA416, had turned away from Europe for a few years. The post European-Chinese geopolitical issues driv...
Google links Axios npm supply chain attack to North Korea-linked APT UNC1069
Google links the Axios npm supply chain attack to North Korean threat group UNC1069, targeting financial gain. Google has attributed the recent Axios npm sup...
Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures
A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking trojans lik...
Chinese Hackers Target European Governments in Espionage Campaigns
Chinese state-backed group TA416 had suspended its cyber espionage operations in Europe since 2023, noted Proofpoint
Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass
Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files. The activity, ...
WhatsApp malware campaign uses malicious VBS files to gain persistent access
Microsoft is warning WhatsApp users of a new malware campaign that tricks them into executing malicious Visual Basic Script (VBS) files, ultimately enabling ...
CrystalX Malware-as-a-Service Spreads via Telegram With Stealer, RAT Tools
Hackers are actively promoting a new malware-as-a-service (MaaS) platform called CrystalX RAT through private Telegram channels, offering cybercriminals a po...
Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069
Google has formally attributed the supply chain compromise of the popular Axios npm package to a financially motivated North Korean threat activity cluster t...
Allegedly stolen Lockheed Martin data being peddled for almost $600M
Leading U.S.
New Ukrainian CERT-spoofing phishing campaign delivers RAT
Ukrainian government entities, healthcare providers, financial providers, security firms, educational institutions, and software development companies have b...
Google links axios supply chain attack to North Korean group
Google Threat Intelligence Group (GTIG) joined several other researchers in attributing the attack to a North Korean threat actor they call UNC1069. Sentinel...
AtlasCross RAT campaign targets Chinese users via typosquatted domains
The campaign, attributed to the Chinese cybercrime group Silver Fox, encompasses a wide range of applications including VPN clients, encrypted messengers, vi...
North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack
Written by: Austin Larsen, Dima Lenz, Adrian Hernandez, Tyler McLellan, Christopher Gardner, Ashley Zaya, Michael Rudden Introduction Google Threat Intellige...