Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners
A financially motivated operation codenamed REF1695 has been observed leveraging fake installers to deploy remote access trojans (RATs) and cryptocurrency mi...
Campaigns
20 articles
Fake CERT-UA Site Spreads Go-Based RAT in Phishing Campaign
Hackers have launched a targeted phishing campaign by cloning Ukraine’s official CERT-UA website and distributing malicious software disguised as a security ...
RFQ Malware Campaign Uses DOCX, RTF, JS, and Python
Hackers are abusing DOCX, RTF, JavaScript, PowerShell, and Python to deliver an in‑memory Cobalt Strike beacon in a stealthy spear‑phishing campaign that imp...
NoVoice on Google Play Exploits 22 Flaws to Hit Millions of Android Users
NoVoice is a new Android rootkit campaign that hid in more than 50 apps on Google Play, exploiting 22 vulnerabilities to hijack millions of older and unpatch...
TA416 Broadens Europe Spy Campaign With Web Bugs and Malware
China-aligned threat actor TA416 has resumed large-scale espionage against European governments. It is now expanding to Middle Eastern diplomatic targets, co...
WhatsApp Attack Chain Delivers VBS, Cloud Payloads, MSI Backdoor
A new malware campaign that abuses WhatsApp messages to deliver malicious Visual Basic Script (VBS) files to Windows users, enabling persistent remote access...
Frequently Asked Questions About the Axios npm Supply Chain Attack by North Korea-Nexus Threat Actor UNC1069
A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access trojan to potentially millions of d...
Campaign combines WhatsApp with legit cloud platforms to deliver malicious VBS files
Attackers continue to evade defenders by using legitimate platforms like AWS and Microsoft utilities.
CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails
The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a new phishing campaign in which the cybersecurity agency itself was imper...
Bogus LinkedIn message alerts enable credential siphoning
Malicious actors have been distributing fraudulent LinkedIn alert messages for potential job opportunities to facilitate credential exfiltration in a new phi...
Report sheds more light on Phantom Stealer
Attacks involving the .NET-based Phantom Stealer, which has been bundled with a crypter and a remote access tool under the Phantom Project cybercrime kit, ha...
Widespread Microsoft 365 account compromise sought by Iran-linked hackers
Widespread Microsoft 365 account compromise sought by Iran-linked hackers More than 300 organizations in Israel, over 25 others in the United Arab Emirates, ...
AWS environments targeted by TeamPCP
Threat operation TeamPCP, also known as PCPcat, DeadCatx3, and ShellForce, has tapped credentials siphoned from its sweeping supply chain attacks against Tri...
North Korean hackers blamed for axios supply chain hack
North Korean threat operation UNC1069 was noted by the Google Threat Intelligence Group to have perpetrated the npm supply chain attack against the widely us...
European-Chinese geopolitical issues drive renewed cyberespionage campaign
Proofpoint researchers say the group behind the surge, TA416, had turned away from Europe for a few years. The post European-Chinese geopolitical issues driv...
Google links Axios npm supply chain attack to North Korea-linked APT UNC1069
Google links the Axios npm supply chain attack to North Korean threat group UNC1069, targeting financial gain. Google has attributed the recent Axios npm sup...
Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures
A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking trojans lik...
Chinese Hackers Target European Governments in Espionage Campaigns
Chinese state-backed group TA416 had suspended its cyber espionage operations in Europe since 2023, noted Proofpoint
Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass
Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files. The activity, ...
WhatsApp malware campaign uses malicious VBS files to gain persistent access
Microsoft is warning WhatsApp users of a new malware campaign that tricks them into executing malicious Visual Basic Script (VBS) files, ultimately enabling ...