12 matches found
Ukraine’s largest bank PrivatBank Targeted with SmokeLoader malware
UAC-0006, a financially motivated threat actor, targets PrivatBank customers with advanced phishing attacks. CloudSEK's research reveals malicious emails…...
PureCrypter Deploys Agent Tesla and New TorNet Backdoor in Ongoing Cyberattacks
A financially motivated threat actor has been linked to an ongoing phishing email campaign that has been ongoing since at least July 2024 specifically targeting users in Poland and Germany. The attacks have led to the deployment of various payloads, such as Agent Tesla, Snake Keylogger, and a...
TA4903 Spoofing Government Entities and SMBs for Financial Gain
Summary: TA4903, a financially motivated threat actor, conducts high-volume email campaigns targeting U.S. organizations for credential phishing and business email compromise BEC. They spoof various U.S. government agencies and private businesses, employing tools like EvilProxy and incorporating ...
Financial cyberthreats in 2022
Financial gain remains the key driver of cybercriminal activity. In the past year, weve seen multiple developments in this area – from new attack schemes targeting contactless payments to multiple ransomware groups continuing to emerge and haunt businesses. However, traditional financial threats ...
UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat
Mandiant has observed an aggressive financially motivated group, UNC2447, exploiting one SonicWall VPN zero-day vulnerability prior to a patch being available and deploying sophisticated malware previously reported by other vendors as SOMBRAT. Mandiant has linked the use of SOMBRAT to the...
The U.S. Secret Service Selects Tom Kellermann to Serve on Inaugural Cyber Investigations Advisory Board
Cybersecurity has become a recurring global news headline. From ransomware to data breaches, cyberattacks continue to be one of the biggest threats to both the private and public sectors. Earlier this year, the FBI reported a 400 percent increase in cybercrime1. And for the public sector, this is...
Here are the most popular robocall scams and how to avoid them
We recently examined how robocall scams are a serious threat to privacy, alongside the astonishing rate at which their volume continues to increase. Forty-three billion calls in 2019 with an average of 131 calls per person in the US alone is not something to be sniffed at. No matter how careful y...
BRATA Android RAT Steals Banking Info in Real Time
A powerful Android remote access tool RAT family dubbed BRATA is proliferating, with at least 20 different variants cropping up since it was first spotted in January. The majority of the binaries have been found in the official Google Play store, masquerading as updates for the instant messaging...
Obfuscation in the Wild: Targeted Attackers Lead the Way in Evasion Techniques
Throughout 2017 we have observed a marked increase in the use of command line evasion and obfuscation by a range of targeted attackers. Cyber espionage groups and financial threat actors continue to adopt the latest cutting-edge application whitelisting bypass techniques and introduce innovative...
Obfuscation in the Wild: Targeted Attackers Lead the Way in Evasion Techniques
Throughout 2017 we have observed a marked increase in the use of command line evasion and obfuscation by a range of targeted attackers. Cyber espionage groups and financial threat actors continue to adopt the latest cutting-edge application whitelisting bypass techniques and introduce innovative...
M-Trends 2017: A View From the Front Lines
Every year Mandiant responds to a large number of cyber attacks, and 2016 was no exception. For our M-Trends 2017 report, we took a look at the incidents we investigated last year and provided a global and regional the Americas, APAC and EMEA analysis focused on attack trends, and defensive and...
Thriving Beyond The Operating System: Financial Threat Group Targets Volume Boot Record
In September, Mandiant Consulting identified a financially motivated threat group targeting payment card data using sophisticated malware that executes before the operating system boots. This rarely seen technique, referred to as a ‘bootkit’, infects lower-level system components making it very...