Russian BlueDelta (Fancy Bear) Uses PDFs to Steal Logins in Just 2 Seconds

New research from Recorded Future reveals how Russian state hackers BlueDelta are using fake Microsoft and Google login portals to steal credentials. The campaign involves using legitimate PDF lures from GRC and EcoClimate to trick victims...

Recorded Future Triage 安全漏洞

Recorded Future Triage is a cloud sandboxing service from US-based Recorded Future. A security vulnerability exists in Recorded Future Triage that stems from a Windows behavioral analysis engine that allows malicious samples to evade detection by recursively spawning a large number of child...

Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware

The threat actor known as Gamaredon has been observed leveraging Cloudflare Tunnels as a tactic to conceal its staging infrastructure hosting a malware called GammaDrop. The activity is part of an ongoing spear-phishing campaign targeting Ukrainian entities since at least early 2024 that's design...

AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition

The threat actors behind the Rhadamanthys information stealer have added new advanced features to the malware, including using artificial intelligence AI for optical character recognition OCR as part of what's called "Seed Phrase Image Recognition." "This allows Rhadamanthys to extract...

Facebook Ads Lead to Fake Websites Stealing Credit Card Information

Facebook users are the target of a scam e-commerce network that uses hundreds of fake websites to steal personal and financial data using brand impersonation and malvertising tricks. Recorded Future's Payment Fraud Intelligence team, which detected the campaign on April 17, 2024, has given it the...

Warning: Markopolo's Scam Targeting Crypto Users via Fake Meeting Software

A threat actor who goes by alias markopolo has been identified as behind a large-scale cross-platform scam that targets digital currency users on social media with information stealer malware and carries out cryptocurrency theft. The attack chains involve the use of a purported virtual meeting...

Medical-Targeted Ransomware Is Breaking Records After Change Healthcare’s $22M Payout

Cybersecurity firm Recorded Future counted 44 health-care-related incidents in the month after Change Healthcare’s payment came to light—the most it’s ever seen in a single month...

Cyber Criminals Exploit GitHub and FileZilla to Deliver Malware Cocktail

A "multi-faceted campaign" has been observed abusing legitimate services like GitHub and FileZilla to deliver an array of stealer malware and banking trojans such as Atomic aka AMOS, Vidar, Lumma aka LummaC2, and Octo by impersonating credible software like 1Password, Bartender 5, and Pixelmator...

Russian Cyber Adversary BlueCharlie Alters Infrastructure in Response to Disclosures

A Russia-nexus adversary has been linked to 94 new domains starting March 2023, suggesting that the group is actively modifying its infrastructure in response to public disclosures about its activities. Cybersecurity firm Recorded Future linked the revamped infrastructure to a threat actor it...

From MuddyC3 to PhonyC2: Iran's MuddyWater Evolves with a New Cyber Weapon

The Iranian state-sponsored group dubbed MuddyWater has been attributed to a previously unseen command-and-control C2 framework called PhonyC2 that's been put to use by the actor since 2021. Evidence shows that the custom made, actively developed framework has been leveraged in the February 2023...

OilAlpha: Emerging Houthi-linked Cyber Threat Targets Arabian Android Users

A hacking group dubbed OilAlpha with suspected ties to Yemen's Houthi movement has been linked to a cyber espionage campaign targeting development, humanitarian, media, and non-governmental organizations in the Arabian peninsula. "OilAlpha used encrypted chat messengers like WhatsApp to launch...

Gain real-time identity protection with Microsoft and Recorded Future

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. You’ve implemented multifactor authentication for access to your enterprise network. But what if multifactor authentication isn’t as foolproof as you’re hoping? Are you comfortable...

New Report Reveals NikoWiper Malware That Targeted Ukraine Energy Sector

The Russia-affiliated Sandworm used yet another wiper malware strain dubbed NikoWiper as part of an attack that took place in October 2022 targeting an energy sector company in Ukraine. "The NikoWiper is based on SDelete, a command line utility from Microsoft that is used for securely deleting...

Vulnerable SDK components lead to supply chain risks in IoT and OT environments

December 8, 2022 update - Reflected additional research on Boa-related CVEs and updated supply chain diagram. Vulnerabilities in network components, architecture files, and developer tools have become increasingly popular attack vectors to gain access into secure networks and devices. External...

Indian Energy Company Tata Power's IT Infrastructure Hit By Cyber Attack

Tata Power Company Limited, India's largest integrated power company, on Friday confirmed it was targeted by a cyberattack. The intrusion on IT infrastructure impacted "some of its IT systems," the company said in a filing with the National Stock Exchange NSE of India. It further said it has take...

Emotet Botnet Started Distributing Quantum and BlackCat Ransomware

The Emotet malware is now being leveraged by ransomware-as-a-service RaaS groups, including Quantum and BlackCat, after Conti's official retirement from the threat landscape this year. Emotet started off as a banking trojan in 2014, but updates added to it over time have transformed the malware...

Recorded Future: Storage of old passwords in plain text format

Summary: Server response from app.recordedfuture.com has old passwords for a logged in account in plain text format. Storage of passwords in any readable format or using weak hashes put the account or system at great risk. What's interesting is how RecordedFuture store multiple passwords not just...

Recorded Future: Dom Xss vulnerability

Summary: Dom Xss vulnerability Steps To Reproduce: add details for how we can reproduce the issue 1. Go to this link: https://api.recordedfuture.com/index.html 2. Open chrome devtool and go to console tab 3. Type: document.write'...alert1...'; 4. And boom! Alert 1! Impact XSS can have huge...

Recorded Future: [https://app.recordedfuture.com] - Reflected XSS via username parameter

Steps To Reproduce: 1- Visit https://app.recordedfuture.com/live/login/?reset=x&username=xss%22%3E%3Cimg+src=x+onerror=alertdocument.domain%3E Impact An attacker could be able to Inject Malicious Javascript to compromise users...

Deepfake Attacks Are About to Surge, Experts Warn

Artificial intelligence and the rise of deepfake technology is something cybersecurity researchers have cautioned about for years and now it’s officially arrived. Cybercriminals are increasingly sharing, developing and deploying deepfake technologies to bypass biometric security protections, and ...