Patchwork Targets Turkish Defense Firms with Spear-Phishing Using Malicious LNK Files

The threat actor known as Patchwork has been attributed to a new spear-phishing campaign targeting Turkish defense contractors with the goal of gathering strategic intelligence. "The campaign employs a five-stage execution chain delivered via malicious LNK files disguised as conference invitation...

Chinese Hackers Deploy MarsSnake Backdoor in Multi-Year Attack on Saudi Organization

Threat hunters have exposed the tactics of a China-aligned threat actor called UnsolicitedBooker that targeted an unnamed international organization in Saudi Arabia with a previously undocumented backdoor dubbed MarsSnake. ESET, which first discovered the hacking group's intrusions targeting the...

Nebulous Mantis Targets NATO-Linked Entities with Multi-Stage Malware Attacks

Cybersecurity researchers have shed light on a Russian-speaking cyber espionage group called Nebulous Mantis that has deployed a remote access trojan known as RomCom RAT since mid-2022. RomCom "employs advanced evasion techniques, including living-off-the-land LOTL tactics and encrypted command a...

The vulnerability of Microsoft Edge browser, related to the absence of warnings for dangerous actions, allows attackers to carry out spoofing attacks.

The vulnerability of Microsoft Edge is related to the absence of warnings about dangerous actions. Exploiting this vulnerability allows a remote attacker to carry out spear-phishing attacks...

Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service

The Russian nation-state actor tracked as Secret Blizzard has been observed leveraging malware associated with other threat actors to deploy a known backdoor called Kazuar on target devices located in Ukraine. The new findings come from the Microsoft threat intelligence team, which said it observ...

APT trends report Q3 2024

Kaspersky's Global Research and Analysis Team GReAT has been releasing quarterly summaries of advanced persistent threat APT activity for over seven years now. Based on our threat intelligence research, these summaries offer a representative overview of what we've published and discussed in more...

Guess Who’s Back - The Return of ANEL in the Recent Earth Kasha Spear-phishing Campaign in 2024

Trend Micro has identified a spear-phishing campaign active in Japan since June 2024. Evidence about the malware used by this campaign suggests this was part of a new operation by Earth Kasha...

SteelFox and Rhadamanthys Malware Use Copyright Scams, Driver Exploits to Target Victims

An ongoing phishing campaign is employing copyright infringement-related themes to trick victims into downloading a newer version of the Rhadamanthys information stealer since July 2024. Cybersecurity firm Check Point is tracking the large-scale campaign under the name CopyRhightadamantys. Target...

China-Aligned MirrorFace Hackers Target EU Diplomats with World Expo 2025 Bait

The China-aligned threat actor known as MirrorFace has been observed targeting a diplomatic organization in the European Union, marking the first time the hacking crew has targeted an entity in the region. "During this attack, the threat actor used as a lure the upcoming World Expo, which will be...

VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware

An ongoing threat campaign dubbed VEILDrive has been observed taking advantage of legitimate services from Microsoft, including Teams, SharePoint, Quick Assist, and OneDrive, as part of its modus operandi. "Leveraging Microsoft SaaS services — including Teams, SharePoint, Quick Assist, and OneDri...

Booking.com Phishers May Leave You With Reservations

A number of cybercriminal innovations are making it easier for scammers to cash in on your upcoming travel plans. This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. We'll also explore an array of cybercrime services aim...

SideWinder APT Strikes Middle East and Africa With Stealthy Multi-Stage Attack

An advanced persistent threat APT actor with suspected ties to India has sprung forth with a flurry of attacks against high-profile entities and strategic infrastructures in the Middle East and Africa. The activity has been attributed to a group tracked as SideWinder, which is also known as...

UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants

Cisco Talos has observed a new wave of attacks active since at least late 2023, from a Russian speaking group we track as "UAT-5647", against Ukrainian government entities and unknown Polish entities. UAT-5647 is also known as RomCom and is widely attributed to Russian speaking threat actors in...

Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack

A new spear-phishing campaign targeting Brazil has been found delivering a banking malware called Astaroth aka Guildma by making use of obfuscated JavaScript to slip past security guardrails. "The spear-phishing campaign's impact has targeted various industries, with manufacturing companies, reta...

Beyond the Surface: the evolution and expansion of the SideWinder APT group

SideWinder, aka T-APT-04 or RattleSnake, is one of the most prolific APT groups that began its activities in 2012 and was first publicly mentioned by us in 2018. Over the years, the group has launched attacks against high-profile entities in South and Southeast Asia. Its primary targets have been...

Cyberattack Group 'Awaken Likho' Targets Russian Government with Advanced Tools

Russian government agencies and industrial entities are the target of an ongoing activity cluster dubbed Awaken Likho. "The attackers now prefer using the agent for the legitimate MeshCentral platform instead of the UltraVNC module, which they had previously used to gain remote access to systems,...

THN Cybersecurity Recap: Top Threats and Trends (Sep 30 - Oct 6)

Ever heard of a "pig butchering" scam? Or a DDoS attack so big it could melt your brain? This week's cybersecurity recap has it all – government showdowns, sneaky malware, and even a dash of app store shenanigans. Get the scoop before it's too late! ⚡ Threat of the Week Double Trouble: Evil Corp&...

U.S. and Microsoft Seize 107 Russian Domains in Major Cyber Fraud Crackdown

Microsoft and the U.S. Department of Justice DoJ on Thursday announced the seizure of 107 internet domains used by state-sponsored threat actors with ties to Russia to facilitate computer fraud and abuse in the country. "The Russian government ran this scheme to steal Americans' sensitive...

Fake Job Applications Deliver Dangerous More_eggs Malware to HR Professionals

A spear-phishing email campaign has been observed targeting recruiters with a JavaScript backdoor called Moreeggs, indicating persistent efforts to single out the sector under the guise of fake job applications. "A sophisticated spear-phishing lure tricked a recruitment officer into downloading a...

Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC

We observed Earth Baxia carrying out targeted attacks against APAC countries that involved advanced techniques like spear-phishing and customized malware, with data suggesting that the group operates from China...