SecureList

MARCH 1, 2021

The mobile malware Trojan-Ransom.AndroidOS.Agent.aq Last year was notable for both malware and adware, the two very close in terms of capabilities. Interestingly enough, the share of adware attacks increased in relation to mobile malware in general. They typically work with malware developers to achieve this.

Mobile 145

Mobile Malware Adware Banking 145

SecureList

MAY 6, 2024

A significant share of scam, phishing and malware attacks is about money. Methodology In this report, we present an analysis of financial cyberthreats in 2023, focusing on banking Trojans and phishing pages that target online banking, shopping accounts, cryptocurrency wallets and other financial assets. million in 2022.

Phishing 134

Phishing Banking Mobile Scams 134

Security Affairs

MARCH 11, 2025

SideWinder (also known as Razor Tiger, Rattlesnake, and T-APT-04) has been active since at least 2012, the group mainly targeted Police, Military, Maritime, and the Naval forces of Central Asian countries. SideWinder rapidly adapts to security detections, modifying malware within hours, altering tactics, techniques, and procedures.

Malware 67

Malware Government Phishing Hacking 67

Security Affairs

JULY 11, 2020

The Russian hacker Yevgeniy Nikulin found guilty for LinkedIn, Dropbox, and Formspring data breach back in 2012 and the sale of their users’ data. A jury found Russian hacker Yevgeniy Nikulin guilty for the hack of LinkedIn, Dropbox, and Formspring back in 2012 and for the sale of the stolen data on cybercrime black marketplaces.

Hacking 116

Hacking Cybercrime Data breaches Advertising 116

Security Affairs

APRIL 14, 2020

PaloAlto Networks experts warn of malicious Coronavirus themed phishing campaigns targeting government and medical organizations. Recently organizations in healthcare, research, and government facilities have been hit by Coronavirus-themed attacks that deployed multiple malware families, including ransomware and information stealers (i.e.

Healthcare 144

Healthcare Ransomware Phishing Government 144

CyberSecurity Insiders

JULY 21, 2021

According to a press release from Associated Press, the Saudi Arabia-based petroleum producer was hit by a cyber attack in 2012 where the servers of the company were targeted by a malware named ‘Shamoon’ via a ‘spear phishing’ attack deceptively launched by Iran.

Ransomware 139

Ransomware Encryption Cryptocurrency Cyber Attacks 139

CSO Magazine

JUNE 8, 2023

Researchers warn of a social engineering campaign by the North Korean APT group known as Kimsuky that attempts to steal email credentials and plant malware. Operating since at least 2012, the group often employs targeted phishing and social engineering tactics to gather intelligence and access sensitive information."

Social Engineering 108

Social Engineering Engineering Phishing Government 108

Security Affairs

SEPTEMBER 30, 2020

Russian national Yevgeniy Aleksandrovich Nikulin was sentenced to 88 months in prison for hacking LinkedIn, Dropbox, and Formspring in 2012. The Russian national Yevgeniy Aleksandrovich Nikulin was sentenced to 88 months in prison in the United States for hacking LinkedIn, Dropbox, and Formspring in 2012.

Identity Theft 110

Identity Theft Cybercrime Advertising Hacking 110

The Last Watchdog

JUNE 21, 2020

FBI spoofs 2012 – 2013. It surfaced in November 2012 and was making thousands of victims a day. Balaban This ransomware was doing the rounds over spam generated by the Gameover ZeuS botnet, which had been originally launched in 2011 as a toolkit for stealing victim’s banking credentials and was repurposed for malware propagation.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Security Affairs

AUGUST 26, 2020

A hack-for-hire group, tracked as DeathStalker, has been targeting organizations in the financial sector since 2012 Kaspersky researchers say. DeathStalker is a hack-for-hire group discovered by Kaspersky, it has been targeting organizations worldwide, mainly law firms and financial entities, since 2012. ” continues the report.

Malware 112

Malware Hacking Advertising Cybercrime 112

Security Affairs

DECEMBER 11, 2020

Facebook has suspended some accounts linked to APT32 that were involved in cyber espionage campaigns to spread malware. Facebook has suspended several accounts linked to the APT32 cyberespionage that abused the platform to spread malware. APT32 also carried out watering hole attacks through compromised websites or their own sites.

Retail 138

Retail Malware Mobile Accountability 138

Vipre

MAY 5, 2021

Yes, endpoint security is a vital element in your malware defense, but it cannot do the job alone. For instance, failing to educate users on the dangers of phishing amounts to business malpractice. Your answers should make it obvious in which areas of security you need to invest: Are you training users on the dangers of phishing?

Ransomware 122

Ransomware Backups Phishing Education 122

Security Affairs

MARCH 25, 2022

has indicted four Russian government employees for their role in cyberattacks targeting hundreds of companies and organizations in the energy sector worldwide between 2012 and 2018. The conspirators designed the Triton malware to prevent the refinery’s safety systems from functioning (i.e., ” continues the DoJ.

Government 115

Government Energy and Utilities Malware Hacking 115

Security Affairs

AUGUST 23, 2019

Malware researchers at Trend Micro discovered a new variant of the Asruex Trojan that exploits old Microsoft Office and Adobe vulnerabilities to infect Windows and Mac systems. CVE-2012-0158 is a critical remote code execution (RCE) vulnerability that affected Microsoft Office. . SecurityAffairs – Asruex Trojan, malware).

Malware 110

Malware Advertising Spyware Encryption 110

Security Affairs

JANUARY 3, 2024

They were used to access the internal workplace systems for BMW dealers and could have been useful to attackers for spear-phishing campaigns or malware distribution. This exploit could also be used for mass phishing campaigns, targeting customers,” our researchers said.

Phishing 136

Phishing Manufacturing Firewall Cybercrime 136

CyberSecurity Insiders

OCTOBER 24, 2021

times the amount observed during the 2012 London Olympics. According to a finding discovered by NTT Corporation that was assigned operating the digital services across the event, state funded hackers tried their best to disrupt the event that counted over 2.5

Cyber Attacks 141

Cyber Attacks Cyber Risk Backups Cyber threats 141

Security Affairs

DECEMBER 5, 2020

DeathStalker is a hack-for-hire group discovered by Kaspersky, it has been targeting organizations worldwide, mainly law firms and financial entities, since 2012. Once executed the command, the malware the malicious code sends back command execution results. “On

DNS 122

DNS Phishing Encryption Antivirus 122

Security Affairs

OCTOBER 7, 2020

The threat actor that employed the Kraken technique, likely an APT group, launched a phishing attack that used messages with a.ZIP file attachment. At the time of the analysis, the hard-coded target URL of the malware was not reachable making it impossible to attribute the Kraken technique to a specific threat actor.

Advertising 138

Advertising Hacking Manufacturing Phishing 138

Security Affairs

FEBRUARY 24, 2021

“Amnesty Tech’s Security Lab found technical evidence in phishing emails sent to two prominent Vietnamese human rights defenders, one of whom lives in Germany, and a Vietnamese NGO based in the Philippines, showing that Ocean Lotus is responsible for the attacks between 2018 and November 2020.”

Spyware 128

Spyware Government Surveillance Phishing 128

Security Affairs

APRIL 6, 2023

Google experts are tracking ARCHIPELAGO since 2012 and have observed the group targeting individuals with expertise in North Korea policy issues. The attack chain associated with ARCHIPELAGO starts with phishing emails that embed malicious links.

Phishing 98

Phishing Media Passwords Malware 98

Security Affairs

MARCH 25, 2022

Scarab APT was first spotted in 2015, but experts believe it has been active since at least 2012, conducting surgical attacks against a small number of individuals across the world, including Russia and the United States. The attacker spread their malware through phishing messages using weaponized documents that deploy the HeaderTip malware.

Malware 102

Malware Phishing Hacking Information Security 102

Security Affairs

FEBRUARY 26, 2020

Researchers from Cybaze Yoroi ZLab have spotted a new campaign exploiting the interest in coronavirus (COVID-19) evolution to spread malware. It is not new for cyber-crooks to exploit social phenomena to spread malware in order to maximize the impact and dissemination of a malicious campaign. Introduction. Technical Analysis.

Cyber Attacks 141

Cyber Attacks Malware Social Engineering Advertising 141

Security Affairs

APRIL 23, 2020

The APT32 group has been active since at least 2012, it has targeted organizations across multiple industries and foreign governments, dissidents, and journalists. According to FireEye, the nation-state hackers targeted the Wuhan Government and the Chinese Ministry of Emergency Management with spear-phishing attacks.

Government 124

Government Advertising Phishing Malware 124

Security Affairs

AUGUST 21, 2019

The APT41 has been active since at least 2012, it was involved in both state-sponsored espionage campaigns and financially-motivated attacks since 2014. Unlike other China-based actors, the group used custom malware in cyber espionage operations, experts observed 46 different malware families and tools in APT41 campaigns.

Malware 109

Malware Telecommunications Advertising Healthcare 109

Security Affairs

MARCH 27, 2023

Earth Preta, also known as “RedDelta” or “Bronze President,” has been active since at least 2012, it targeted American and European entities such as government organizations, think tanks, NGOs , and even Catholic organizations at the Vatican. The report details the execution flow for each of the above malware.

Malware 98

Malware Phishing Passwords Government 98

CyberSecurity Insiders

FEBRUARY 13, 2022

A report published by Sentinel One states that a hacking group named “Modified Elephant” was seen carrying out such criminal activities since 2012 and has started the game of planting criminal evidence on devices of innocent online users. Then how to keep such cyber crimes at bay?

Surveillance 94

Surveillance Passwords Malware Hacking 94

Security Affairs

MAY 31, 2022

SideWinder has been active since at least 2012, the group main targeted Police, Military, Maritime, and the Naval forces of Central Asian countries. The group stands out for the high frequency and persistence of its attacks, researchers believe that the APT group has carried out over 1,000 attacks since April 2020. ” states Kaspersky.

Encryption 100

Encryption Malware Phishing Hacking 100

Malwarebytes

JUNE 1, 2021

The Kimsuky APT—also known as Thallium, Black Banshee, and Velvet Chollima—is a North Korean threat actor that has been active since 2012. On December 2020, KISA (Korean Internet & Security Agency) provided a detailed analysis about the phishing infrastructure and TTPs used by Kimsuky to target South Korea. Phishing Infrastructure.

Government 145

Government Phishing Encryption Media 145

SC Magazine

MAY 5, 2021

A pair of related phishing campaigns this year took the unusual step of intentionally avoiding malicious links or attachments in its emails – a sign that threat actors may recognize the need to come up with new tactics. Here, workers prepare a presentation the day before the CeBIT 2012 technology trade fair.

Phishing 65

Phishing Scams Malware Social Engineering 65

Security Affairs

JUNE 24, 2019

US DHS CISA agency warns of increased cyber-activity from Iran aimed at spreading data-wiping malware through password spraying , credential stuffing , and spear-phishing. ” Past attacks attributed to Iran-linked hackers are: 2012 – Shamoon wiped over 30,000 computers at Saudi Aramco. The attacks are targeting U.S.

Backups 109

Backups Advertising Passwords Accountability 109

Security Affairs

MAY 9, 2022

In February 2022, Cisco Talos researchers started observing China-linked cyberespionage group Mustang Panda conducting phishing attacks against European entities, including Russian organizations. Upon opening the reports, the infection process starts leading to the deployment of malware on the victim’s system.

Government 98

Government Malware Phishing Hacking 98

Security Affairs

JUNE 6, 2019

According to Microsoft, the Platinum has been active since at least 2009, it was responsible for spear phishing attacks on ISPs, government organizations, intelligence agencies, and defense institutes. The campaign, which may have started as far back as 2012, featured a multi-stage approach and was dubbed EasternRoppels.”

Encryption 102

Encryption Government Advertising Cyber Attacks 102

Security Affairs

MARCH 5, 2019

The APT levera ges a variety of techniques for initial compromise, including web server exploitation, phishing campaigns delivering publicly available and custom backdoors, and strategic web compromises. The attackers also use TCP ports 80 and 443 to masquerade malicious network traffic.

Advertising 108

Advertising Technology Government Phishing 108

SecureList

JULY 14, 2021

In some cases, this was followed by deployment of a signed, but fake version of the popular application Zoom, which was in fact malware enabling the attackers to exfiltrate files from the compromised systems. It consists of sending a spear-phishing email to the victim containing a Dropbox download link. hxxps://www.dropbox[.]com/s/esh1ywo9irbexvd/COVID-19%20Case%2012-11-

Malware 145

Malware Phishing Technology Encryption 145

Security Affairs

MAY 2, 2023

North Korea-linked ScarCruft APT group started using oversized LNK files to deliver the RokRAT malware starting in early July 2022. The end goal of the nation-state actors is to deploy the ROKRAT on the victims’ systems by using spear-phishing emails. RokRat is believed to be the handiwork of the ScarCruft group.

Malware 98

Malware Education Media Phishing 98

SecureList

OCTOBER 7, 2024

Based on our telemetry, we concluded that the implant was delivered to victims’ devices via a malicious URL, likely obtained through phishing emails. In addition, previous attacks used Golang droppers to deliver malware – we didn’t find evidence of this in the current activity.

Phishing 135

Phishing Government Malware Software 135

SecureList

NOVEMBER 1, 2022

Since the malware in this incident was compiled on April 15, 2021, and compilation dates are the same for all known samples, this incident is likely to be the first involving Maui ransomware. This report included technical details of malware used in the campaign, such as Ecipekac, SodaMaster, P8RAT, FYAnti and QuasarRAT.

Malware 145

Malware Ransomware Spyware Encryption 145