2016, Information Security and Phishing

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Security Affairs

MAY 13, 2024

Experts reported that since April, the Phorpiex botnet sent millions of phishing emails to spread LockBit Black ransomware. Phishing Reporting : Report phishing emails and other malicious cyber activities to relevant authorities like the FBI’s IC3 and the NJCCIC.

Phishing

Phishing Ransomware Security Awareness Authentication

TrickGate, a packer used by malware to evade detection since 2016

Security Affairs

JANUARY 31, 2023

TrickGate is a shellcode-based packer offered as a service, which is used at least since July 2016, to hide malware from defense programs. The attack chain observed by the experts can vary significantly, but in most cases, threat actors used phishing messages with malicious attachments or malicious links. ” continues the report.

Malware

Malware Antivirus Manufacturing Healthcare

Cybercriminals Use Azure Front Door in Phishing Attacks

Security Affairs

JUNE 21, 2022

Experts identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. USA) has identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. 1 – Example of Phishing Page Delivered by Azure Front Door (AFD).

Phishing

Phishing Accountability Hacking Scams

Kaspersky report: Malware shared by USCYBERCOM first seen in December 2016

Security Affairs

JULY 9, 2019

The malware samples shared by USCYBERCOM last week were first detected in December 2016 in attacks attributed to Iran-linked APT33. Last week the United States Cyber Command (USCYBERCOM) uploaded to VirusTotal a malware used by Iran-linked APT33 group in attacks in Dec 2016 and Jan 2017. ” reads a report published by Kaspersky.

Malware

Malware InfoSec Advertising Government

Fake Cisco ‘Critical Update’ used in phishing campaign to steal WebEx credentials

Security Affairs

APRIL 11, 2020

Crooks are using a fake Cisco “critical security advisory” in a new phishing campaign aimed at stealing victims’ Webex credentials. The Cofense’s phishing defense center has uncovered an ongoing phishing campaign that uses a Cisco security advisory related to a critical vulnerability as a lure. name=CVE-2016-9223.

Phishing

Phishing Advertising Healthcare Cyber Attacks

Facebook ads used to steal 615000+ credentials in a phishing campaign

Security Affairs

JANUARY 1, 2021

Cybercriminals are abusing Facebook ads in a large-scale phishing scam aimed at stealing victims’ login credentials. Researchers from security firm ThreatNix spotted a new large-scale campaign abusing Facebook ads. The landing pages are phishing pages that impersonate legitimate companies. ” continues the post.

Phishing

Phishing Scams Accountability Malware

Hackers use a new technique in phishing attacks to disable Macro security warnings in weaponized docs

Security Affairs

JULY 9, 2021

Threat actors have devised a new trick to disable macro security warning that leverage non-malicious docs in phishing attacks. Most of the phishing attacks leverage weaponized Microsoft Office documents and social engineering techniques to trick recipients into enabling the macros. SecurityAffairs – hacking, phishing).

Phishing

Phishing Social Engineering Banking Engineering

New phishing campaign targets bank customers with WSH RAT

Security Affairs

JUNE 17, 2019

Security researchers at Cofense have spotted a phishing campaign aimed at commercial banking customers distributing a new remote access trojan (RAT) tracked as WSH RAT. Threat actors are using the RAT to deliver keyloggers and information stealers. Within five days, WSH RAT was observed being actively distributed via phishing.

Banking

Banking Phishing Advertising Malware

Introducing Behavioral Information Security

The Falcon's View

AUGUST 29, 2017

For those unfamiliar with Fogg's work, he started out doing research on Persuasive Technology back in the 90s, which has become the basis for most modern uses of technology to influence people (for example, use of Facebook user data to influence the 2016 US Presidential Election). Well, low-and-behold, it already exists!

Information Security

Information Security InfoSec Social Engineering Security Awareness

Russia-linked APT28 and crooks are still using the Moobot botnet

Security Affairs

MAY 3, 2024

The threat actors used the botnet harvest credentials, collect NTLMv2 digests, proxy network traffic, and host spear-phishing landing pages and custom tools. The Moobot botnet has been active since at least 2016, it also includes other routers and virtual private servers (VPS). ” reported Trend Micro.

Phishing

Phishing Cryptocurrency Internet Internet

APT28 targets key networks in Europe with HeadLace malware

Security Affairs

JUNE 3, 2024

Researchers at Insikt Group observed Russian GRU’s unit APT28 targeting networks across Europe with information-stealer Headlace and credential-harvesting web pages. The group was involved also in the string of attacks that targeted 2016 Presidential election. The campaigns targeted at least thirteen separate nations.

Malware

Malware Phishing Surveillance Internet

U.S. authorities charged an Iranian national for long-running hacking campaign

Security Affairs

MARCH 2, 2024

According to DoJ, from at least in or about 2016 through or about April 2021, Nasab and other co-conspirators carried out a coordinated multi-year campaign to breach computers worldwide. Nasab and other conspirators used spear phishing and other hacking techniques to infect more than 200,000 victim devices.

Hacking

Hacking Identity Theft Social Engineering Accountability

San Francisco’s transport agency Metropolitan Transportation Commission (MTC) exposes drivers’ plate numbers and addresses

Security Affairs

OCTOBER 3, 2023

Our researchers found that the letters are dated between 2016 and 2021. Risk of plate cloning While the leaked parking permits are no longer valid, malicious actors could use the exposed data for identity theft and to craft spear phishing attacks. Researchers contacted MTC, and public access to the data was closed.

Identity Theft

Identity Theft Scams Risk Phishing

Microsoft Patches Six Zero-Day Security Holes

Krebs on Security

JUNE 8, 2021

CVE-2021-31959 affects everything from Windows 7 through Windows 10 and Server versions 2008 , 2012 , 2016 and 2019. .” Microsoft also patched five critical bugs — flaws that can be remotely exploited to seize control over the targeted Windows computer without any help from users.

Backups

Backups Cyber threats Ransomware Phishing

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

APRIL 22, 2024

The group was involved also in the string of attacks that targeted 2016 Presidential election. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS).

Government

Government Education Phishing Malware

Google warns of APT28 attack attempts against 14,000 Gmail users

Security Affairs

OCTOBER 8, 2021

Google warned more than 14,000 Gmail users that they have been the target of nation-state spear-phishing campaigns. Shane Huntley, the head of the Threat Analysis Group (TAG), wrote on Twitter that his group had sent an above-average batch of government-backed security warnings. . . SecurityAffairs – hacking, spear-phishing).

Phishing

Phishing Government Hacking Accountability

Microsoft to notify Office 365 users of nation-state attacks

Security Affairs

FEBRUARY 8, 2021

Since 2016 , Microsoft has been alerting users of nation-state activity, now the IT giant added the same service to the Defender for Office 365 dashboard. The new security alert will notify companies when their employees are being targeted by state-sponsored attacks. . It automatically investigates and remediates attacks.

System Administration

System Administration Hacking Cyber threats Accountability

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Security Affairs

DECEMBER 10, 2020

Russia-link cyberespionage APT28 leverages COVID-19 as phishing lures to deliver the Go version of their Zebrocy (or Zekapab) malware. Russia-linked APT28 is leveraging COVID-19 as phishing lures in a new wave of attacks aimed at distributing the Go version of their Zebrocy (or Zekapab) malware. ” concludes the report.

Malware

Malware Phishing Government Data collection

CISA and FBI warn of ongoing TrickBot attacks

Security Affairs

MARCH 19, 2021

On Wednesday, the two US agencies published an advisory to warn organizations of a new wave of attacks conducted by cybercrime actors that are leveraging a traffic infringement phishing scheme to trick victims into installing the TrickBot malware. ” reads the advisory. ” continues the report.

Phishing

Phishing Cybercrime Malware Ransomware

Europol arrested 1800 money mules as part of an anti-money-laundering operation

Security Affairs

DECEMBER 2, 2021

The name EMMA is an acronym for European Money Mule Action operation, the first EMMA operation led by Europol took place in 2016. The money mules have a crucial role in criminal organizations to launder money for a wide array of illegal activities, such as online scams, sim-swapping, e-commerce fraud, and phishing.

Banking

Banking Scams Phishing Media

Phishing: What Everyone in Your Organization Needs to Know

NopSec

FEBRUARY 15, 2017

Do you feel confident that everyone in your organization could identify a phishing email that contained ransomware? In today’s post, we share information with the goal that it will help everyone in your organization protect themselves from phishing attacks.

Phishing

Phishing Social Engineering Engineering Healthcare

Top 5 Attack Vectors to Look Out For in 2022

Security Affairs

OCTOBER 21, 2021

Phishing techniques use social engineering to trick victims into taking an action that helps an attacker compromise your network or access your sensitive information assets. Fraudulent emails purporting to be from authoritative company sources are the main phishing attacks that employees fall victim to. Stolen Credentials.

IoT

IoT Phishing Passwords Scams

France agency ANSSI warns of Russia-linked APT28 attacks on French entities

Security Affairs

OCTOBER 27, 2023

The group was involved also in the string of attacks that targeted 2016 Presidential election. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS).

Government

Government Accountability Phishing Hacking

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. According to the Google Threat Horizons report, the state-sponsored hackers sent fake job offers to employees at the security companies. . ” reads the Google Threat Horizons report.

Malware

Malware Phishing Antivirus Hacking

Grandoreiro banking malware targets Mexico and Spain

Security Affairs

AUGUST 21, 2022

” The infection chain begins with a spear-phishing message written in Spanish that includes a link that points to a website that further downloads a malicious ZIP archive on the victim’s machine. . ” reads the post published by Zscaler.

Banking

Banking Malware Antivirus Phishing

U.S. Department of Defense discloses details about critical and high severity issues

Security Affairs

SEPTEMBER 4, 2020

They could: XSS Phishing Bypass domain security Steal sensitive user data, cookies, etc.” ” An attacker could exploit the issue to target visitors of the website with phishing and cross-site scripting attacks. . . “This would allow them to post malicious content which would be mistaken for a valid site.

Advertising

Advertising Phishing Hacking Technology

Social Blade discloses security breach

Security Affairs

DECEMBER 16, 2022

However the company recommends users to change their password as a precaution and remain vigilant to recognize phishing attempts. This is not the first time that the Social Blade infrastructure was breached, in 2016, the company suffered another security breach. Follow me on Twitter: @securityaffairs and Facebook and Mastodon.

Data breaches

Data breaches Passwords Media Phishing

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Phishing

Phishing Accountability Advertising DNS

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Security Affairs

APRIL 30, 2023

CERT-UA warns of a spear-phishing campaign conducted by APT28 group targeting Ukrainian government bodies with fake ‘Windows Update’ guides. The group was involved also in the string of attacks that targeted 2016 Presidential election. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

System Administration

System Administration Government Phishing Malware

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The infamous Locky ransomware was first spotted in the wild in February 2016. CryptXXX, another major family discovered in April 2016 and later rebranded as UltraCrypter, relied on exploit kits that used software vulnerabilities to infiltrate systems. The first viable Mac ransomware called KeRanger was spotted in the spring of 2016.

Ransomware

Ransomware Hacking Encryption Penetration Testing

The Only Thing Surprising About The Crippling Ransomware Attack On A Major US Fuel Pipeline Is That Anyone Is Surprised That The Attack Succeeded

Joseph Steinberg

MAY 12, 2021

And, just before the COVID-19 pandemic hit the United States, the Department of Homeland Security alerted information security professionals that a ransomware attack delivered via phishing emails had adversely impacted operations at one of the country’s natural gas processors. Nor were those isolated incidents.

Energy and Utilities

Energy and Utilities Ransomware Artificial Intelligence Cyber Attacks

Ways to Develop a Cybersecurity Training Program for Employees

Security Affairs

APRIL 15, 2022

While you may disagree, data breach studies show that employees and negligence are the most typical causes of security breaches, yet these prevalent issues are least discussed. While there are numerous approaches to promoting a more cyber secure workplace, here are the most common and effective ways: Trick Employees via a Phishing Campaign.

Cybersecurity

Cybersecurity Data privacy Data breaches Phishing

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Security Affairs

JULY 11, 2020

The Russian criminal was arrested in Prague in October 2016 in an international joint operation with the FBI. Nikulin used data stolen from Linkedin to launch spear-phishing attacks against employees at other companies, including Dropbox. Source: US Defense Watch.com. The jury verdict was passed on last week in a California court.

Hacking

Hacking Cybercrime Data breaches Advertising

Security Affairs newsletter Round 431 by Pierluigi Paganini – International edition

Security Affairs

AUGUST 6, 2023

Reptile Rootkit employed in attacks against Linux systems in South Korea New PaperCut flaw in print management software exposes servers to RCE attacks A cyberattack impacted operations of multiple hospitals in several US states Married couple pleaded guilty to laundering billions in cryptocurrency stolen from Bitfinex in 2016 Malicious packages in (..)

Malware

Malware Cybercrime Cryptocurrency Social Engineering

Pakistan-linked Transparent Tribe APT expands its arsenal

Security Affairs

MAY 16, 2021

The Operation Transparent Tribe (Operation C-Major, APT36, and Mythic Leopard) was first spotted by Proofpoint Researchers in Feb 2016, in a series of cyber espionage operations against Indian diplomats and military personnel in some embassies in Saudi Arabia and Kazakhstan. ” continues the report.

Malware

Malware Phishing Hacking Information Security

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

Security Affairs

JUNE 21, 2023

The group was involved also in the string of attacks that targeted 2016 Presidential election. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS).

Hacking

Hacking Government Phishing Malware

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Security Affairs

DECEMBER 5, 2023

The group was involved also in the string of attacks that targeted 2016 Presidential election. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS).

Accountability

Accountability Government Phishing Authentication

Sitting Ducks attack technique exposes over a million domains to hijacking

Security Affairs

AUGUST 1, 2024

This allows the attacker to perform malicious activities, such as malware distribution, phishing, brand impersonation, and data theft. The researcher Matt Bryant first detailed the attack vector in 2016 [ 1 , 2 ]]. “Eight years after it was first published, the attack vector is largely unknown and unresolved.

DNS

DNS Accountability Risk Phishing

North Korea-linked APT37 targets South with RokRat Trojan

Security Affairs

JANUARY 7, 2021

” The VBA self-decoding technique is not a novelty, the threat actor is using it since 2016. “The primary initial infection vector used by APT37 is spear phishing, in which the actor sends an email to a target that is weaponized with a malicious document. ” concludes the report.

Government

Government Phishing Encryption Malware

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Security Affairs

DECEMBER 7, 2023

The group was involved also in the string of attacks that targeted 2016 Presidential election. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS).

Government

Government Telecommunications Accountability Phishing

Experts found 20 Million tax records for Russian citizens exposed online

Security Affairs

OCTOBER 1, 2019

Security experts from Comparitech along with security researcher Bob Diachenko discovered 20 million tax records belonging to Russian citizens exposed online in clear text and without protection. “Potential victims should also be on the lookout for targeted phishing and other scams. ” continues the experts.

Identity Theft

Identity Theft Scams Advertising Risk

Donot Team cyberespionage group updates its Windows malware framework

Security Affairs

AUGUST 21, 2022

The Donot Team has been active since 2016, it focuses on government and military organizations, ministries of foreign affairs, and embassies in India, Pakistan, Sri Lanka, Bangladesh, and other South Asian countries. The Donot Team threat actor, aka APT-C-35 , has added new capabilities to its Jaca Windows malware framework.

Malware

Malware Spyware Phishing Government

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Security Affairs

DECEMBER 4, 2021

The Hancitor downloader has been active since at least 2016 for dropping Pony and Vawtrak. The Hancitor malware is distributed through phishing emails, or using compromised credentials, exploiting Microsoft Exchange vulnerabilities, or legitimate Remote Desktop Protocol (RDP) tools to gain initial access to a victim’s network.

Ransomware

Ransomware Hacking Malware Encryption

Russia-linked threat actors targets critical infrastructure, US authorities warn

Security Affairs

JANUARY 12, 2022

The alert provides information about tactics, techniques, and procedures (TTPs) associated with Russia-Linked threat actors, along with recommendations on incident response and mitigations. Russia-linked cyber-espionage groups have used common tactics, such as spear-phishing, and brute force attacks. Pierluigi Paganini.

Malware

Malware Cyber threats Government Hacking

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

TrickGate, a packer used by malware to evade detection since 2016

Trending Sources

Cybercriminals Use Azure Front Door in Phishing Attacks

Kaspersky report: Malware shared by USCYBERCOM first seen in December 2016

Fake Cisco ‘Critical Update’ used in phishing campaign to steal WebEx credentials

Facebook ads used to steal 615000+ credentials in a phishing campaign

Hackers use a new technique in phishing attacks to disable Macro security warnings in weaponized docs

New phishing campaign targets bank customers with WSH RAT

Introducing Behavioral Information Security

Russia-linked APT28 and crooks are still using the Moobot botnet

APT28 targets key networks in Europe with HeadLace malware

U.S. authorities charged an Iranian national for long-running hacking campaign

San Francisco’s transport agency Metropolitan Transportation Commission (MTC) exposes drivers’ plate numbers and addresses

Microsoft Patches Six Zero-Day Security Holes

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Google warns of APT28 attack attempts against 14,000 Gmail users

Microsoft to notify Office 365 users of nation-state attacks

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

CISA and FBI warn of ongoing TrickBot attacks

Europol arrested 1800 money mules as part of an anti-money-laundering operation

Phishing: What Everyone in Your Organization Needs to Know

Top 5 Attack Vectors to Look Out For in 2022

France agency ANSSI warns of Russia-linked APT28 attacks on French entities

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Grandoreiro banking malware targets Mexico and Spain

U.S. Department of Defense discloses details about critical and high severity issues

Social Blade discloses security breach

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Only Thing Surprising About The Crippling Ransomware Attack On A Major US Fuel Pipeline Is That Anyone Is Surprised That The Attack Succeeded

Ways to Develop a Cybersecurity Training Program for Employees

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Security Affairs newsletter Round 431 by Pierluigi Paganini – International edition

Pakistan-linked Transparent Tribe APT expands its arsenal

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Sitting Ducks attack technique exposes over a million domains to hijacking

North Korea-linked APT37 targets South with RokRat Trojan

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Experts found 20 Million tax records for Russian citizens exposed online

Donot Team cyberespionage group updates its Windows malware framework

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Russia-linked threat actors targets critical infrastructure, US authorities warn

Stay Connected