Cybercrime, AgentTesla now passes from Russian customs
The doc attachment contacts a link, exploiting the Equation Editor vulnerability, and downloads an exe: the malware. Data is then exfiltered via SMTP to an email address.
Cybercrime, Auchan Poland bait for an AgentTesla campaign
The doc attachment contacts a link, also used for Lokibot, and downloads the malware. The stolen data is exfiltrated to an email via SMTP.
Cybercrime, new wave of the AgentTesla campaign on Isbank
The message template is identical to the previous one, except for the dates and the name of the attachment: 25_153325_221122_113030.7z. Inside is an exe, the malware, which exfiltrates stolen data via SMTP.
Cyber Warfare, XakNet offensive against the energy sector in Ukraine
Pro-Russian hackers close to the GRU attack institutions, carriers and suppliers with DDoS. The operation is complementary to the Moscow military one: the objectives are shared.
Cybercrime, Alibaba bait of an HTML phishing scam
A fake email points to a page that simulates that of the e-commerce portal. Objective: steal credentials.
Cybercrime, Sharkbot is disguised in Android file managers apps
The apps work as a dropper for the malware and they are downloaded mostly from UK and Italy. The trojan attempts to steal online bank credentials.
Cybercrime, fake Audit report bait for an HTML phishing campaign
The goal is to steal the SharePoint Online credentials via a fake platform landing page. Victims have three attempts to digit the password, all of which will be wrong.
Cybercrime, AgentTesla now passes by banks in Turkey
The email attachment “12790429914_20221122_05373027_HesapOzeti.7z” contains an exe file: the malware. Stolen data is exfiltrated via SMTP.
Cyber Warfare, TeamOneFist targets Russian AI controllers
Op.Neutrino compromised an operational AI/ML model, in addition to a power grid SCADA/ICS, belonging to the DK Port substation. It’s the new response for the attacks in Ukraine.
Cybercrime, fake free Starlink download spreads RaccoonStealer
The cybersecurity researcher “idclickthat” discovered a fake website with a link that downloads a rar with a “setup” exe inside: the malware.