Cybercrime, fake HSBC payment advice spreads Formbook
The gz attachment of the “Payment Advice - Ref: [HSBC1057029141] /RFQ Priority Payment / Customer Ref: [PI10771QT90]” email contains an exe file: the malware.
Cybercrime, purchase order from Spain bait for AgentTesla
The fake pdf attached to the "PURCHASE ORDER 05-30-2023" email contains a link, from which you download a tgz file with a TAR, inside which there is an exe: the malware.
Cybercrime, Blustealer campaign from Lithuania simulating China
The compressed attachment of the “Order_list_30052023” message contains an exe file: the malware. Stolen data is exfiltrated via Telegram API.
Cybercrime, phishing campaign via Dropbox with mysterious file
The bait is two documents in storage. The attachment is recognized as clean by sandboxes, but it disables the Windows firewall.
Cyber Espionage, Volt Typhoon is an imminent danger to U.S.
Microsoft-CISA: The China sponsored APT is pursuing development of capabilities that could disrupt critical communications infrastructure between U.S. and Asia.
Cybercrime, new email about an RFQ conveyed by Remcos via Modiloader
The compressed attachment contains an exe file: the loader, which contacts a url and downloads the final malware.
Cyber Espionage, new campaign against Ukraine from Tajikistan
The CERT-UA: Thanks to HATVIBE, the malware LOGPIE, CHERRYSPY and STILLARCH (alias DownEx) installed on the victim's computer.
Cybercrime, the “Re: Our Ref: MSS Urgent Order” email bait for AgentTesla
The compressed attachment contains an exe file: the malware. Stolen data is exfiltrated via Telegram API.
Cybercrime, “Re: Purchase Order ….>,” bait for HawkEye from South Korea
The compressed attachment contains an exe file: the malware. The stolen data is exfiltrated via FTP to a host in Russia.
Cybercrime, “Nieuwe bestelling 20230517/4500338579” bait for AgentTesla
The attachment contains a Tar file with an exe: the malware. Stolen data is exfiltrated via Telegram API to the same “Nieuwe bestelling–100 STUKS ELK” campaign C2.