Cybercrime, Ursnif / Gozi back to Italy via Enel Energia
The bait are false invoice offsets. The xls attachment contacts single link from which it downloads the dll, starting the malware infection. But only from Italian IPs.
Cybercrime, AgentTesla conveyed by a false invoice with sender in Rome
The zip attachment of the message, also arrived in Italy, contains an exe: the malware itself. Stolen data is exfiltrated via SMTP.
Cybercrime, Agent Tesla conveyed to Italy by a false order
The email gz attachment contains an exe: the malware itself. Stolen data is exfiltrated via ftp.
Cybercrime, Italy and Spain dismantle a huge group linked to the Mafia
The operation, coordinated by Europol and Eurojust, led to 106 arrests. The suspects defrauded hundreds of victims through phishing attacks, SIM swapping and BEC.
Cybercrime, Ursnif / Gozi back to Italy with a fake BRT courier email
The xls attachment contacts a single link and downloads the dll, which activates the malware infection. Provided that the IP is Italian and not on the blacklist.
Cybercrime, the Guloader campaign back to Italy via a false quotation
There are 2 emails with different attachments, zip and exe files inside. The malware, however, is the same. It is not known what it downloads next.
Cyber Espionage, WayBack campaign targets EU and Italian organizations
Yoroi cybersecurity experts: The threat actors, maybe linked to Gorgon/Subaat, spread over 900 malware via Internet Archive.
Cybercrime, new wave of the Ursnif / Gozi campaign in Italy via BRT
The xlsm attachment contacts a single url from which it downloads the dll, starting the malware infection. But only from Italian IPs and if they’re not blacklisted.
Cybercrime, false order list conveys Formbook to Italy
The email zip attachment contains an exe file: the malware itself. This, if open, activates the infection chain.
Cybercrime, AveMaria is hiding in an email from a Dubai company
The email lzh attachment, also arrived in Italy, hides an executable: the malware itself.