Cyber Espionage, TA402 (Molerats) exploits a new malware: NimbleMamba
Proofpoint cybersecurity experts: The pro-Palestinian APT exploited spear phishing emails containing links that often lead to malicious files.
Cybercrime, APT’s last weapon is the RTF template injection
Proofpoint cybersecurity experts: Groups from India, Russia and China exploit this technique. The files have low detection rate by public antivirus.
Cybercrime, new DanaBot version in the wild
Proofpoint cybersecurity experts: It has been set as a Malware-as-a-Service (MaaS), written in Delphi, with some anti-analysis features.
U.S. Vote: Someone is still trying to steal personal information via phishing
Proofpoint cybersecurity experts: Hundreds of messages with links sent to recipients across multiple organizations. Cybercrime or Cyber Espionage?
Cyber Espionage, Chinese APT TA413 spreads a new RAT: Sepulcher
Proofpoint cyber security experts: The malware has been distributed in 2 different campaigns Covid-19 themed. One targeted many organisations in EU. The other, against Tibetan dissidents.
Cyber Warfare, the who’s who of Iranian cyber threat
Proofpoint cyber security experts detailed 11 Tehran’s attack groups, their preferred TTP’s, targets, and countries. Including, favourite tactics from phishing to malware.
Greta Thunberg used as a bait by cybercrime to spread Emotet
CertPa cyber security experts: A malware campaign is underway with spear phishing attacks on the occasion of Christmas. Proofpoint: They also target .edu domains.
LookBack spear phishing campaign against US utility companies evolves
Proofpoint cyber security experts: There threat actor, probably a state-sponsored APT, is distributing an updated version of the malware, a RAT. To date at least 17 firms were hit.
Cybercrime: PsiXBot malware has evolved with a Porn Module
Proofpoint cyber security experts: The new feature allows attackers to capture audio-video on the infected machine if a window match pornography-related keywords. It’s used for sextortion.
TA505 cybercrime gang launched new campaigns with Gelup-FlowerPippi malware
Trend Micro cyber security experts: The first malicious code abuses user account control (UAC) bypass and works as a loader for other threats. The second is a dangerous backdoor.