Proof Point

Bumblebee Loader Delivers Cobalt Strike, Shellcode, Sliver, and Meterpreter in Multiple Campaigns

Starting in March 2022, Proofpoint observed campaigns delivering a new downloader called Bumblebee. At least three clusters of activity including known threat actors currently distribute Bumblebee.

Emotet Operators Use New Delivery Techniques Like OneDrive URLs and XLL Files

The activity occurred while Emotet was on a “spring break,” not conducting its typical high volume threat campaigns. The threat actor has since resumed its typical activity.

School of Hard Knocks: Job Fraud Threats Target University Students

Employment fraud typically impacts individuals, and the results can be costly. According to the FBI’s Internet Crime Complaint center, the average reported loss from this type of scheme is $3,000.

Serpent Backdoor Abuses Open-source Package Installer

The threat actor attempted to install a backdoor on a potential victim’s device, which could enable remote administration, command, and control (C2), data theft, or deliver other additional payloads.

China-linked TA416 Increases Attack Activity Against European Governments as Conflict in Ukraine Escalates

The campaigns utilize web bugs to profile the victims before sending a variety of PlugX malware payloads via malicious URLs. TA416 has recently updated its PlugX malware variant.

State Actor Uses Compromised Private Ukrainian Military Emails to Target European Governments and Refugee Movement

The infection chain used in this campaign bears significant similarities to a historic campaign Proofpoint observed in July 2021, making it likely the same threat actor is behind both clusters of activity.

Cybercriminals Bypass MFA, Stealing Browser Sessions Using MiTM Phishing Kits

Threat actors are using phish kits that leverage transparent reverse proxy, which enables them to man-in-the-middle (MitM) a browser session and steal credentials and session cookies in real-time.

Have Money for a Latte? Then You Too Can Buy a Phish Kit

Phish kits are sets of files that contain all the code, graphics, and configuration files to be deployed to make a phishing page. These are designed to be easy to deploy as well as reusable.

TinyNuke Banking Malware Resurges with Invoice-themed Malspam Aimed at French Entities

The campaigns use invoice-themed lures to target hundreds of customers of organizations in various industries including manufacturing, technology, construction, and business services.

Microsoft and GitHub OAuth Implementation Vulnerabilities Lead to Redirection Attacks

Vulnerabilities in Microsoft and others’ popular OAuth2.0 implementations lead to redirection attacks that bypass most phishing detection solutions and email security solutions.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags