To craftily pose as its chosen personas, TA427 uses a few tactics including DMARC abuse in concert with free email addresses, typosquatting, and private email account spoofing.
Many types of video games appear to be targeted to younger users including games popular with children, a group that is less likely to be able to identify malicious content and risky online behaviors.
The actor uses tactics such as spoofing government agencies, incorporating QR codes in phishing campaigns, and adopting new themes to lure victims into credential phishing and BEC activities.
TA576, a cybercriminal threat actor, has returned with tax-themed lures targeting accounting and finance organizations during the U.S. tax season, using unique attack chains and delivering Parallax RAT.
The new campaign by TA866 involved a large volume of emails with attached PDFs containing OneDrive URLs that initiated a multi-step infection chain leading to malware payload.
The BattleRoyal cluster, using DarkGate and NetSupport malware, demonstrates the use of multiple attack chains and social engineering techniques to deliver payloads via email and fake update lures.
Russian APT group TA422 has been actively exploiting patched vulnerabilities to target government, aerospace, education, finance, manufacturing, and technology sectors in Europe and North America.
TA402 has recently employed a new initial access downloader called IronWind, using various infection chains and delivery methods such as Dropbox links, XLL and RAR file attachments, in order to evade detection.
The use of the Forked IcedID variant, which removes banking functionality and focuses on payload delivery, highlights a shift in malware tactics toward prioritizing ransomware delivery.
Proofpoint researchers have discovered a new version of the Grandoreiro malware that is targeting victims in both Mexico and Spain. This is unusual as the malware has historically only targeted Portuguese and Spanish speakers in Brazil and Mexico.
Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.