In February 2025, 13 hacking groups were identified, engaging in various cybercrimes including ransomware distribution, phishing attacks, and identity theft through sophisticated techniques. Each group employed unique methods to compromise targets and steal valuable information or funds, affecting numerous sectors globally. Affected: government, e-commerce, social media, enterprise security, individual users
Keypoints :
- SectorJ09 used formjacking to steal financial information from e-commerce sites.
- SectorJ14 employed smishing techniques using shortened URLs to distribute Android malware.
- SectorJ21 sent phishing emails with malicious PDF attachments leading to a DLL side-loading attack.
- SectorJ25 disguised malware as a network analysis program to infiltrate systems.
- SectorJ85 created phishing sites mimicking legitimate login pages to gather credentials.
- SectorJ102 exploited SQL injection vulnerabilities to deploy web shells.
- SectorJ110 utilized phishing PDFs to deliver JavaScript malware masquerading as documents.
- SectorJ177 impersonated tech support to gain remote access and deliver malware.
- SectorJ195 executed malicious JAR files after tricking targets into allowing screen sharing.
- SectorJ196 targeted Web3 users with a phishing site disguised as a blockchain tool.
- SectorJ197 distributed fake Chrome update sites to deliver stealer malware.
- SectorJ201 operated a Traffic Distribution System to assist other groups with malicious traffic.
- SectorJ202 spread phishing pages to deploy a malicious MSI file containing a DLL.
Full Story: https://redalert.nshc.net/2025/04/16/monthly-threat-actor-group-intelligence-report-february-2025-eng/
Views: 8