Tag: SOCIAL ENGINEERING

Europol Cracks Down on €6.7M Hearing Aid Fraud Scheme Exploiting French Healthcare
Summary: Europol has dismantled a criminal network that executed a €6.7 million healthcare subsidy fraud against France’s public health insurance system, utilizing fake diplomas and stolen patient data. The operation, which began in July 2024, involved fictitious businesses billing for non-existent hearing aids and laundering funds through shell companies across Europe.…
Read More
Ransomware Group Claims Attack on Virginia Attorney General’s Office
Summary: The Cloak ransomware group has executed a cyberattack on the Virginia Attorney General’s Office, leading to significant disruptions in their computer systems and services. Following the attack, Cloak claimed responsibility and released purportedly stolen data on their leak site. This incident marks Cloak’s first confirmed attack in 2023, amid an increasing number of victims since the group’s emergence.…
Read More
CERT-UA Warns of Escalating Cyberattacks Targeting Ukraine’s Defense Sector with DarkCrystal RAT
Summary: CERT-UA warned about targeted cyberattacks against Ukraine’s defense-industry employees and Armed Forces, linked to the UAC-0200 identifier. These attacks utilize the DarkCrystal RAT malware, employing social engineering tactics primarily through the Signal messaging app to distribute malicious files. The campaign has evolved to target specific military technologies, necessitating heightened vigilance within the defense sector.…
Read More
Ransomware Group Claims Attack on Virginia Attorney General’s Office
Summary: Browser security is becoming increasingly critical due to a 140% rise in phishing attacks, primarily fueled by zero-day vulnerabilities and advancements in generative AI used by cybercriminals. As attackers adopt sophisticated techniques akin to professional engineering, the risk of browser-based phishing is expected to escalate dramatically moving into 2025.…
Read More

Summary: The video discusses a wide range of security topics including the age verification dilemma, a bogus employee scheme tied to North Korea, a potential Bluetooth backdoor vulnerability discovered in popular chips, and the implications of these findings within the context of cybersecurity. Steve Gibson, the host, highlights the nature of undocumented commands found in Bluetooth chips and explains the misinterpretation of these findings as a true “backdoor.”…
Read More
SideWinder Threat Group: Maritime and Nuclear Sectors at Risk with Updated Toolset
SideWinder, also known as Rattlesnake or T-APT-04, is an advanced persistent threat group from India that has expanded its operations to target maritime and nuclear sectors across Asia, the Middle East, and Africa since 2012. Known for quickly adapting to security measures, SideWinder employs various tactics, techniques, and procedures (TTPs) to execute sophisticated cyber-attacks, primarily through phishing and malware.…
Read More
A Deep Dive into Strela Stealer and How It Targets European Countries
The Strela Stealer is a targeted infostealer malware that primarily focuses on extracting email credentials from users of Mozilla Thunderbird and Microsoft Outlook in select European countries. Delivered through phishing campaigns, it employs sophisticated social engineering techniques to trick victims into executing its payload. The malware’s infrastructure is linked to Russian hosting services, and it utilizes complex obfuscation methods to evade detection.…
Read More
GrassCall Campaign: The Hackers Behind Job Recruitment Cyber Scams
The “GrassCall” malware campaign is an advanced social engineering attack targeting job seekers in the cryptocurrency and Web3 sectors, orchestrated by the Russian cybercriminal organization “Crazy Evil.” Utilizing fake job interviews, the attackers compromise systems to steal cryptocurrency assets, resulting in hundreds of victims. Affected: cryptocurrency sector, job seekers

Keypoints :

The GrassCall malware campaign is led by the Russian-speaking cyber-criminal organization “Crazy Evil.”…
Read More
Ransomware Group Claims Attack on Virginia Attorney General’s Office
Summary: As March Madness approaches, the excitement surrounding the NCAA basketball tournaments also attracts threat actors looking to exploit ticket sales and associated scams. The tournament’s emotional stakes, combined with the urgency of purchasing tickets, increase vulnerabilities, requiring heightened security measures. Collaboration and threat intelligence sharing among organizations are crucial to mitigate risks and combat sophisticated attacks targeting fans and businesses alike.…
Read More
Phishing campaign impersonates Booking dot com delivers a suite of credential stealing malware
A phishing campaign impersonating Booking.com has been identified targeting organizations within the hospitality sector, particularly in relation to travel. Using the ClickFix social engineering technique, this campaign seeks to steal credentials and engage in financial fraud, affecting various regions including North America and Europe. Affected: hospitality industry, Booking.com…
Read More
BitM Up! Session Stealing in Seconds Using the Browser-in-the-Middle Technique
The article discusses the increasing threat of Browser in the Middle (BitM) attacks which allow adversaries to compromise user sessions across various web applications swiftly. While multi-factor authentication (MFA) is critical for security, sophisticated social engineering tactics can successfully bypass it by targeting session tokens. To combat these threats, organizations are urged to implement robust defenses such as hardware-based MFA, client certificates, and FIDO2.…
Read More
Major Cyber Attacks in Review: February 2025
In February 2025, multiple significant cyber incidents revealed ongoing risks across various industries worldwide. Notable attacks included the Qilin ransomware incident at Lee Enterprises, which disrupted media distribution, and a .5 billion cryptocurrency theft attributed to North Korea’s Lazarus Group. Breaches at DISA Global Solutions, Orange, and LANIT highlighted severe vulnerabilities in finance, telecom, healthcare, media, and government sectors.…
Read More
⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More
Summary: This week’s cybersecurity report highlights the evolving landscape of cyber threats, including advanced techniques used by threat groups and rising supply chain vulnerabilities. Law enforcement efforts against cybercriminal networks show promise, while new exploits and vulnerabilities demand prompt attention from organizations. The report includes notable incidents, emerging attack methods, and critical vulnerabilities that security teams should prioritize.…
Read More
100 Car Dealerships Hit by Supply Chain Attack
Summary: A supply chain attack compromised LES Automotive, a service used by car dealerships, enabling over 100 dealership websites to distribute malicious ClickFix code. This attack employs social engineering tactics to prompt users into executing harmful commands. The ClickFix malware campaign has increasingly targeted various sectors, including the auto and hospitality industries.…
Read More
Jaguar Land Rover Breached by HELLCAT Ransomware Group Using Its Infostealer Playbook—Then a Second Hacker Strikes
In a significant data breach, the HELLCAT ransomware group has leaked gigabytes of sensitive data from Jaguar Land Rover (JLR), exploiting compromised Jira credentials harvested from infected employees. This attack highlights the ongoing threat of infostealer malware and its capability to enable long-term exploitation of credentials.…
Read More
Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts
Summary: Cybercriminals are using fraudulent Microsoft OAuth applications that impersonate Adobe and DocuSign to distribute malware and capture Microsoft 365 credentials. Proofpoint researchers have labeled these attacks as highly targeted and characterized them by deceptive email campaigns aimed at various industries. Users are advised to be vigilant with OAuth app requests and to verify their authenticity before granting permissions.…
Read More
Threat Actor Impersonates Booking.com in Phishing Scheme
Summary: Microsoft has reported on a new phishing technique dubbed “ClickFix,” utilized by a threat actor known as Storm-1865, which targets victims by manipulating their problem-solving tendencies to download malware. The campaign primarily targets the hospitality sector, impersonating Booking.com to deceive users into executing commands that facilitate the malware download.…
Read More
Phishing campaign impersonates Booking dot com delivers a suite of credential stealing malware
A phishing campaign identified by Microsoft Threat Intelligence targets the hospitality industry, impersonating Booking.com and utilizing the ClickFix social engineering technique to deliver credential-stealing malware. The campaign, ongoing since December 2024, aims at financial fraud by tricking users into executing malicious commands. Affected: hospitality organizations, Booking.com…
Read More