FortiGuard Labs recently observed several targeted phishing campaigns in Taiwan that use themes designed to exploit local business processes. These campaigns disseminate Winos 4.0 (ValleyRat) and subsequent malicious plugins through weaponized attachments or embedded links.
The lures mimic official communications, such as tax audit notifications, tax filing software installers, and cloud-based e-invoice downloads. Fortinet researchers analysis of domain registration data reveals that attackers use a rotating set of domains and cloud services to host and distribute malware. The highly volatile nature of this infrastructure renders traditional, static domain blocking insufficient as a primary defense. Over the past two months, the researchers have identified various delivery techniques, including malicious LNK files used for a downloader.
Read more…
Source: Fortinet
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- An Earth-Shattering Kaboom: Bringing a Physical ICS Penetration Testing Environment to Life
August 6, 2025
Whether it’s in the water we drink, the medicines we take, or the electricity we use to read blog posts on the internet, Industrial Control Systems (ICS) are part of our daily lives. There’s so much that relies on these systems, you’d like to assume they’re engineered and tested to guard against cyberattacks. You’d be wrong. ...
- Taiwan arrests 6 in probe of TSMC chip technology leak
August 6, 2025
Taiwan prosecutors arrested six people suspected of stealing trade secrets from Taiwan Semiconductor Manufacturing Co (TSMC), opening an investigation into a potential breach of national security involving a global tech industry linchpin. The chipmaker to Nvidia reported a number of former and current staff to authorities on suspicion they illegally obtained core technology. A total of ...
- Hacker used a voice phishing attack to steal Cisco customers’ personal information
August 5, 2025
A cybercriminal tricked a Cisco representative into granting them access to steal the personal information of Cisco.com users, the company said on Tuesday. Cisco said it discovered the breach on July 24, blaming the incident on a voice phishing or “vishing” call. The hackers accessed and exported “a subset of basic profile information” from the database ...
- Dangerous new Linux malware strikes – thousands of users see passwords, personal info stolen
August 5, 2025
A brand new Linux malware has been found infecting thousands of computers around the world, stealing people’s login credentials, payment information, and browser cookies, security researchers are warning. SentinelLabs and Beazley Security issued a joint report detailing the activities of PXA Stealer, a new Python-based infostealer for the Linux platform. It was first spotted in late ...
- Thailand-Cambodia conflict: Ceasefire fails online
August 4, 2025
Thailand and Cambodia may have reached a ceasefire to halt their border clashes, but cyber warriors are still battling online, daubing official websites with obscenities, deluging opponents with spam and taking pages down. The five-day conflict left more than 40 people dead and drove more than 300,000 from their homes. It also kicked off a disinformation ...
- Denmark energy cyber attack highlights infrastructure security gaps
August 4, 2025
November 2023 saw an unprecedented cyber attack on Denmark’s energy infrastructure. In a co-ordinated breach of 22 companies, criminal gangs gained access to industrial control systems. Investigators believe at least one of the attackers was acting on behalf of a state. Michael Murphy, who heads Fortinet’s APAC Operational Technology group from the company’s Sydney office, says ...