FortiGuard Labs recently observed several targeted phishing campaigns in Taiwan that use themes designed to exploit local business processes. These campaigns disseminate Winos 4.0 (ValleyRat) and subsequent malicious plugins through weaponized attachments or embedded links.
The lures mimic official communications, such as tax audit notifications, tax filing software installers, and cloud-based e-invoice downloads. Fortinet researchers analysis of domain registration data reveals that attackers use a rotating set of domains and cloud services to host and distribute malware. The highly volatile nature of this infrastructure renders traditional, static domain blocking insufficient as a primary defense. Over the past two months, the researchers have identified various delivery techniques, including malicious LNK files used for a downloader.
Read more…
Source: Fortinet
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Samsung patches zero-day security flaw used to hack into its customers’ phones
September 16, 2025
Samsung says it has fixed a zero-day security vulnerability that is being used to hack into its customers’ phones. The phone maker said the security flaw, discovered in a software library for displaying images on Samsung devices, allows hackers to remotely plant malicious code on Samsung devices running Android 13 through the most recent version, Android ...
- RevengeHotels: a new wave of attacks leveraging LLMs and VenomRAT
September 16, 2025
RevengeHotels, also known as TA558, is a threat group that has been active since 2015, stealing credit card data from hotel guests and travelers. RevengeHotels’ modus operandi involves sending emails with phishing links which redirect victims to websites mimicking document storage. These sites, in turn, download script files to ultimately infect the targeted machines. The final ...
- Shiny tools, shallow checks: how the AI hype opens the door to malicious MCP servers
September 15, 2025
In this article, Kaspersky researchers explore how the Model Context Protocol (MCP) — the new “plug-in bus” for AI assistants — can be weaponized as a supply chain foothold. The researchers start with a primer on MCP, map out protocol-level and supply chain attack paths, then walk through a hands-on proof of concept: a seemingly legitimate ...
- Another massive DDoS attack that reached 1.5 Bpps has been thwarted
September 13, 2025
A distributed denial-of-service attack targeting a DDoS mitigation vendor somewhere in Western Europe has been spotted and mitigated by FastNetMon. The firm says the attack peaked at a massive 1.5 billion packets per second, making it one of the largest packet-rate floods confirmed to date. FastNetMon says that the traffic was mainly a UDP flood sourced ...
- FBI: Cyber Criminal Groups UNC6040 and UNC6395 Compromising Salesforce Instances for Data Theft and Extortion
September 12, 2025
The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate Indicators of Compromise (IOCs) associated with recent malicious cyber activities by cyber criminal groups UNC6040 and UNC6395, responsible for a rising number of data theft and extortion intrusions. Both groups have recently been observed targeting organizations’ Salesforce platforms via different initial access mechanisms. The ...
- Vietnam Investigates Hackers Targeting National Credit Database Exposing Sensitive Financial Data
September 12, 2025
Vietnam is investigating a serious cyberattack on a large database that contains information about creditors across the country. The database belongs to the National Credit Information Center, also known as CIC. This center is managed by the State Bank of Vietnam and is responsible for storing highly sensitive financial data. The information inside the database includes ...