FortiGuard Labs recently observed several targeted phishing campaigns in Taiwan that use themes designed to exploit local business processes. These campaigns disseminate Winos 4.0 (ValleyRat) and subsequent malicious plugins through weaponized attachments or embedded links.
The lures mimic official communications, such as tax audit notifications, tax filing software installers, and cloud-based e-invoice downloads. Fortinet researchers analysis of domain registration data reveals that attackers use a rotating set of domains and cloud services to host and distribute malware. The highly volatile nature of this infrastructure renders traditional, static domain blocking insufficient as a primary defense. Over the past two months, the researchers have identified various delivery techniques, including malicious LNK files used for a downloader.
Read more…
Source: Fortinet
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Israel: Dozens of actors fall victim to Iranian phishing attack
September 12, 2025
Dozens of Israeli actors have fallen victim to a phishing attack believed to originate from Iranian sources. According to a statement from the National Cyber Directorate, the actors were asked to submit filmed auditions and sensitive personal information—including photos of ID cards and passports—after receiving emails posing as a casting call for a new film by ...
- South Korea’s KT admits data breach
September 11, 2025
KT Corp has become the second South Korean mobile operator this year to report a cybersecurity breach to the country’s data protection authorities, with the operator confirming on Thursday that 5,561 customers may have had their subscriber data stolen by hackers. While the reported breach is nowhere near the magnitude of SK Telecom’s disastrous data breach, ...
- Attacker steals customer data from UK rail operator LNER during break-in at supplier
September 11, 2025
One of the UK’s largest rail operators, LNER, is the latest organization to spill user data via a third-party data breach.… It confirmed the incident on Wednesday, saying customer contact details and “some information about previous journeys” was accessed at a third-party supplier. London North Eastern Railway (LNER) did not name the third party responsible for ...
- France: Three Regional Healthcare Agencies Targeted by Cyber-Attacks
September 11, 2025
French regional healthcare agencies have been targeted by cyber-attacks compromising the personal data of patients across the country. On September 8, the regional healthcare agencies (ARS) for three regions, Hauts-de-France (Upper France), Normandy and Pays de la Loire (Lower Loire), issued security alerts warning about recent cyber-attacks carried out against the servers hosting the identity ...
- AdaptixC2: A New Open-Source Framework Leveraged in Real-World Attacks
September 10, 2025
In early May 2025, Unit 42 researchers observed that AdaptixC2 was used to infect several systems. AdaptixC2 is a recently identified, open-source post-exploitation and adversarial emulation framework made for penetration testers that threat actors are using in campaigns. Unlike many well-known C2 frameworks, AdaptixC2 has remained largely under the radar. There is limited public documentation available ...
- Patch Tuesday – September 2025
September 10, 2025
Microsoft is addressing 176 vulnerabilities today, which seems like a lot, and it is. Curiously, Microsoft’s own Security Update Guide (SUG) for September 2025 Patch Tuesday only lists 86 vulns, and that’s because the SUG doesn’t include a large number of open source software (OSS) fixes published today as part of updates for Azure Linux ...