The BI.ZONE Threat Intelligence team has uncovered a fresh campaign by the group targeting Russian and Belarusian organizations.
The threat actors are distributing phishing emails under the guise of a federal agency. The emails have a legitimate document as an attachment. It aims to lull the recipient’s vigilance and prompt them to open the other file, a password‑protected archive.
Read more…
Source: BI.ZONE
Related:
- U.K. orders Apple to let it spy on users’ encrypted accounts
February 7, 2025
Security officials in the United Kingdom have demanded that Apple create a back door allowing them to retrieve all the content any Apple user worldwide has uploaded to the cloud, people familiar with the matter told The Washington Post. The British government’s undisclosed order, issued last month, requires blanket capability to view fully encrypted material, not ...
- Analyzing ELF/Sshdinjector.A!tr with a Human and Artificial Analyst
February 4, 2025
ELF/Sshdinjector.A!tr is a collection of malware that can be injected into the SSH daemon. Samples of this malware collection surfaced around mid-November 2024. While Fortinet researchers have a good amount of threat intelligence on them (e.g., they are attributed to the DaggerFly espionage group and were used during the Lunar Peek campaign against network appliances), nobody ...
- Spyware maker Paragon confirms US government is a customer
February 4, 2025
Israeli spyware maker Paragon Solutions confirmed to TechCrunch that it sells its products to the U.S. government and other unspecified allied countries. Paragon’s executive chairman John Fleming said in a statement to TechCrunch on Tuesday that “Paragon licenses its technology to a select group of global democracies — principally, the United States and its allies.” Fleming ...
- Meta’s WhatsApp says spyware company Paragon targeted users in two dozen countries
January 31, 2025
An official with Meta Platforms’ (META.O), opens new tab popular WhatsApp chat service said Israeli spyware company Paragon Solutions had targeted scores of its users, including journalists and members of civil society. The official said on Friday that WhatsApp had sent Paragon a cease-and-desist letter following the hack. In a statement, WhatsApp said the company “will ...
- CL-STA-0048: An Espionage Operation Against High-Value Targets in South Asia
January 29, 2025
We identified a cluster of activity that we track as CL-STA-0048. This cluster targeted high-value targets in South Asia, including a telecommunications organization. This activity cluster used rare tools and techniques including the technique we call Hex Staging, in which the attackers deliver payloads in chunks. Their activity also includes exfiltration over DNS using ping, and ...
- 5 linked to cyber espionage ring arrested in Türkiye
January 27, 2025
Authorities arrested five people on cyber espionage charges through a software system uncovered thanks to information from the National Intelligence Organization (MIT), Turkish media reported Monday. An investigation led by the Chief Public Prosecutor’s Office in the capital, Ankara, discovered that a software program known as “Avatar” or “Adalet” (Turkish for “justice”), exclusively designed for attorneys, ...