CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks

In September, 2024 the Zero Day Initiative (ZDI) Threat Hunting team identified the exploitation of a 7-Zip zero-day vulnerability used in a SmokeLoader malware campaign targeting Ukrainian entities. The vulnerability, CVE-2025-0411, was disclosed to 7-Zip creator Igor Pavlov, leading to Read More …

AI-supported spear phishing fools more than 50% of targets

One of the first things everyone predicted when artificial intelligence (AI) became more commonplace was that it would assist cybercriminals in making their phishing campaigns more effective. Now, researchers have conducted a scientific study into the effectiveness of AI supported Read More …

Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files

Since October 22, 2024, Microsoft Threat Intelligence has observed Russian threat actor Midnight Blizzard sending a series of highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other sectors. This activity is ongoing, and Microsoft will Read More …

Stone Wolf employs Meduza Stealer to hack Russian companies

BI.ZONE Threat Intelligence reports an increase in criminal activity employing commercial malware available on underground resources. Recently, the researchers identified a malicious campaign by a cluster later dubbed Stone Wolf. The adversaries send out phishing emails on behalf of a Read More …

Cloud Werewolf spearphishes Russian and Belarus government employees with fake spa vouchers and federal decrees

The BI.ZONE Threat Intelligence team has revealed another campaign by Cloud Werewolf aiming at Russian and Belarusian government organizations. According to the researchers, the group ran at least five attacks in February and March. The adversaries continue to rely on Read More …

Russian FSB cyber actor Star Blizzard continues worldwide spear-phishing campaigns

The Russia-based actor Star Blizzard (formerly known as SEABORGIUM, also known as Callisto Group/TA446/COLDRIVER/TAG-53/BlueCharlie) continues to successfully use spear-phishing attacks against targeted organisations and individuals in the UK, and other geographical areas of interest, for information-gathering activity. The UK National Read More …

AeroBlade on the hunt targeting the U.S. Aerospace industry

BlackBerry has uncovered a previously unknown threat actor targeting an aerospace organization in the United States, with the apparent goal of conducting commercial and competitive cyber espionage. The BlackBerry Threat Research and Intelligence team is tracking this threat actor as Read More …

Updated MATA attacks industrial companies in Eastern Europe

In early September 2022, Kaspersky researchers discovered several new malware samples belonging to the MATA cluster. As they were collecting and analyzing the relevant telemetry data, they realized the campaign had been launched in mid-August 2022 and targeted over a Read More …