Updated MATA attacks industrial companies in Eastern Europe

In early September 2022, Kaspersky researchers discovered several new malware samples belonging to the MATA cluster. As they were collecting and analyzing the relevant telemetry data, they realized the campaign had been launched in mid-August 2022 and targeted over a Read More …

RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware

Trend Micro researchers have been observing malware families RedLine and Vidar since the middle of 2022, when both were used by threat actors to target victims via spear-phishing scams. Earlier this year, RedLine targeted the hospitality industry with its info Read More …

Germany says Charming Kitten hackers target Iran dissidents

Germany’s Federal Office for the Protection of the Constitution (BfV) on Thursday warned critics of the Iranian leadership living in Germany that they might be targeted by hackers. The agency said the Charming Kitten online espionage group works by building Read More …

North Korea Leverages SaaS Provider in a Targeted Supply Chain Attack

In July 2023, Mandiant Consulting responded to a supply chain compromise affecting a US-based software solutions entity. Mandiant researchers believe the compromise ultimately began as a result of a sophisticated spear phishing campaign aimed at JumpCloud, a zero-trust directory platform Read More …

Managed XDR Exposes Spear-Phishing Campaign Targeting Hospitality Industry Using RedLine Stealer

Recently, Trend Micro researchers noticed a spike in the number of emails received by one of our customers. After further investigation, they found that three other customers in the hospitality industry were also affected. The researchers observed that most of Read More …

Earth Preta Spear-Phishing Governments Worldwide

Trend Micro researchers have been monitoring a wave of spear-phishing attacks targeting the government, academic, foundations, and research sectors around the world. Based on the lure documents researchers observed in the wild, this is a large-scale cyberespionage campaign that began Read More …

Kimsuky’s GoldDragon cluster and its C2 operations

Kimsuky (also known as Thallium, Black Banshee and Velvet Chollima) is a prolific and active threat actor primarily targeting Korea-related entities. Like other sophisticated adversaries, this group also updates its tools very quickly. In early 2022, Kaspersky researchers observed this Read More …

North Korean hackers attack EU targets with Konni RAT malware

Threat analysts have uncovered a new campaign attributed to APT37, a North Korean group of hackers, targeting high-value organizations in the Czech Republic, Poland, and other European countries. In this campaign, the hackers use malware known as Konni, a remote Read More …

Microsoft seizes 41 domains tied to ‘Iranian phishing ring’

Microsoft has obtained a court order to seize 41 domains used by what the Windows giant said was an Iranian cybercrime group that ran a spear-phishing operation targeting organizations in the US, Middle East, and India. The Microsoft Digital Crimes Read More …

Suspected DarkHotel APT resurgence targets luxury Chinese hotels

A new wave of suspected activity conducted by the DarkHotel advanced persistent threat (APT) group has been disclosed by researchers. Last week, Trellix researchers Thibault Seret and John Fokker said that a malicious campaign has been targeting luxury hotels in Read More …