UNC3944 Targets SaaS Applications

UNC3944 is a financially motivated threat group that carries significant overlap with public reporting of “0ktapus,” “Octo Tempest,” “Scatter Swine,” and “Scattered Spider” and has been observed adapting its tactics to include data theft from software-as-a-service (SaaS) applications to attacker-owned Read More …

Asia’s SMS stealers: 1,000 bots and one study

Attackers have increasingly started using Telegram as a control server (C2). One example is the Lazy Koala group, which Positive Technologies researchers recently discovered and set out to study. While researching bots on Telegram, Positive Technologies team found that many Read More …

Gay furry hackers strike massive cyber attack against US far-right Project 2025

A collective of self-described “Gay furry hackers” called SiegedSec managed to hack into the right-wing Heritage Foundation affiliated with Project 2025 in a massive cyber attack. The hackers released two gigabytes of data, including Heritage Foundation member names, email addresses, Read More …

LazyStealer: Sophisticated does not mean better

In the first quarter of 2024, researchers from Positive Technologies Expert Security Center (PT ESC) detected a series of attacks targeting government organizations in Russia, Belarus, Kazakhstan, Uzbekistan, Kyrgyzstan, Tajikistan, and Armenia. The research team could not find any links Read More …

Scaly Wolf uses White Snake stealer against Russian industry

The BI.ZONE Threat Intelligence team has identified at least a dozen campaigns linked to Scaly Wolf. The impact spreads across organizations from various industries in Russia, including manufacturing and logistics. One of the group’s characteristics in gaining initial access is Read More …

Social engineering attacks lure Indian users to install Android banking trojans

Microsoft has observed ongoing activity from mobile banking trojan campaigns targeting users in India with social media messages designed to steal users’ information for financial fraud. Using social media platforms like WhatsApp and Telegram, attackers are sending messages designed to Read More …

WhatsApp spy mod spreads through Telegram, attacks Arabic-speaking users

It is not rare that users of popular instant messaging services find the official client apps to be lacking in functionality. To address that problem, third-party developers come up with mods that offer sought-after features besides aesthetic upgrades. Unfortunately, some Read More …

UNC3944 Leverages SMS Phishing Campaigns for SIM Swapping, Ransomware, Extortion, and Notoriety

UNC3944 is a financially motivated threat cluster that has persistently used phone-based social engineering and SMS phishing campaigns (smishing) to obtain credentials to gain and escalate access to victim organizations. At least some UNC3944 threat actors appear to operate in Read More …

New hierarchy, heightened threat: Classiscam’s sustained global campaign

Classiscam was initially launched as a relatively straightforward scam operation. Cybercriminals created fake ads on marketplaces and classified sites, and leveraged social engineering techniques to trick users into “buying” the falsely-advertised goods or services, whether by transferring money directly to Read More …