In Q3 2024, the Positive Technologies Expert Security Center (PT ESC) TI Department discovered a series of attacks on Russian government agencies.
PT ESC researchers were unable to establish any connection with known groups using the same techniques. The main goal was espionage and gaining a foothold to follow through on further attacks. They dubbed the group TaxOff because of their legal and finance-related phishing emails leading to a backdoor written in at least C++17, which the researchers named Trinper after the artefact used to communicate with C2. Initial infection vector TaxOff uses phishing emails.
Read more…
Source: Positive Technologies Expert Security Center
Related:
- Global operation targets NoName057(16) pro-Russian cybercrime network
July 16, 2025
Between 14 and 17 July, a joint international operation, known as Eastwood and coordinated by Europol and Eurojust, targeted the cybercrime network NoName057(16). Law enforcement and judicial authorities from Czechia, France, Finland, Germany, Italy, Lithuania, Poland, Spain, Sweden, Switzerland, the Netherlands and the United States took simultaneous actions against offenders and infrastructure belonging to the pro-Russian ...
- Preventing Zero-Click AI Threats: Insights from EchoLeak
July 15, 2025
EchoLeak (CVE-2025-32711) is a newly identified vulnerability in Microsoft 365 Copilot, made more nefarious by its zero-click nature, meaning it requires no user interaction to succeed. It demonstrates how helpful systems can open the door to entirely new forms of attack— no malware, no phishing required—just the unquestioning obedience of an AI agent. This new threat ...
- Episource is notifying millions of people that their health data was stolen
July 14, 2025
Medical billing giant Episource is notifying millions of people across the United States that their personal and health information was stolen in a cyberattack earlier this year. The breach affects more than 5.4 million people, according to a listing with the U.S. Department of Health and Human Services, making it one of the largest healthcare breaches ...
- A major security flaw in top eSIM system could put billions of devices at risk
July 14, 2025
Security researchers have discovered a vulnerability in eSIM technology used in virtually all smartphones and many other internet-connected, smart devices. In theory, the flaw could have been abused to intercept or manipulate communications, extract sensitive data, inject malicious applets, and more. There are more than two billion eSIM-enabled devices that could be potentially impacted by this ...
- CNN, BBC, and CNBC websites impersonated to scam people
July 14, 2025
Researchers have uncovered a large campaign impersonating news websites, such as those from CNN, BBC, CNBC, News24, and ABC News, to promote investment scams. Adding a well known brand to your scammy site is a tale as old as time, and gives it an air of legitimacy that increases the likelihood that people will click ...
- Medicare data breach exposes personal details of 100,000 Americans
July 12, 2025
Healthcare data continues to be a top target for cybercriminals. In June alone, two major breaches compromised over 13 million patient records. Now, a newly confirmed Medicare data breach has affected more than 100,000 Americans. The Centers for Medicare & Medicaid Services (CMS) sent letters this week to those affected, confirming that hackers accessed sensitive data ...