Tag: spear phishing
32 articles

China-nexus Hackers Deploy DcRAT via Fake Indian Tax Utility
Cyber attackers with ties to China are pulling out all the stops to scam Indian taxpayers, using a sophisticated fake tax utility to deploy malware and pilfer sensitive info. Their precision-crafted phishing campaign, dubbed Operation DragonReturn, sends convincing emails and PDFs that even cite real laws to trick victims.

Armored Likho Exposes BusySnake Stealer Campaign
Meet Armored Likho, a sneaky group behind the BusySnake Stealer Campaign, which has already compromised government agencies and power companies in Russia, Kazakhstan, and Brazil. Their clever tactics start with targeted spear-phishing emails, often disguised as harmless attachments like psychological tests or aid applications.

Blogger Platform Exploited in VEIL#DROP Malware Attack Chain
The VEIL#DROP malware attack chain starts with a sneaky JavaScript file, cleverly disguised as a harmless document, which executes through Windows Script Host and launches PowerShell with execution policy bypasses enabled. This multi-stage threat can be triggered by spear-phishing or a simple visit to a compromised website.

Gamaredon Intensifies Ukraine Cyberattacks with Novel Malware Tools
Gamaredon ramped up its cyberattack efforts in Ukraine last year, unleashing 35 targeted spear-phishing campaigns that zeroed in on government and military targets. The group's goal was to siphon off sensitive information to fuel Russian interests in the ongoing conflict.

ScarCruft Targets Microsoft Users with NarwhalRAT Malware
Beware of fake Microsoft account alerts! A sneaky North Korean hacking group, ScarCruft, is sending phishing emails that mimic Microsoft security notifications to trick you into downloading the NarwhalRAT malware.

WhatsApp Disrupts NSO Group's Spyware Phishing Campaigns
Meta's WhatsApp team swiftly sprang into action, disrupting a sophisticated spyware phishing campaign linked to the NSO Group after investigating user reports of targeted social-engineering attacks. They successfully stopped the attackers' attempts to trick people into clicking malicious links that could have put their data at risk.

Meta Disrupts NSO Group's WhatsApp Phishing Campaign
Meta detected and blocked a sneaky WhatsApp phishing campaign linked to NSO Group, where attackers tried to trick people into clicking malicious links that led to external websites. The company also filed a contempt order against NSO for allegedly violating a court injunction by targeting WhatsApp users.

SideCopy Targets Afghan Finance Ministry with Xeno RAT Malware
Seqrite Labs researchers uncovered a sneaky malware attack, dubbed Operation XENOFISCAL, where the Pakistan-aligned SideCopy group targeted Afghanistan's Ministry of Finance and government officials with a cleverly crafted phishing lure written in Pashto. The attack used Xeno RAT Malware, delivered through a ZIP archive with a malicious LNK file, to infiltrate its targets.

Russia-Linked GREYVIBE Exploits AI in Ukraine Cyberattacks
Discover how the Russia-linked group GREYVIBE is using AI to launch sophisticated cyberattacks on Ukraine, leveraging tactics like spear-phishing emails and fake websites to spread malware. WithSecure researchers have tracked GREYVIBE's activities back to August 2025, revealing a pattern of attacks targeting Ukraine's military, government, and civilian sectors.

Kimsuky APT Expands Arsenal with Advanced PebbleDash Malware Tools
Kimsuky's malware arsenal just got a major boost with the addition of advanced PebbleDash tools, allowing the group to infiltrate systems with even more sophisticated tactics. Their latest campaign uses clever spear-phishing and malicious attachments to catch victims off guard.

North Korean Hackers Exploit Crypto Firms with AI-Driven Zoom Lures
North Korean hackers launched a massive spear-phishing campaign, targeting over 100 crypto organizations worldwide with cleverly crafted Zoom lures and AI-generated deepfakes. They used fake calendar invites and typosquatted meeting links to gain access and exfiltrate sensitive data in a matter of minutes.

NASA Targeted in Chinese Phishing Scheme for U.S. Defense Software
For years, unsuspecting NASA employees and collaborators were duped into sharing sensitive US defense software with a Chinese national masquerading as a colleague, in a brazen phishing scheme that went undetected for years. The scam funneled top-secret aerospace and defense tech to the imposter, violating US export control laws in the process.

LucidRook Malware Targets NGOs, Universities in Taiwan
A sneaky new malware called LucidRook has set its sights on non-governmental organizations and universities in Taiwan, using spear-phishing to catch its victims off guard. This Lua-based threat is the latest cyber attacker to target these vulnerable sectors.

Bitter APT Group Exploits Middle East Spear-Phishing Campaign
The Bitter APT Group has been linked to a sophisticated year-long spear-phishing campaign that targeted the Middle East, using deceptive emails to spread its reach. This hack-for-hire effort, attributed to a South Asian connection, signals a sustained threat to the region's security.

DarkSword Threatens iOS with Alarming Russian Cyberattack
A new Russian cyberattack has been detected targeting iOS devices, with a state-sponsored threat group linked to a sophisticated spear-phishing campaign that's got everyone on high alert. Here's what you need to know to protect yourself from this alarming threat.

North Korea’s APT37 Exclusive: Dangerous Tool Hits Air-Gap
Think the most isolated machines are untouchable? North Korea’s APT37 has broadened its toolkit — combining believable lures with new utilities that can defeat air‑gap protections and put highly sensitive systems at fresh risk.

Transparent Tribe Targets India: Exclusive Severe RAT Alert
Heads up: Transparent Tribe is slipping weaponized .LNK shortcut files disguised as PDFs into spear-phishing emails, silently installing a remote-access trojan that can steal data and maintain persistent access to Indian government, academic, and strategic networks.

French Football Federation Exclusive: Damaging Data Breach
Imagine names, birthdates and contact details for more than two million amateur players suddenly exposed — that’s the frightening possibility tied to a suspected breach at the French Football Federation. Players and parents should be on alert for phishing and scams while the federation works to lock down access and notify those affected.

China-Aligned UTA0388 Exclusive: Dangerous AI Phishing
Imagine your inbox posing as a trusted colleague—researchers say UTA0388, a China‑aligned cluster, now uses AI to craft eerily personalized, time‑sensitive spear‑phishing that steals credentials and plants stealthy, long‑term access.

Trojanized ESET Installers Expose Stunning Harmful Backdoor
Think twice before hitting Install — a May 2025 campaign used trojanized ESET installers, convincing fake vendor pages, and targeted spear‑phishing to slip a stealthy backdoor into Ukrainian victims. This attack is a stark reminder that even trusted updates and familiar brands can be weaponized for espionage.

Iran’s MuddyWater Exclusive: Damaging 100+ Gov Hacks
MuddyWater turned one trusted inbox and a rented VPN into a battering ram against more than 100 government networks—proving social engineering beats flashy malware every time. Group‑IB’s forensic breakdown shows how stealthy credential theft and patient lateral movement bought months of access to critical diplomatic and government secrets.

Blitz Spear Phishing Campaign Exclusive: NGOs at Risk
Imagine the inbox that coordinates relief suddenly opening the door to attackers: a one-day spear-phishing blitz—dubbed PhantomCaptcha—targeted NGOs and regional offices helping Ukraine with convincing impersonations and weaponized attachments to harvest credentials and deploy malware. It’s a stark reminder that adversaries now weaponize trust and identity to disrupt aid, not just networks.

Pakistani-Linked Hacker Group: Exclusive Threat to India
Pakistan-linked operators are quietly slipping DeskRAT into Indian government networks to siphon secrets — a stealthy espionage campaign that makes stronger detection, logging and diplomatic response urgent.

Blitz Spear Phishing Campaign Exclusive: Severe NGO Threat
What do you do when a helpful-looking email hands attackers your keys? In October’s PhantomCaptcha spear‑phishing campaign, NGOs and local governments supporting Ukraine were hit with short, surgical, time‑sensitive lures and weaponized attachments that harvested credentials and opened the door to loaders and remote access trojans.