Skip to main content

Tag: spear phishing

32 articles

Person sits at cluttered desk with laptop and financial documents, surrounded by papers.

China-nexus Hackers Deploy DcRAT via Fake Indian Tax Utility

Cyber attackers with ties to China are pulling out all the stops to scam Indian taxpayers, using a sophisticated fake tax utility to deploy malware and pilfer sensitive info. Their precision-crafted phishing campaign, dubbed Operation DragonReturn, sends convincing emails and PDFs that even cite real laws to trick victims.

Analyst 207
Government office workspace with computer workstation hinting at cyberattack.

Armored Likho Exposes BusySnake Stealer Campaign

Meet Armored Likho, a sneaky group behind the BusySnake Stealer Campaign, which has already compromised government agencies and power companies in Russia, Kazakhstan, and Brazil. Their clever tactics start with targeted spear-phishing emails, often disguised as harmless attachments like psychological tests or aid applications.

Analyst 207
Laptop on a simple desk in a home office setting with a notepad and pen nearby.

Blogger Platform Exploited in VEIL#DROP Malware Attack Chain

The VEIL#DROP malware attack chain starts with a sneaky JavaScript file, cleverly disguised as a harmless document, which executes through Windows Script Host and launches PowerShell with execution policy bypasses enabled. This multi-stage threat can be triggered by spear-phishing or a simple visit to a compromised website.

Analyst 207
Ukrainian government building interior with a computer workstation and hints of cyberattack disruption.

Gamaredon Intensifies Ukraine Cyberattacks with Novel Malware Tools

Gamaredon ramped up its cyberattack efforts in Ukraine last year, unleashing 35 targeted spear-phishing campaigns that zeroed in on government and military targets. The group's goal was to siphon off sensitive information to fuel Russian interests in the ongoing conflict.

Analyst 207
Concerned office worker or home user sits at desk, scrutinizing laptop screen with a wary expression.

ScarCruft Targets Microsoft Users with NarwhalRAT Malware

Beware of fake Microsoft account alerts! A sneaky North Korean hacking group, ScarCruft, is sending phishing emails that mimic Microsoft security notifications to trick you into downloading the NarwhalRAT malware.

Analyst 207
Smartphone displaying WhatsApp conversation with suspicious link on a clean, minimalist surface.

WhatsApp Disrupts NSO Group's Spyware Phishing Campaigns

Meta's WhatsApp team swiftly sprang into action, disrupting a sophisticated spyware phishing campaign linked to the NSO Group after investigating user reports of targeted social-engineering attacks. They successfully stopped the attackers' attempts to trick people into clicking malicious links that could have put their data at risk.

Analyst 207
Smartphone with blurred WhatsApp interface on screen, set against a neutral background with a faint, out-of-focus globe in…

Meta Disrupts NSO Group's WhatsApp Phishing Campaign

Meta detected and blocked a sneaky WhatsApp phishing campaign linked to NSO Group, where attackers tried to trick people into clicking malicious links that led to external websites. The company also filed a contempt order against NSO for allegedly violating a court injunction by targeting WhatsApp users.

Analyst 207
Afghan government office with computer workstation and stacks of papers.

SideCopy Targets Afghan Finance Ministry with Xeno RAT Malware

Seqrite Labs researchers uncovered a sneaky malware attack, dubbed Operation XENOFISCAL, where the Pakistan-aligned SideCopy group targeted Afghanistan's Ministry of Finance and government officials with a cleverly crafted phishing lure written in Pashto. The attack used Xeno RAT Malware, delivered through a ZIP archive with a malicious LNK file, to infiltrate its targets.

Analyst 207
Laptop on a cluttered wooden desk in a small Ukrainian office with blurred screen.

Russia-Linked GREYVIBE Exploits AI in Ukraine Cyberattacks

Discover how the Russia-linked group GREYVIBE is using AI to launch sophisticated cyberattacks on Ukraine, leveraging tactics like spear-phishing emails and fake websites to spread malware. WithSecure researchers have tracked GREYVIBE's activities back to August 2025, revealing a pattern of attacks targeting Ukraine's military, government, and civilian sectors.

Analyst 207
Cluttered office desk with laptop and scattered papers near a bright window.

Kimsuky APT Expands Arsenal with Advanced PebbleDash Malware Tools

Kimsuky's malware arsenal just got a major boost with the addition of advanced PebbleDash tools, allowing the group to infiltrate systems with even more sophisticated tactics. Their latest campaign uses clever spear-phishing and malicious attachments to catch victims off guard.

Analyst 207
Worker looks concerned at laptop screen displaying fake Zoom meeting in modern office.

North Korean Hackers Exploit Crypto Firms with AI-Driven Zoom Lures

North Korean hackers launched a massive spear-phishing campaign, targeting over 100 crypto organizations worldwide with cleverly crafted Zoom lures and AI-generated deepfakes. They used fake calendar invites and typosquatted meeting links to gain access and exfiltrate sensitive data in a matter of minutes.

Analyst 207
NASA employees work at desks with laptops and computers in a well-lit office setting.

NASA Targeted in Chinese Phishing Scheme for U.S. Defense Software

For years, unsuspecting NASA employees and collaborators were duped into sharing sensitive US defense software with a Chinese national masquerading as a colleague, in a brazen phishing scheme that went undetected for years. The scam funneled top-secret aerospace and defense tech to the imposter, violating US export control laws in the process.

Analyst 207
Dark laptop screen with ghostly university and Taiwan map images, surrounded by scattered papers.

LucidRook Malware Targets NGOs, Universities in Taiwan

A sneaky new malware called LucidRook has set its sights on non-governmental organizations and universities in Taiwan, using spear-phishing to catch its victims off guard. This Lua-based threat is the latest cyber attacker to target these vulnerable sectors.

Analyst 207
Desert landscape at dusk with a broken smartphone and scattered papers in the foreground, a lone figure silhouetted in the…

Bitter APT Group Exploits Middle East Spear-Phishing Campaign

The Bitter APT Group has been linked to a sophisticated year-long spear-phishing campaign that targeted the Middle East, using deceptive emails to spread its reach. This hack-for-hire effort, attributed to a South Asian connection, signals a sustained threat to the region's security.

Analyst 207
DarkSword Threatens iOS with Alarming Russian Cyberattack

DarkSword Threatens iOS with Alarming Russian Cyberattack

A new Russian cyberattack has been detected targeting iOS devices, with a state-sponsored threat group linked to a sophisticated spear-phishing campaign that's got everyone on high alert. Here's what you need to know to protect yourself from this alarming threat.

Analyst 207
North Korea’s APT37 Exclusive: Dangerous Tool Hits Air-Gap

North Korea’s APT37 Exclusive: Dangerous Tool Hits Air-Gap

Think the most isolated machines are untouchable? North Korea’s APT37 has broadened its toolkit — combining believable lures with new utilities that can defeat air‑gap protections and put highly sensitive systems at fresh risk.

Analyst 207
Transparent Tribe Targets India: Exclusive Severe RAT Alert

Transparent Tribe Targets India: Exclusive Severe RAT Alert

Heads up: Transparent Tribe is slipping weaponized .LNK shortcut files disguised as PDFs into spear-phishing emails, silently installing a remote-access trojan that can steal data and maintain persistent access to Indian government, academic, and strategic networks.

Analyst 207
French Football Federation Exclusive: Damaging Data Breach

French Football Federation Exclusive: Damaging Data Breach

Imagine names, birthdates and contact details for more than two million amateur players suddenly exposed — that’s the frightening possibility tied to a suspected breach at the French Football Federation. Players and parents should be on alert for phishing and scams while the federation works to lock down access and notify those affected.

Analyst 207
China-Aligned UTA0388 Exclusive: Dangerous AI Phishing

China-Aligned UTA0388 Exclusive: Dangerous AI Phishing

Imagine your inbox posing as a trusted colleague—researchers say UTA0388, a China‑aligned cluster, now uses AI to craft eerily personalized, time‑sensitive spear‑phishing that steals credentials and plants stealthy, long‑term access.

Analyst 207
Trojanized ESET Installers Expose Stunning Harmful Backdoor

Trojanized ESET Installers Expose Stunning Harmful Backdoor

Think twice before hitting Install — a May 2025 campaign used trojanized ESET installers, convincing fake vendor pages, and targeted spear‑phishing to slip a stealthy backdoor into Ukrainian victims. This attack is a stark reminder that even trusted updates and familiar brands can be weaponized for espionage.

Analyst 207
Dark landscape with cracked dam, lone figure amidst shattered screens and wires.

Iran’s MuddyWater Exclusive: Damaging 100+ Gov Hacks

MuddyWater turned one trusted inbox and a rented VPN into a battering ram against more than 100 government networks—proving social engineering beats flashy malware every time. Group‑IB’s forensic breakdown shows how stealthy credential theft and patient lateral movement bought months of access to critical diplomatic and government secrets.

Analyst 207
Blitz Spear Phishing Campaign Exclusive: NGOs at Risk

Blitz Spear Phishing Campaign Exclusive: NGOs at Risk

Imagine the inbox that coordinates relief suddenly opening the door to attackers: a one-day spear-phishing blitz—dubbed PhantomCaptcha—targeted NGOs and regional offices helping Ukraine with convincing impersonations and weaponized attachments to harvest credentials and deploy malware. It’s a stark reminder that adversaries now weaponize trust and identity to disrupt aid, not just networks.

Analyst 207
Pakistani-Linked Hacker Group: Exclusive Threat to India

Pakistani-Linked Hacker Group: Exclusive Threat to India

Pakistan-linked operators are quietly slipping DeskRAT into Indian government networks to siphon secrets — a stealthy espionage campaign that makes stronger detection, logging and diplomatic response urgent.

Analyst 207
Blitz Spear Phishing Campaign Exclusive: Severe NGO Threat

Blitz Spear Phishing Campaign Exclusive: Severe NGO Threat

What do you do when a helpful-looking email hands attackers your keys? In October’s PhantomCaptcha spear‑phishing campaign, NGOs and local governments supporting Ukraine were hit with short, surgical, time‑sensitive lures and weaponized attachments that harvested credentials and opened the door to loaders and remote access trojans.

Analyst 207