phishing campaign

Pierluigi Paganini June 02, 2024
FlyingYeti targets Ukraine using WinRAR exploit to deliver COOKBOX Malware

Russia-linked threat actor FlyingYeti is targeting Ukraine with a phishing campaign to deliver the PowerShell malware COOKBOX. Cloudflare researchers discovered phishing campaign conducted by a Russia-linked threat actor FlyingYeti (aka UAC-0149) targeting Ukraine. The experts published a report to describe real-time effort to disrupt and delay this threat activity.  At the beginning of Russia’s invasion of Ukraine […]

Pierluigi Paganini April 09, 2024
ScrubCrypt used to drop VenomRAT along with many malicious plugins

Researchers discovered a sophisticated multi-stage attack that leverages ScrubCrypt to drop VenomRAT along with many malicious plugins. Fortinet researchers observed a threat actor sending out a phishing email containing malicious Scalable Vector Graphics (SVG) files. The email is crafted to trick recipients into clicking on an attachment, which downloads a ZIP file containing a Batch […]

Pierluigi Paganini November 25, 2018
Very trivial Spotify phishing campaign uncovered by experts

Researchers at AppRiver uncovered a very trivial phishing campaign targeting the streaming service Spotify, anyway, it is important to share info about it. Security researchers at AppRiver uncovered a phishing campaign targeting the popular streaming service Spotify. The phishing campaign was discovered earlier November, attackers used convincing emails to trick Spotify users into providing their account credentials. The messages include a […]

Pierluigi Paganini December 25, 2016
Malware distribution tactics used in phishing campaign

Experts from Proofpoint discovered a new phishing campaign designed to steal banking data leveraging tactics associated with malware distribution. Security experts from Proofpoint have discovered a new phishing campaign that presents many similarities with campaigns used to spread the Cerber ransomware and the Ursnif banking Trojan. Cyber criminals adopted a technique that leverages on the distribution […]

Pierluigi Paganini December 15, 2016
Phishing campaign on Office 365 Business users leverages Punycode

Security researchers discovered a new phishing campaign leveraging Punycode and a bug in Office 365 defense systems to deceive victims. Office 365 business email users continue to be the target of phishing campaigns, a new wave of attacks was leveraging Punycode to avoid detection of Microsoft’s default security and desktop email filters. Punycode is a method added […]

Pierluigi Paganini December 01, 2015
Phishing campaign leveraging on Dropbox targets Hong Kong media

Security experts at FireEye have uncovered an ongoing phishing campaign leveraging Dropbox account linked to “admin@338” as Command and Control platform. Experts at FireEye have discovered an ongoing phishing campaign using a Dropbox account linked to “admin@338” as the delivery platform. The account ” admin@338 ” was also used in the past to deliver malware, but […]

Pierluigi Paganini May 18, 2015
Expo 2015 – Anonymous has stolen 1TB data from Best Union ticketing service

The Anonymous collective continues the wave of cyber attacks against the Expo 2015 Universal Exposition, the last victim in order of time is the Best Union. Anonymous Italy continues to target the Expo 2015 Universal Exposition being hosted in Milan with a series of attacks under the Operation Italy (#OpItaly). The collective of hackers it targeting […]

Pierluigi Paganini February 27, 2015
Pharming attacks exploit default passwords to hack routers

Experts at Proofpoint uncovered a pharming attack that uses phishing to exploit router vulnerabilities and carry out malicious activities. Security firm Proofpoint revealed that its experts recently detected a spam campaign targeting organizations and primarily Brazilian Internet users. The spam campaign implements a very effective technique to spy on a victim’s Web traffic. The particularity of this […]