Campaign
-
Blog
Discord flaw lets hackers reuse expired invites in malware campaign
Hackers are hijacking expired or deleted Discord invite links to redirect users to malicious sites that deliver remote access trojans and information-stealing malware. The campaign relies on a flaw in the Discord invitation system to leverage multi-stage infections that evade multiple antivirus engines. “Reviving” expired Discord invites Discord invite links are URLs that allow someone to join a specific Discord server. They…
Read More » -
Blog
100,000 accounts have been hit in a HMRC scam campaign, but the tax office says it wasn’t hacked – here’s why
The UK’s tax revenue service has lost £47 million in a breach that started last year and impacted 100,000 people. The HMRC told the treasury select committee yesterday that the account scam was the result of “organized crime” that set up PAYE, or ‘Pay As You Earn’, accounts for individual taxpayers and used them to claim refunds. “This was organized…
Read More » -
Blog
Government webmail hacked via XSS bugs in global spy campaign
Hackers are running a worldwide cyberespionage campaign dubbed ‘RoundPress,’ leveraging zero-day and n-day flaws in webmail servers to steal email from high-value government organizations. ESET researchers who uncovered the operation attribute it with medium confidence to the Russian state-sponsored hackers APT28 (aka “Fancy Bear” or “Sednit”). The campaign started in 2023 and continued with the adoption of new exploits in…
Read More » -
Blog
Russian hackers tried to lure diplomats with wine tasting – sound familiar? It’s an update to a previous campaign by the notorious Midnight Blizzard group
Notorious Russian threat group Midnight Blizzard has been mixing up its attack methods in recent months, according to analysis from Check Point, including targeting European diplomats with the lure of luxury events. In a blog post detailing the campaign, researchers said the threat group has been targeting European governments and diplomats since January this year. The campaign saw hackers impersonate…
Read More » -
Blog
PoisonSeed phishing campaign behind emails with wallet seed phrases
A large-scale phishing campaign dubbed ‘PoisonSeed’ compromises corporate email marketing accounts to distribute emails containing crypto seed phrases used to drain cryptocurrency wallets. According to SilentPush, the campaign targets Coinbase and Ledger using compromised accounts at Mailchimp, SendGrid, HubSpot, Mailgun, and Zoho. The researchers link the campaign to recent incidents, such as the case of Troy Hunt’s Mailchimp account compromise from late…
Read More » -
Blog
Infostealer campaign compromises 10 npm packages, targets devs
Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers’ systems. The campaign targeted multiple cryptocurrency-related packages, and the popular ‘country-currency-map’ package was downloaded thousands of times a week. The malicious code was discovered by Sonatype researcher Ali ElShakankiry and is found in two heavily obfuscated scripts, “/scripts/launch.js” and “/scripts/diagnostic-report.js,” which execute upon…
Read More » -
Blog
Malware campaign ‘DollyWay’ breached 20,000 WordPress sites
A malware operation dubbed ‘DollyWay’ has been underway since 2016, compromising over 20,000 WordPress sites globally to redirect users to malicious sites. The campaign has evolved significantly in the past eight years, leveraging advanced evasion, re-infection, and monetization strategies. According to GoDaddy researcher Denis Sinegubko, DollyWay has been functioning as a large-scale scam redirection system in its latest version (v3). However, in…
Read More » -
Blog
Nearly a million devices were infected in a huge GitHub malvertising campaign
Microsoft has alerted users to a malvertising campaign leveraging GitHub to infect nearly 1 million devices around the world. A new advisory from Microsoft Threat Intelligence stated that in December 2024 it detected a large-scale campaign using the developer platform as the primary vehicle to deliver the initial access payloads used in attacks. The campaign’s initial stage injects adverts into…
Read More » -
Blog
Cobalt Strike abusers have been dealt a hammer blow: An “aggressive” takedown campaign by Fortra and Microsoft shuttered over 200 malicious domains – and it’s cut the misuse of the tool by 80%
Malicious use of penetration testing tool Cobalt Strike and other legitimate tools has been significantly curtailed after an “aggressive campaign” by its developer Fortra and Microsoft. Fortra teamed up with Microsoft’s Digital Crimes Unit (DCU) and the Health Information Sharing and Analysis Center (Health-ISAC) to mitigate the use of unauthorized, legacy copies of Cobalt Strike and compromised Microsoft software in…
Read More » -
Blog
Microsoft says malvertising campaign impacted 1 million PCs
Microsoft has taken down an undisclosed number of GitHub repositories used in a massive malvertising campaign that impacted almost one million devices worldwide. The company’s threat analysts detected these attacks in early December 2024 after observing multiple devices downloading malware from GitHub repos, malware that was later used to deploy a string of various other payloads on compromised systems. After…
Read More »