Tag: Spear Phishing
-
BO Team’s Pivot to High-Stakes Industrial Espionage and the ZeroSSH Threat
Over the past year, BO Team has significantly recalibrated its approach to incursions against Russian organizations. The syndicate has transitioned away from the boisterous profile of hacktivists intent on performative infrastructure sabotage, increasingly manifesting as a sophisticated unit for clandestine operations and cyber espionage. According to a recent disclosure from Kaspersky, their strategic focus in…
-
The KakaoTalk Trap: How the Konni Syndicate Turns Victims Into Malicious Proxies
The North Korean cyber espionage syndicate Konni has orchestrated a nascent, multi-stage offensive, weaponizing spear-phishing missives alongside the KakaoTalk messaging conduit to proliferate malicious architectures. This labyrinthine stratagem empowered the digital marauders not merely to entrench themselves within the victims’ computational sanctuaries, but to transfigure these very machines into virulent vectors for subsequent contagion. Forensic…
-
Shadows in the Inbox: Ukraine’s CERT-UA Unmasks the UAC-0252 Phishing Blitz and its “PalachPro” Ties
In early 2026, malicious actors initiated a mass dissemination of emails masquerading as official communications from Ukrainian state authorities. Recipients are deceptively urged to “update mobile applications” pertinent to ubiquitous civilian and military services. Lurking beneath the veneer of these missives is a pernicious campaign that deploys a formidable arsenal of software designed to exfiltrate…
-
The Invisible Edge: APT28’s “Operation MacroMaze” Hijacks Browsers via Webhook Lures
The APT28 syndicate has orchestrated a series of surgical strikes against organizations across Western and Central Europe, employing a deceptive yet meticulously crafted scheme involving macros and webhooks. This offensive, designated “Operation MacroMaze”, was documented by the LAB52 team at S2 Grupo. Their findings indicate that the campaign persisted from September 2025 through January 2026,…
-
The Hunter Becomes the Hunted: “Evil AI” WormGPT Suffers Massive Leak of 19,000 User Accounts
The WormGPT platform, notoriously recognized as an AI-augmented instrument for orchestrating cyber-offensives and infiltrations, has purportedly suffered a catastrophic data breach. On a prominent forum dedicated to the dissemination of compromised databases, an archive containing samples of exfiltrated information has surfaced, authored by an individual with an established reputation for distributing authentic materials. According to…
-
Phishing for Fortunes: APT-C-28 Unveils “MiradorShell” in Surgical Strikes on Web3 Teams
The adversarial collective APT-C-28, recognized alternatively as ScarCruft or Konni, has broadened its operational horizons by orchestrating surgical strikes against cryptocurrency enterprises and Web3 development teams. This nascent surge in activity was identified by the 360 Advanced Threat Research Institute during routine surveillance of targeted threats. The campaign elegantly weaves together spear-phishing, multi-tiered malware deployment,…
-
Dragon in the Archives: How “Amaranth-Dragon” Weaponized a WinRAR Zero-Day to Spy on Southeast Asia
In 2025, Southeast Asia witnessed a pronounced escalation in cyber-espionage operations, meticulously cloaked in missives pertaining to regional geopolitics and security developments. This strategic alignment with current events exponentially augments the probability that recipients will engage with deleterious attachments, thereby precipitating an infection sequence. Check Point analysts have delineated a previously undocumented cluster designated as…
-
Operation Poseidon: Konni Group Hijacks Google & Naver Ad Links to Deploy EndRAT
The campaign designated as “Operation Poseidon” has been identified as a sophisticated targeted assault, wherein adversaries exploited advertising traffic redirection mechanisms to circumvent electronic mail filters and diminish user vigilance. The cornerstone of this stratagem was the utilization of link structures from Google Ads and Naver, enabling the masking of deleterious transitions as legitimate promotional…
-
Lazarus Group Stole $1.4B in Crypto; Will Use AI & Deepfakes for 2026 Attacks
North Korea’s Lazarus hacking collective is intensifying its targeted phishing campaigns against cryptocurrency platforms and individual investors, amassing hundreds of millions of dollars in illicit gains. According to a report by AhnLab, the group is expected to adopt even more sophisticated spear-phishing tactics in 2026, increasingly leveraging AI, deepfakes, and advanced evasion techniques to bypass…
-
Diplomatic Spies: Chinese APT UNC6384 Targets NATO Hosts with PlugX Malware
In September and October, researchers at Arctic Wolf Labs uncovered a new wave of cyber-espionage targeting the diplomatic institutions of Hungary and Belgium. According to their findings, the campaign was orchestrated by the Chinese threat group UNC6384, a collective previously noted by major technology companies. Back in August, Google had reported similar activity from the…
-
APT36 Launches New Cyber-Espionage Campaign on Indian Govt
APT36, also known as Transparent Tribe, has launched a new espionage campaign targeting government and defense institutions in India. This Pakistan-linked group, active since at least 2013, has long relied on phishing campaigns and credential theft to infiltrate restricted systems. In their latest operation, the attackers introduced a novel infection technique, leveraging “.desktop” files in…
-
Inside Kimsuky’s GitHub-Powered Cyber-Espionage Campaign
At the beginning of 2025, Trellix specialists uncovered a sweeping cyber-espionage campaign targeting diplomatic missions in Seoul. Between March and July, at least nineteen phishing attacks were recorded, in which North Korean–linked actors impersonated diplomats and distributed convincing invitations to meetings, official letters, and event notifications. The campaign’s most notable feature was its use of…