Phishers Gain Persistence at EU, Asia Hospitality Orgs
Separate but similar campaigns described by Microsoft and Trend Micro use malicious zip files to spread malware via social engineering and obsfucation, including blockchain abuse.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Separate but similar campaigns described by Microsoft and Trend Micro use malicious zip files to spread malware via social engineering and obsfucation, including blockchain abuse.
Video of Industry Figures Harvested During Meetings and Used to Lure Future VictimsNorth Korean hackers are pretending to be cryptocurrency insiders, in an attempt to trick targets into accepting Calendly calendar invites. The social engineering ruse is designed to infect Windows and macOS systems with crypto stealers, and to harvest video of real-life people for future lures.
Social engineering: 'low-cost, hard to patch, and scales well' North Korean criminals set on stealing Apple users' credentials and cryptocurrency are using a combination of social engineering and a fake Zoom software update to trick people into manually running malware on their own computers, according to Microsoft.…
A "novel" social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a previously undocumented Windows remote access trojan called PHANTOMPULSE in attacks targeting individuals in the financial and cryptocurrency sectors
The North Korea-linked threat actor known as UNC1069 has been observed targeting the cryptocurrency sector to steal sensitive data from Windows and macOS systems with the ultimate goal of facilitating financial theft
Cryptocurrency users are the target of an ongoing social engineering campaign that employs fake startup companies to trick users into downloading malware that can drain digital assets from both Windows and macOS systems
The North Korean threat actors behind Contagious Interview have adopted the increasingly popular ClickFix social engineering tactic to lure job seekers in the cryptocurrency sector to deliver a previously undocumented Go-based backdoor called GolangGhost on Windows and macOS systems
The North Korea-linked threat actor known as Sapphire Sleet is estimated to have stolen more than $10 million worth of cryptocurrency as part of social engineering campaigns orchestrated over a six-month period
Microsoft warns that the BlueNoroff North Korean hacking group is setting up new attack infrastructure for upcoming social engineering campaigns on LinkedIn. [...]
The credential-phishing attack leverages social engineering and brand impersonation techniques to lead users to a spoofed MetaMask verification page.