Collaborate Disseminate
In this article, we discuss the tools and TTPs used in the SideWinder APT’s attacks in H2 2024, as well as shifts in its targets, such as an increase in attacks against the maritime and logistics sectors. Continue reading SideWinder targets the maritime and nuclear sectors with an updated toolset
Kaspersky experts analyze the Angry Likho APT group’s attacks, which use obfuscated AutoIt scripts and the Lumma stealer for data theft. Continue reading Angry Likho: Old beasts in a new forest
We analyze 2024’s key spam and phishing statistics and trends: the hunt for crypto wallets, Hamster Kombat, online promotions via neural networks, fake vacation schedules, and more. Continue reading Spam and phishing in 2024
Suspected Russian threat actors have been taking advantage of Microsoft Device Code Authentication to trick targets into granting them access to their Microsoft 365 (M365) accounts. “While Device Code Authentication attacks are not new, they appe… Continue reading Threat actors are using legitimate Microsoft feature to compromise M365 accounts
CVE-2025-0411, a Mark-of-the-Web bypass vulnerability in the open-source archiver tool 7-Zip that was fixed in November 2024, has been exploited in zero-day attacks to deliver malware to Ukrainian entities, Trend Micro researchers have revealed. The 7-… Continue reading Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411)
Star Blizzard, a threat actor tied to the Russian Federal Security Service (FSB), was spotted attempting to compromise targets’ WhatsApp accounts through a clever phishing campaign. The campaign The campaign started with a spear-phishing email th… Continue reading How Russian hackers went after NGOs’ WhatsApp accounts
It’s not just North Korean hackers who reach out to targets via LinkedIn: since at least September 2023, Iranian threat actor TA455 has been trying to compromise workers in the aerospace industry by impersonating job recruiters on the popular emp… Continue reading Aerospace employees targeted with malicious “dream job” offers
A recent spear-phishing campaign targeting industrial and engineering companies in Europe was aimed at saddling victims with the popular GuLoader downloader and, ultimately, a remote access trojan that would permit attackers to steal information from a… Continue reading Industrial companies in Europe targeted with GuLoader
A number of cybercriminal innovations are making it easier for scammers to cash in on your upcoming travel plans. This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. We’ll also explore an array of cybercrime services aimed at phishers who target hotels that rely on the world’s most visited travel website. Continue reading Booking.com Phishers May Leave You With Reservations
Russian hackers, known as Midnight Blizzard, launch targeted spear-phishing on U.S. officials, exploiting RDP files to gain access to data. Continue reading Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations