UAC-0063 leveraged trojanized legitimate documents from Kazakhstan's Ministry of Foreign Affairs tackling the country's diplomatic cooperation with other nations between 2021 and 2024 to facilitate the distribution of the Hatvibe and Cherryspy payloads, a report from Sekoia revealed.
Attacks by RedDelta commence with spear-phishing emails using Mongolian flood protection, Taiwanese presidential candidate Terry Gou, and an Association of Southeast Asian Nations meeting as lures that contain malicious MSI, MSC, and LNK files to facilitate PlugX malware compromise, according to an analysis from Recorded Future's Insikt Group.
Intrusions discovered earlier this week commenced with the delivery of a malicious email purporting to be from a CrowdStrike employment agent that includes a link for downloading an employee CRM app, which when clicked redirected to a CrowdStrike-spoofing website offering Windows and macOS versions of the app, according to CrowdStrike.
Most phishing clicks have been aimed at cloud apps, the most targeted of which were those made by Microsoft as threat actors sought to compromise Microsoft 365 and Microsoft Live credentials, according to a report from Netskope.