Malicious emails masquerading as purchase notifications have been sent using Apple servers through the exploitation of iCloud Calendar email invitations as part of a new callback phishing campaign, according to BleepingComputer.
Major U.S. defense and aerospace firm Lockheed Martin and over 200 other companies across various sectors have been spoofed as part of an advanced phishing operation underpinned by Google Cloud and Cloudflare infrastructure that has remained undetected since 2021, Cyber Security News reports.
International diplomat-targeted spear-phishing launched by Iranian hackers Numerous embassies, consulates, and international entities around the world, particularly in Europe and Africa, have been targeted by Iranian hackers linked to the Homeland Justice operation in a widespread coordinated spear-phishing campaign, reports The Hacker News.
Operators of the Tycoon phishing-as-a-service platform have enhanced the phishing kit's ability to conceal illicit links in emails amid the growing effectiveness of email security tools in determining such links, reports Infosecurity Magazine.
HackRead reports that spear-phishing attacks spreading the RokRAT tool have been deployed by North Korean state-sponsored threat group ScarCruft, also known as APT37, against South Korean academics, former government officials, and researchers as part the HanKook Phantom cyberespionage campaign.
Infosecurity Magazine reports that cryptocurrency firms Chainalysis, Binance, OKX, and Tether have joined forces to seize nearly $47 million worth of cryptocurrency stolen by a Southeast Asian romance baiting operation.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
