Phishing

Related Videos

North Korea flag is depicted on the screen with the program code. The concept of modern technology and site development

Ongoing Kimsuky attack campaign exploits PowerShell, Dropbox

SC StaffFebruary 14, 2025

Kimsuky — also known as APT43, Black Banshee, TA427, and Velvet Chollima — commences intrusions with the distribution of phishing emails with a ZIP archive attachment containing an LNK file seemingly spoofing legitimate documents.

Phishing

Immigration-themed phishing attack uncovered

SC StaffFebruary 13, 2025

Attacks involved the delivery of malicious emails warning travelers of potential denied entry due to incomplete immigration requirements that include a link redirecting to a fake government portal-spoofing website facilitating login credential and payment data theft, a report from Cofense revealed.

PowerShell inscription on the background of computer code.

Threat Intelligence

PowerShell exploited in new Kimsuky intrusions

SC StaffFebruary 13, 2025

After establishing trust with targets through the spoofing of a South Korean government official, Kimsuky — also known as APT43, ARCHIPELAGO, Black Banshee, Velvet Chollima, and Thallium — proceeded to distribute spear-phishing emails with a PDF document and a link redirecting to a website with PowerShell and code execution instructions.

Malware

Magento stores compromised with Google Tag Manager skimmer

SC StaffFebruary 11, 2025

Intrusions involved the distribution of an obfuscated backdoor in the guise of a GTM and Google Analytics script for web analytics and advertising, which when executed from a Magento database table facilitates the exfiltration of credit card details, according to a report from Sucuri.

Facebook user touches on love in Facebook app

Phishing

Global phishing campaign targets Facebook accounts

SC StaffFebruary 11, 2025

Threat actors exploiting Salesforce's automated mailing service sent malicious emails with fake Facebook logos warning of copyright violations and account restrictions should recipients fail to contest the claim using a link that redirects to a phony Facebook support page seeking their credentials.

Phishing

Faulty phishing site blocking disrupts Cloudflare services

SC StaffFebruary 10, 2025

Also partially impacted by the incident — which involved the accidental takedown of the whole R2 Gateway service instead of the targeted endpoint alone — were Cloudflare's Cache Purge, Durable Objects, and Workers & Pages services.

Threat Intelligence

Kimsuky shifts tactics from traditional backdoors to RDP, proxies

Laura FrenchFebruary 6, 2025

The North Korean APT group has leveraged a custom RDP Wrapper and new malware called forceCopy in recent campaigns.

Malware

New AsyncRAT campaign uncovered

SC StaffFebruary 6, 2025

Attacks commenced with the delivery of phishing emails with a Dropbox link that downloads a ZIP archive containing an internet shortcut file with a TryCloudflare URL that fetches an LNK file for further compromise, a report from Forcepoint X-Labs showed.

Phishing

Related Videos

Threat predictions for 2024: Chained AI and CaaS operations give attackers more ‘easy’ buttons than ever

Ongoing Kimsuky attack campaign exploits PowerShell, Dropbox

Immigration-themed phishing attack uncovered

PowerShell exploited in new Kimsuky intrusions

Magento stores compromised with Google Tag Manager skimmer

Global phishing campaign targets Facebook accounts

Faulty phishing site blocking disrupts Cloudflare services

Kimsuky shifts tactics from traditional backdoors to RDP, proxies

New AsyncRAT campaign uncovered

Fast Five

Selected by the SC Media Editorial team every Tuesday.