Search cyberveille.decio.ch

Found 5 bookmarks

Custom sorting

Storm-2372 conducts device code phishing campaign

Microsoft Threat Intelligence Center discovered an active and successful device code phishing campaign by a threat actor we track as Storm-2372. Our ongoing investigation indicates that this campaign has been active since August 2024 with the actor creating lures that resemble messaging app experiences including WhatsApp, Signal, and Microsoft Teams. Storm-2372’s targets during this time have included government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas in Europe, North America, Africa, and the Middle East. Microsoft assesses with medium confidence that Storm-2372 aligns with Russian interests, victimology, and tradecraft.

#microsoft #EN #2025 #Storm-2372 #phishing #campaign #Russia

·microsoft.com·Feb 16, 2025

Storm-2372 conducts device code phishing campaign

CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks

The ZDI team offers an analysis of how CVE-2025-0411, a zero-day vulnerability in 7-Zip was actively exploited to target Ukrainian organizations through spear-phishing and homoglyph attacks.

#trendmicro #EN #2025 #CVE-2025-0411 #Ukraine #zero-day #7-Zip #Targeted #Campaign

·trendmicro.com·Feb 7, 2025

CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks

X Phishing | Campaign Targeting High Profile Accounts Returns, Promoting Crypto Scams

SentinelLABS has observed an active phishing campaign targeting high-profile X accounts to hijack and exploit them for fraudulent activity.

#sentinelone #EN #2025 #X #Phishing #Campaign #High-Profile #Accounts

·sentinelone.com·Feb 1, 2025

X Phishing | Campaign Targeting High Profile Accounts Returns, Promoting Crypto Scams

New TorNet backdoor seen in widespread campaign

Cisco Talos discovered an ongoing malicious campaign operated by a financially motivated threat actor targeting users, predominantly in Poland and Germany. The actor has delivered different payloads, including Agent Tesla, Snake Keylogger, and a new undocumented backdoor we are calling TorNet, dropped by PureCrypter malware. The actor is running a Windows scheduled task on victim machines—including on endpoints with a low battery—to achieve persistence. The actor also disconnects the victim machine from the network before dropping the payload and then connects it back to the network, allowing them to evade detection by cloud antimalware solutions. We also found that the actor connects the victim’s machine to the TOR network using the TorNet backdoor for stealthy command and control (C2) communications and detection evasion.

#talosintelligence #EN #2025 #TorNet #backdoor #campaign #Poland #Germany #analysis #malware

·blog.talosintelligence.com·Jan 29, 2025

New TorNet backdoor seen in widespread campaign

fasthttp Used in New Bruteforce Campaign

SpearTip Security Operations Center, together with the SaaS Alerts team, identified an emerging threat involving the fastHTTP library

#speartip #EN #2025 #fastHTTP #library #Bruteforce #Campaign

·speartip.com·Jan 24, 2025

fasthttp Used in New Bruteforce Campaign