French BEC Threat Actor Targets Property Payments

TA2900, is targeting French-speaking individuals with fraudulent rental payment schemes. The campaigns are designed to steal funds by impersonating rental agencies and redirecting rent payments to attacker-controlled bank accounts.

Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers

Storm-1977 has been targeting cloud tenants in the education sector through password spraying attacks using AzureChecker.exe. The campaign led to the compromise of accounts and the deployment of over 200 containers for illicit cryptocurrency mining.
April 28, 2025

APT36 Uses “Pahalgam Terror Attack” Lure in Targeted Phishing Against Indian Defense Personnel

APT36 weaponized a fake "Pahalgam Terror Attack" report to lure Indian government and defense personnel. The phishing emails contained links mimicking legitimate Indian government domains, leading to the download of CrimsonRAT.
April 28, 2025

IntelBroker: A closer look into a Prolific Cybercrime Threat Actor

IntelBroker is a prolific cybercriminal who transitioned from ransomware operations to data brokering and forum administration, notably BreachForums, between August 2024 and January 2025.

Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals

The Darcula phishing-as-a-service (PhaaS) platform has introduced generative AI (GenAI) capabilities, significantly enhancing its accessibility and effectiveness for cybercriminals.

Russian Infrastructure Plays Crucial Role in North Korean Cybercrime Operations

North Korean-aligned threat actors, particularly the Void Dokkaebi group, are leveraging Russian IP infrastructure to conduct cybercrime operations. These campaigns focus on cryptocurrency theft, social engineering, and malware deployment.
April 23, 2025

Russian APT Gamaredon targets Ukraine with new LNK

Security researchers have uncovered a new campaign by the Russian-affiliated APT group Gamaredon, leveraging the PteroLNK variant of the Pterodo malware family to target Ukrainian military, government, and infrastructure sectors.

APT34 Hackers Use Port 8080 for Fake 404 Responses and Shared SSH Keys

Researchers have identified dormant but potentially malicious infrastructure linked to the Iranian threat group APT34 (OilRig), known for targeting sectors such as education, government, energy, telecom, and NGOs.
April 21, 2025

Zoom has a remote control feature and crypto thieves are abusing it - Risky Business Media

A newly uncovered campaign by the threat group ELUSIVE COMET exploits Zoom’s remote control feature to hijack victims’ systems. The attackers use social engineering tactics, impersonating Bloomberg Crypto.

The Zoom attack you didn't see coming

A threat actor known as ELUSIVE COMET is exploiting Zoom’s remote control feature to deploy malware during fake podcast interviews. The attacker is targeting individuals in the cryptocurrency and DeFi sectors.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags