The vulnerability was actively exploited by Russian cybercrime groups through spear-phishing campaigns, using homoglyph attacks to spoof document extensions and trick users and the Windows Operating System into executing malicious files.

The botnet comprises malware variants derived from Mirai and Bashlite and infects IoT devices by exploiting vulnerabilities and weak credentials. The primary devices used in the botnet were wireless routers and IP cameras from well-known brands.

Threat actors often leverage reputable file hosting services like Mediafire and Mega.nz to conceal the origin of their malware and make detection and removal more difficult.

This latest version of NodeStealer can not only harvests credit card details and browser-stored data, but also targets Facebook Ads Manager accounts for their critical financial and business information.

The attacker impersonated a client, convincing the victim to download AnyDesk, thereby gaining remote access and deploying DarkGate through an AutoIt script. The malware enabled command execution, system discovery, and persistent access.

Earth Minotaur uses the MOONSHINE exploit kit to deliver the DarkNimbus backdoor to Android and Windows devices, targeting WeChat, and possibly making it a cross-platform threat.

Gafgyt primarily targets vulnerable IoT devices, but Trend Micro researchers recently observed this malware being used to attack Docker Remote API servers, signifying a notable shift in its behavior.

The campaign’s primary intrusion vector involved carefully crafted spear-phishing emails. These messages, often sent from compromised or free email accounts, contained links to malicious OneDrive-hosted ZIP files.

Earth Estries, a Chinese APT group, has primarily targeted critical sectors like telecommunications and government entities across the US, Asia-Pacific, Middle East, and South Africa since 2023.

Water Barghest, which comprised over 20,000 IoT devices by October 2024, monetizes IoT devices by exploiting vulnerabilities and quickly enlisting them for sale on a residential proxy marketplace.