Fangxiao spoofs big brands, Instagram impersonators target students and Feds’ Hive warning
Cybersecurity campaign spoofs over 400 brands, cyberattackers target U.S. university students with Instagram phishing and Feds’ warning on Hive ransomware. Catch all this and more in this week’s edition of Cybersecurity Weekly.
See Infosec IQ in action
1. Long-standing Chinese cybercrime campaign spoofs over 400 brands
Threat intelligence company Cyjax has uncovered a cybercrime campaign spoofing over 400 well-known brands. Designed by the malicious Chinese for-profit group Fangxiao, the campaign involves threat actors sending links to websites impersonating brands like Coca-Cola, Unilever, Emirates, and McDonald’s on WhatsApp. Physical or financial incentives trick potential victims into spreading the campaign further, and victims are served scams or malware instead.
2. Instagram impersonators target thousands, slipping by Microsoft's cybersecurity
The Armorblox research team has identified a socially engineered attack aimed at university students in the U.S. The attack impersonated Instagram and began with an email with a subject line informing would-be victims that there was an unusual login on their account. The email’s body contained details specific to the receipt, like their Instagram handle, to instill a level of trust. Attackers aimed to lure victims into visiting a fake landing page they created to exfiltrate user credentials.
3. Hive ransomware actors have extorted over $100M from victims, says Feds
A joint advisory released by the FBI, the Department of Health and Human Services (HHS), and the U.S. Cybersecurity and Infrastructure Agency (CISA) has warned of a ransomware gang named Hive. The advisory revealed that Hive extorted more than $100 million in ransom payments from over 1,300 firms worldwide. Victims include organizations from a wide range of critical infrastructure sectors and industries, focusing on public health and healthcare entities.
4. Lazarus backdoor DTrack evolves to target Europe and Latin America
A Kaspersky advisory states the backdoor DTrack, which allows cybercriminals to upload, download, launch or delete files on a victim’s system, is still being used to target Latin American and European organizations. Among the executed and downloaded files already present in the standard DTrack toolset, the firm spotted a screenshot, a keylogger and a module for collecting victims’ host information. With such a toolset, adversaries can laterally move into the victims’ infrastructure and retrieve compromised information.
5. Chinese hackers use Google Drive to drop malware on government networks
Trend Micro researchers report that State-sponsored Chinese hackers launched spearphishing attacks to deploy malware in Google Drive on global research, academic, and government organizations’ systems. The researchers have attributed the campaign to the threat group Mustang Panda. The threat actors leveraged Google accounts to send victims email messages with links pointing to Google Drive or Dropbox folders. The legitimate platforms’ links made these emails look less suspicious, enabling them to bypass security mechanisms.
Phishing simulations & training
In this Series
- Fangxiao spoofs big brands, Instagram impersonators target students and Feds’ Hive warning
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
