Cyjax analysts have analysed a long-running AgentTesla infostealer campaign targeting Dubai and the United Arab Emirates (UAE). The campaign began in at least January 2021 and the samples we gathered continued, almost daily, until May 2021. We have also seen new samples compiled in October 2021. Unlike most AgentTesla campaigns, the targeting focused heavily on …
Persistent AgentTesla campaign targeting the UAE Read More »
Ransomware has continued to play a dominant role in the 2021 threat landscape alongside the unravelling SolarWinds saga and the recent wave of ProxyLogon attacks to deploy webshells on vulnerable Microsoft Exchange Servers [1, 2]. Since the start of the year, Cyjax analysts have tracked a malicious spam (malspam) campaign and cybercriminal operation, dubbed WizardSpider …
WizardSpider using legitimate services as cloak of invisibility Read More »
Since early February, Cyjax analysts have been tracking a mass spam campaign masquerading as Royal Mail parcel delivery notifications. We have observed large numbers of malicious domains being registered each day, typically using Namecheap as registrar and hosting service rather than any others. Multiple varieties of attacks have been detected that use both Royal Mail-themed …
2020 has seen a wide range of attacks and the evolution of the threat landscape. Ransomware attacks have dominated the headlines, alongside state-sponsored APT groups targeting the global COVID-19 response effort. New threat actors have emerged, and well-established groups have persisted undeterred, using upgraded tactics, techniques, and procedures (TTPs). #1 Global malicious email campaigns Throughout …
Cyjax researchers have observed a recent malicious spam campaign pushing commodity malware such as the AgentTesla infostealer and AveMaria remote access Trojan (RAT). This campaign caught our attention due to its reliance on Discord, the instant messaging and VoIP application, to host its payloads. The spam emails are sent from spoofed sender addresses and masquerade …
Introduction Our team was recently alerted to a well-made phishing page targeting a large UK bank. During our investigation we found that this page was part of a larger “multi-part” phishing kit that did not function as common phishing kits do, instead using a central control panel. We were able to obtain the source code …
Two-Factor Fail: Analysis of a modern phishing kit Read More »
COVID-19 Cybersecurity Update Coronavirus-themed attacks are decreasing, with a 24 per cent reduction in June compared to May. This is due to other news items gaining traction: Black Lives Matter is a case in point. It should be noted that these attack topics will not disappear as long as there is sufficient interest in the …
Geopolitical and Cybersecurity Weekly – 29 June 2020 Read More »
COVID-19 Cybersecurity Update The FBI has reported on the most common types of fraud during the pandemic. The Internet Crime Complaint Center (IC3) received nearly as many complaints in the first half of 2020 (about 320,000) as in the entirety of 2019 (about 400,000). Criminals continue to peddle counterfeit personal protective equipment (PPE) and fraudulent …
Geopolitical and Cybersecurity Weekly – 15 June 2020 Read More »
The full Cyber Threat Brief for Critical Infrastructure can be downloaded here. There has been a significant uptick in cyberattacks exploiting fear of the coronavirus to compromise victims. Notably, however, there has not been a surge in the total number of attacks. Instead, existing cybercriminal operations have been rethemed with COVID-19 lures. Attackers have not …
COVID-19 Critical Infrastructure Cyber Threat Brief Read More »
