Fangxiao: a Chinese threat actor

Phishing campaigns continue to increase globally. These operations offer an easy route for cybercriminals to generate revenue, steal credentials and spread malware. Cyjax has recently investigated a sophisticated, large-scale phishing campaign that exploits the reputation of international, trusted brands, and targets businesses in multiple verticals including retail, banking, travel, pharmaceuticals, travel and energy. We are …

Fangxiao: a Chinese threat actor Read More »

Persistent AgentTesla campaign targeting the UAE

Cyjax analysts have analysed a long-running AgentTesla infostealer campaign targeting Dubai and the United Arab Emirates (UAE). The campaign began in at least January 2021 and the samples we gathered continued, almost daily, until May 2021. We have also seen new samples compiled in October 2021. Unlike most AgentTesla campaigns, the targeting focused heavily on …

Persistent AgentTesla campaign targeting the UAE Read More »

EMEA and APAC governments targeted in widespread credential harvesting campaign

Cyjax analysts have uncovered a large credential harvesting campaign targeting multiple government departments in APAC and EMEA countries. Over 50 hostnames were analysed, many of which were posing as the Ministry of Foreign Affairs, Ministry of Finance, or Ministry of Energy, in various countries such as Uzbekistan, Belarus, and Turkey; as well as the Main …

EMEA and APAC governments targeted in widespread credential harvesting campaign Read More »

Background image

Financial spear-phishing campaigns pushing RATs

On 12 May, the FBI Cyber Division issued a TLP:WHITE Private Industry Notification. This concerned a spear-phishing campaign distributing messages that masqueraded as financial institutions to push fake Windows apps containing remote access Trojans (RATs). The most recent attack impersonated a US-based financial institution to target an American renewable energy company. The spear-phishing email referenced …

Financial spear-phishing campaigns pushing RATs Read More »

Cybersecurity and Geopolitical Vodcast (in partnership with Security Magazine)

Cyjax has partnered with Security Magazine to bring you a monthly Cybersecurity and Geopolitical vodcast hosted by Chief Information Security Officer (CISO) of Cyjax, Ian Thornton-Trump, and Tristan de Souza (Editor and Head of Communications), in which they ruminate on the enmeshing of cybersecurity and geopolitics and the new challenges and intriguing flashpoints these bring to enterprise …

Cybersecurity and Geopolitical Vodcast (in partnership with Security Magazine) Read More »

Gone Phishin’ – Cybersecurity presentation with William Thomas

On 30 October, Cyjax analyst William Thomas presented his talk on the phishing threat landscape at BeerCon2: Rise of the Rookie. The presentation was wide-ranging and included an exploration of threat actors leveraging the cloud to support delivery, bypassing defence mechanisms, and the top-tier threats in this ecosystem. Will’s talk can be found on the …

Gone Phishin’ – Cybersecurity presentation with William Thomas Read More »

2020 Mid-Year CISO Report

Introduction It is imperative to understand the threats and vulnerabilities facing one’s organisation to mitigate the associated risk of a cyberattack. We are regularly asked to define the biggest cybersecurity challenges. Inevitably, they are the same: vulnerability management to reduce the attack surface; phishing attacks (which still account for over 90% of initial compromise and …

2020 Mid-Year CISO Report Read More »

Spam campaign using Discord to host malware

Cyjax researchers have observed a recent malicious spam campaign pushing commodity malware such as the AgentTesla infostealer and AveMaria remote access Trojan (RAT). This campaign caught our attention due to its reliance on Discord, the instant messaging and VoIP application, to host its payloads. The spam emails are sent from spoofed sender addresses and masquerade …

Spam campaign using Discord to host malware Read More »

Scroll to Top