Search Results for: phishing attacks

September 3, 2022 More details have emerged about the operators behind the first-known phishing campaign specifically aimed at the Python Package Index (PyPI), the official third-party software repository for the programming language. Connecting it to a threat actor tracked as JuiceLedger, cybersecurity firm SentinelOne, along with Checkmarx, described the group as a relatively new entity that surfaced in …

JuiceLedger Hackers Behind the Recent Phishing Attacks Against PyPI Users Read More »

August 26, 2022 The Python Package Index, PyPI, on Wednesday sounded the alarm about an ongoing phishing campaign that aims to steal developer credentials and inject malicious updates to legitimate packages. “This is the first known phishing attack against PyPI,” the maintainers of the official third-party software repository said in a series of tweets. The social engineering …

PyPI Repository Warns Python Project Maintainers About Ongoing Phishing Attacks Read More »

August 17, 2022 Microsoft on Monday revealed it took steps to disrupt phishing operations undertaken by a “highly persistent threat actor” whose objectives align closely with Russian state interests. The company is tracking the espionage-oriented activity cluster under its chemical element-themed moniker SEABORGIUM, which it said overlaps with a hacking group also known as Callisto, COLDRIVER, and TA446. …

Microsoft Warns About Phishing Attacks by Russia-linked Hackers Read More »

August 12, 2022 A trio of offshoots from the notorious Conti cybercrime cartel have resorted to the technique of call-back phishing as an initial access vector to breach targeted networks. “Three autonomous threat groups have since adopted and independently developed their own targeted phishing tactics derived from the call back phishing methodology,” cybersecurity firm AdvIntel said in …

Conti Cybercrime Cartel Using ‘BazarCall’ Phishing Attacks as Initial Attack Vector Read More »

July 30, 2022 The decentralized file system solution known as IPFS is becoming the new “hotbed” for hosting phishing sites, researchers have warned. Cybersecurity firm Trustwave SpiderLabs, which disclosed specifics of the attack campaigns, said it identified no less than 3,000 emails containing IPFS phishing URLs as an attack vector in the last three months. …

Researchers Warns of Increase in Phishing Attacks Using Decentralized IPFS Network Read More »

July 14, 2022 Microsoft on Tuesday disclosed that a large-scale phishing campaign targeted over 10,000 organizations since September 2021 by hijacking Office 365’s authentication process even on accounts secured with multi-factor authentication (MFA). “The attackers then used the stolen credentials and session cookies to access affected users’ mailboxes and perform follow-on business email compromise (BEC) …

Microsoft Warns of Large-Scale AiTM Phishing Attacks Against Over 10,000 Organizations Read More »

June 7, 2022 Microsoft’s Digital Crimes Unit (DCU) last week disclosed that it had taken legal proceedings against an Iranian threat actor dubbed Bohrium in connection with a spear-phishing operation. The adversarial collective is said to have targeted entities in tech, transportation, government, and education sectors located in the U.S., Middle East, and India. <!–adsense–> “Bohrium actors …

Microsoft Seizes 41 Domains Used in Spear-Phishing Attacks by Bohrium Hackers Read More »

August 30, 2023 Microsoft is warning of an increase in adversary-in-the-middle (AiTM) phishing techniques, which are being propagated as part of the phishing-as-a-service (PhaaS) cybercrime model. In addition to an uptick in AiTM-capable PhaaS platforms, the tech giant noted that existing phishing services like PerSwaysion are incorporating AiTM capabilities. “This development in the PhaaS ecosystem …

Phishing-as-a-Service Gets Smarter: Microsoft Sounds Alarm on AiTM Attacks Read More »

June 10, 2023 Banking and financial services organizations are the targets of a new multi-stage adversary-in-the-middle (AitM) phishing and business email compromise (BEC) attack, Microsoft has revealed. “The attack originated from a compromised trusted vendor and transitioned into a series of AiTM attacks and follow-on BEC activity spanning multiple organizations,” the tech giant disclosed in a Thursday …

Microsoft Uncovers Banking AitM Phishing and BEC Attacks Targeting Financial Giants Read More »