The U.S. Department of Justice announced that former Aviation Industry Corporation of China employee Song Wu has been indicted with wire fraud and aggravated identity theft due to his alleged spear-phishing campaigns against the several U.S. government agencies.
While most of the scams involved spearphishing attacks spreading the Atomic macOS Stealer via malicious Zoom meeting client builds, Marko Polo also impersonated productivity software, blockchain-based projects, and online games to facilitate compromise.
Cryptocurrency industry workers have been targeted by North Korean threat actors leveraging job lures on LinkedIn to enable RustDoor malware compromise, according to The Hacker News.
Threat actors have exploited HTTP header refresh entries to deploy fraudulent credential harvesting email login pages as part of far-reaching phishing campaigns between May and July, which primarily targeted the business and economy sector, The Hacker News reports.
Project Phantom, which complements SlashNext's messaging security platform, bypasses obfuscation techniques used by threat actors to block security services from analyzing phishing sites.
Comparable tactics, techniques, and procedures have been leveraged by North Korean threat group Konni, which has been tied to Kimsuky, in its escalating cyberespionage operations against Russia and South Korea.
Attacks involved the creation of several ads redirecting to spoofed versions of Lowe's MyLowesLife employee portal in a bid to compromise credentials from current and former workers, according to a report from Malwarebytes Labs.
Attacks spreading the credential- and cryptocurrency wallet asset-stealing BeaverTail malware variant that delivers that information-stealing Python-based InvisibleFerret backdoor were initially conducted by Lazarus Group via fake job offers that dupe targets into executing a malicious Node.js project.