After establishing trust with targets via spear-phishing emails purporting to be job openings for senior-/manager-level employees in high-profile companies, UNC2970 proceeded to deliver a malicious ZIP file masquerading as a job description, an analysis from Google Cloud's Mandiant revealed.
The U.S. Department of Justice announced that former Aviation Industry Corporation of China employee Song Wu has been indicted with wire fraud and aggravated identity theft due to his alleged spear-phishing campaigns against the several U.S. government agencies.
While most of the scams involved spearphishing attacks spreading the Atomic macOS Stealer via malicious Zoom meeting client builds, Marko Polo also impersonated productivity software, blockchain-based projects, and online games to facilitate compromise.
Cryptocurrency industry workers have been targeted by North Korean threat actors leveraging job lures on LinkedIn to enable RustDoor malware compromise, according to The Hacker News.
Threat actors have exploited HTTP header refresh entries to deploy fraudulent credential harvesting email login pages as part of far-reaching phishing campaigns between May and July, which primarily targeted the business and economy sector, The Hacker News reports.
Project Phantom, which complements SlashNext's messaging security platform, bypasses obfuscation techniques used by threat actors to block security services from analyzing phishing sites.
Comparable tactics, techniques, and procedures have been leveraged by North Korean threat group Konni, which has been tied to Kimsuky, in its escalating cyberespionage operations against Russia and South Korea.
