Typosquatted domains mimicking legitimate sites have been leveraged to host the MSIX installers, which not only spoof Zoom, KeePass, Steam, and other popular software but also facilitate script execution prior to app deployment.
Attacks by both hacking operations mostly involved the delivery of malicious emails seeking a review of a purportedly encrypted PDF attachment, which seeks targets' password and two-factor authentication code to facilitate email access and online storage compromise.
Intrusions aimed at exfiltrating credentials from nearly a dozen former and current U.S. officials and people associated with the campaigns of former President Donald Trump and President Joe Biden were conducted by APT42 between May and June.
Such a loss stemmed from unknown attackers luring a non-executive employee to conduct several outbound wire transfers to their controlled accounts, said Orion in a filing with the Securities and Exchange Commission.
By giving users specific feedback on recent attacks and offering interactive forums, companies can keep their staffs up-to-speed on the latest threats.
Intrusions commenced with the delivery of phishing emails with RAR archives deploying a backdoor that facilitated the injection of the APT31-linked GrewApacha trojan, as well as a new version of the CloudSorcerer malware that bypasses detection through VMProtect.
