Attacks part of the scheme — which were noted by Swiss authorities to have exceeded 260 between August 2023 and April 2024 — involved the suspects leveraging QR codes that redirected to payment platform-spoofing websites.
AiTM attacks by Mamba 2FA against Microsoft 365 accounts have been facilitated by proxy relays and the Socket.IO JavaScript library, which enabled one-time passcode and authentication cookie access and communications between Microsoft 365 service phishing pages and relay servers, respectively.
Attackers behind the scheme placed an ad on the LEGO website homepage that urged visitors to click a link that would "unlock secret rewards," which redirects to a third-party marketplace enabling purchases of the fraudulent LEGO token with Ethereum.
Security pros says while Star Blizzard will most likely regroup, it does degrade their operations and gives defenders some time to deploy AI-powered tools.
Forty-one of the internet domains seized by the Justice Department have been used by Callisto Group in an ongoing spear-phishing attack campaign against various U.S.-based targets, including current and former employees of the Defense and State Departments, military contractors, and intelligence community members.
Attackers purporting to be Royal Mail distributed malicious emails about a failed package delivery with a PDF attachment that included a link redirecting to a Dropbox-hosted ZIP file, which then facilitated the execution of Prince ransomware.
