Security News

Uncle Sam on Tuesday said it had seized two web domains used to foist malware on victims using spoofed emails from the US Agency for International Development. The malicious messages, masquerading as legitimate emails from USAID, went out to thousands of email accounts at over a hundred different organizations.

The US Department of Justice has seized two Internet domains used in recent phishing attacks impersonating the U.S. Agency for International Development to distribute malware and gain access to internal networks. Com and were used to receive data exfiltrated from victims of the targeted phishing attacks and send further commands malware to execute on infected machines.

A Kenyan security guard now facing charges in Qatar after writing compelling, anonymous accounts of being a low-paid worker there found himself targeted by a phishing attack that could have revealed his location just before his arrest, analysts say. While analysts from Amnesty International and Citizen Lab said they were unable to say who targeted Malcolm Bidali, the phishing attack mirrored others previously carried out by Gulf Arab sheikhdoms targeting dissidents and political opposition.

A Walmart phishing campaign is underway that attempts to steal your personal information and verifies your email for further phishing attacks. A new email phishing campaign pretends to be from Walmart with a subject line of "Your Package delivery Problem Notification lD#" stating that they could not deliver your package because your address is incorrect.

Microsoft states that a Russian hacking group used four new malware families in recent phishing attacks impersonating the United States Agency for International Development. In a second blog post released Friday night, Microsoft provides details on four new malware families used by Nobelium in these recent attacks.

The cybercriminal group behind the notorious SolarWinds attack is at it again with a sophisticated mass email campaign aimed at delivering malicious URLs with payloads enabling network persistence so the actors can conduct further nefarious activities. Microsoft Threat Intelligence Center began tracking this latest campaign of Nobelium in late January when it was in the reconnaissance stage, and observed as it "Evolved over a series of waves demonstrating significant experimentation," according to a blog post by the Microsoft 365 Defender Threat Intelligence Team.

Nobelium, the Russia-aligned gang identified as the perpetrators of the supply chain attack on SolarWinds' Orion software, has struck again, Microsoft vice president Tom Burt in a blogpost Thursday. Burt's post says the attacks saw Nobelium gain access to accounts on the email marketing service "Constant Contact" operated by The United States Agency for International Development.

Criminals tried to exploit Hong Kong residents' COVID-related anxiety, according to new security data released yesterday by the Special Administrative Region's secretary for innovation and technology Alfred Sit. Liao cited data that the Hong Kong Hospital Authority was subjected to 50 million cyberattacks last year, up from 20 million in 2015, with the HA also copping five ransomware attacks last year.

Threat actors are cashing in on the rapid shift to cloud-based business services during the pandemic, by hiding behind ubiquitous, trusted services from Microsoft and Google to make their email phishing scams look legit. In the first three months of 2021 alone, researchers found 7 million malicious emails sent from Microsoft 365 and a staggering 45 million sent from Google's infrastructure, Proofpoint reported, adding that cybercriminals have used Office 365, Azure, OneDrive, SharePoint, G-Suite and Firebase storage to send phishing emails and host attacks.

Threat actors impersonated Truist, the sixth-largest US bank holding company, in a spear-phishing campaign attempting to infect recipients with what looks like remote access trojan malware. In one of the attacks targeting a renewable energy company in February 2021, the phishing emails instructed the target to download a malicious Windows app mimicking the legitimate Truist Financial SecureBank App and supposedly needed to complete the process behind a $62 million loan.