Iranian APT 35 Group Posing As Journalist To Phish Victims
Download >>> https://blltly.com/2tsqZ4
On September 23, 2020, Group-IB reported that a cybercrime gang dubbed 'OldGremlin' had been targeting banks and other businesses in Russia with ransomware since early March, 2020. OldGremlin uses spear-phishing emails to enter networks and then encrypts data for a ransom of around $50,000. The Russian-speaking group is also notable for its apparent focus on Russian-based companies.
On June 22, 2020, researchers identified a new variant of the IcedID banking trojan that uses COVID-19 related phishing lures. This new variant is using steganography to infect the victims and comes equipped with fresh anti-detection capabilities.
Group-IB has reported that PerSwaysion, a cybercrime group operating since mid-2019, has breached the email accounts of high-ranking executives at more than 150 firms. The group appears to have primarily targeted the financial sector, although it has expanded into other verticals, and typically uses phishing campaigns to breach corporate email accounts. The group members appear to be based in Nigeria and South Africa.
In the first week of January 2020, it was reported that major banks in sub-Saharan Africa were targeted by the Silence hacking group. According to Kaspersky, who attributed the attacks to the Silence group based on malware used, the general outline of such an attack involved phishing emails being sent with the malware, data gathering, and then withdrawing large amounts of cash in one go via ATMs. As of mid-January 2020, the attacks are ongoing and persist in targeting large banks.
Since 2018, Silence has sent over 170,000 phishing attacks to financial institutions. The group has refined its techniques since it was first spotted in 2016. Silence now uses fileless techniques, repurposed open-source projects, and old vulnerabilities.
On May 16, 2019, Europol, the U.S. Department of Justice (DoJ), and six other countries, dismantled a group of international cyber criminals that used the GozNym malware to steal over $100 million. The group stole from over 40,000 victims, including the bank accounts of small businesses, law firms, international corporations, and nonprofit organizations. Following a law enforcement investigation across the U.S., Bulgaria, Germany, Georgia, Moldova, and Ukraine, ten members were charged for the crime. The leader of the network was charged in Georgia while another was extradited from Bulgaria to the U.S. to face trial. Although some members of the gang are still on the run, the initial charges have been seen as a success for law enforcement in their efforts to combat international cybercrime.
In late 2018, security researchers uncovered that Cobalt, a state-sponsored threat group that specializes in attacks on financial institutions, had begun employing a new variant of the ThreadKit exploit builder kit to execute phishing schemes utilizing Microsoft Office documents.
In late 2018, security researchers uncovered that Cobalt, a state-sponsored threat group that specializes in attacks on financial institutions, had begun employing a new variant of the ThreadKit exploit builder kit to execute phishing schemes utilizing Microsoft Office documents. First observed in October 2017, the new tactics show an evolution of the ThreadKit macro delivery tool and demonstrate the growing range of techniques employed by malicious actors.
In May 2016 and January 2017, the National Bank of Blacksburg, based in the state of Virginia, was hit by phishing emails that enabled intruders to install malware and pivot into the Star Network, a U.S. bank card processing service. The 2017 attack gave wider access to bank networks and enabled the thieves to withdraw $1.8 million over the course of a weekend, taking total losses to $2.4 million. According to a lawsuit filed by the bank against its insurer to recover more of its losses, an investigation after the second attack concluded that both incidents were by the same group, using tools and servers of Russian origin.