ALERTS OPERATION
HOME APT BOTNET CAMPAIGN CRIME CRYPTOCURRENCY EXPLOIT HACKING GROUP OPERATION PHISHING RANSOM SPAM VIRUS VULNEREBILITY
DATE |
NAME |
CATEGORY |
SUBCATE |
INFO |
| 10.3.25 | Phantom-Goblin operation spreading infostealers to victims | OPERATION | Phantom-Goblin is the name of a malicious infostealing campaign recently identified in the wild. The attackers responsible are leveraging social engineering techniques luring victims into execution of malicious .LNK files. | |
| 27.2.25 | Threat actors spoof Sagawa Express services to steal credentials | OPERATION | Symantec has identified a new wave of phishing attacks that impersonate Sagawa Express services to steal credentials. In this campaign, phishing emails are disguised as delivery notifications requesting an immediate update of the delivery address. The email content is brief, encouraging recipients to click on a phishing URL. Once clicked, victims encounter webpages designed for credential harvesting. | |
|
1.11.24 | HeptaX Cyberattack Operations | ALERTS | OPERATION | A researcher recently identified a multi-stage cyberattack targeting the healthcare industry, initiated through a ZIP file containing a malicious shortcut (.lnk) file, likely spread via phishing emails. When executed, the LNK file runs a PowerShell command that downloads additional payloads including scripts and BAT files from a remote server. These scripts create a new administrative user account and alter RDP settings to reduce authentication requirements, allowing attackers to gain remote access for further malicious actions such as data theft and malware installation. |
| 14.6.24 | Operation Celestial Force | ALERTS | OPERATION | A new malicious campaign dubbed 'Operation Celestial Force' has been reported by the researchers from Cisco Talos. The campaign has been active since at least 2018 and targeting Indian organizations from the defense, government and technology sectors. According to the published research, 'Operation Celestial Force' has been attributed to the threat group known as Cosmic Leopard. The attackers have been leveraging Android malware variant - GravityRAT as well as Electron-based Windows loader called HeavyLift. The attacks carried out by this APT group have been managed by a standalone custom tool called GravityAdmin, that centralizes execution of malicious actions on the compromised systems. |
| 8.4.24 | Operation HamsaUpdate | ALERTS | Operation | Operation HamsaUpdate is a recently identified campaign targeting Israeli customers using F5’s network devices. The attackers have been reported to leverage wiper malware targeting Windows servers (variant called Hatef) as well as Linux platform (variant called Hamsa). |