» Threat Intelligence Blog

Summary In early October 2024, EclecticIQ analysts discovered a large-scale phishing campaign targeting e-commerce shoppers in Europe and the USA. This campaign, which capitalized on the heightened online shopping activity around Black Friday, is believed to have been orchestrated by a Chinese financially motivated threat actor, referred to as SilkSpecter. The campaign enticed victims with fake discounted…

Executive Summary Researchers from ClearSky Cyber Security has uncovered a new cyber espionage campaign attributed to TA455, a subgroup of the Iranian cyber threat actor known as Charming Kitten (also known as APT35). The cyber espionage campaign, which has been active since at least September 2023, has targeted critical industry sector entities in the aerospace, aviation, and…

Summary Since October 22, 2024, Microsoft Threat Intelligence has observed recorded activity of the Russian threat actor known as Midnight Blizzard conducting a sophisticated spear-phishing campaign aimed at individuals in various sectors, including government, academia, defense, and non-governmental organizations. This ongoing activity involves sending highly targeted emails, which include a signed Remote Desktop Protocol (RDP) configuration file…

Summary A significant data breach involving Hot Topic, Torrid, and Box Lunch, advertised by the threat actor Satanic, has reportedly exposed the personal data of 350 million customers, including names, emails, addresses, phone numbers, and birthdates, billions of payment details and loyalty points, including the last 4 digits of customers’ credit cards, card types, hashed…

Summary APT41, also known as Brass Typhoon, Wicked Panda, and Winnti, a Chinese state-sponsored threat actor, has been linked to a sophisticated cyber campaign targeting the gambling and gaming industry, according to a new report from security company Security Joes. Over at least six months, APT41 shifted from traditional espionage to financially motivated attacks, using techniques like…