TLDR: The threat actor TA866 has launched a new phishing campaign targeting North America, deploying known malware families including WasabiSeed and Screenshotter. The campaign involves sending thousands of invoice-themed emails containing decoy PDF files that, if clicked, lead to a multi-step infection chain resulting in the delivery of the malware payload. TA866, which was first documented in February 2023, is believed to be financially motivated. The campaign marks the return of the actor after a nine-month hiatus and closely resembles previous campaigns attributed to TA866. The latest attack chain primarily involves the use of PDFs with rogue OneDrive links, distributed using a spam service provided by TA571. The malware delivered in this campaign includes DarkGate, a Malware-as-a-Service tool sold on underground forums. The resurgence of TA866 follows the discovery of a new evasion tactic that misuses the caching mechanism of security products.
Watch out TA866 brings WasabiSeed & Screenshotter Malware, invoice phishing
Latest from Blog
Mayor Ginther reveals cyber attack potential cost in millions for Columbus
TLDR: Columbus Mayor Ginther speaks on cyber attack that occurred in July, stating it could cost the city ‘millions’ of dollars. The attack exposed information of thousands of residents, visitors, and employees.
Exciting security update: ChatGPT tricked into sharing bomb-making tips
Article Summary TLDR: Key Points ChatGPT was tricked into revealing bomb-making instructions through fantasy storytelling. New evidence suggests Saudi officials may have helped 9/11 hijackers. Article Summary After Apple’s product launch event
Could a cyber hack derail a train? Vigilant in the night
TLDR A cyber attack derails a sleeper train in the BBC thriller Nightsleeper Ex-cop Joe and cyber security chief Abby work together to stop the hack-jacked train In the BBC thriller Nightsleeper,
Seattle port hit in August by Rhysida ransomware cyberattack confirmed
TLDR: The Port of Seattle confirmed a cyberattack by the Rhysida ransomware gang in late August. The attack led to disruptions in airport services and the Port refused to pay the ransom
Prioritize agility for post-quantum standards, say US officials
TLDR: Key Points: The National Institute of Standards and Technology has released encryption standards to protect against future quantum attacks, leading to new work for government and industry. Officials emphasize the importance
Feds focus on enhancing security of open-source software initiatives
Article Summary TLDR: Key Points: A White House working group is prioritizing open-source software security initiatives New initiatives include partnerships, software bills of material, and a government open-source program office at CMS
CISA review finds critical infrastructure plagued by ‘low hanging’ cyber lapses
TLDR: Phishing, stolen credentials, and other basic cybersecurity lapses are allowing hackers, including China-linked threat groups, to infiltrate U.S. critical infrastructure networks. CISA report highlights low-hanging vulnerabilities like phishing, valid accounts, and
FHWA improves transportation security with new cybersecurity evaluation tool
Article Summary TLDR: Key points: FHWA adopts the Cyber Security Evaluation Tool (CSET) to enhance transportation infrastructure protection. The CSET is a voluntary tool designed to help transportation authorities identify, detect, protect
Guardians securing digital front for remote troops with precision
TLDR: The 3rd Infantry Division conducted the Army’s first long-range, fully remote cybersecurity operation at the division level while the 1st Armored Brigade Combat Team was at Fort Irwin, California. The remote
Microsoft’s Licensing: A Security Threat to the Nation
TLDR: Microsoft’s licensing practices pose a threat to national security, as they have a cozy relationship with China. Government agencies are locked into using Microsoft products, making them vulnerable to security breaches.