spear phishing

Russian cybercriminals have added a new feather to their well-worn capes of mischief, now targeting Microsoft account holders by exploiting the trust we put into Signal and WhatsApp—apps once considered bastions of privacy. If you’re an IT professional, human rights advocate, or simply a...

In a recent development, Russian threat actors identified as UTA0352 and UTA0355 have been targeting Ukraine-linked nongovernmental organizations (NGOs) by exploiting the OAuth protocol to compromise Microsoft 365 accounts. The Mechanics of the Attack The attackers initiated their campaign with...

In the ever-shifting realm of cybersecurity, threat actors continue to refine their methods—and the latest report from KnowBe4’s CyberheistNews Vol 15 #08 reveals a chilling new approach. Russian threat groups, including the notorious SVR’s Cozy Bear, are exploiting a little-known authentication...

Cybercriminals continue to evolve their tactics, and the latest intelligence from KnowBe4 reveals yet another level of sophistication in spear-phishing campaigns. In a detailed blog update from KnowBe4, Russian threat actors—including groups linked to the SVR’s notorious Cozy Bear—are leveraging...

In a striking demonstration of cybercrime ingenuity, a sophisticated Chinese APT group—known as Mustang Panda—has been found exploiting a legitimate Windows tool to slip past antivirus defenses. This emerging threat, uncovered by threat researchers at Trend Micro, involves the abuse of...

In today’s rapidly evolving cybersecurity landscape, even the most trusted platforms can become targets for sophisticated attacks. Recent research from Volexity, as featured on the KnowBe4 Blog, has revealed that Russian threat actors—among them the notorious SVR-linked Cozy Bear—are leveraging...

In a sophisticated twist on traditional cyberattacks, a spear-phishing campaign is now targeting Microsoft 365 accounts by hijacking the genuine device code authentication process. This emerging attack vector, steeped in deception and ingenuity, transforms a legitimate login mechanism into a...

The world of cybersecurity continues to be as exhilarating as a high-speed car chase in a spy thriller, and as of mid-November 2024, the antics of Russian threat actor Star Blizzard, also known to some as SEABORGIUM, have taken center stage yet again. This time, their target is none other than...

In a chilling reminder of the ever-looming cybersecurity threats we face, the Cybersecurity and Infrastructure Security Agency (CISA) recently announced a widespread spear-phishing campaign targeting organizations across various sectors, including government and information technology. Threat...

Original release date: July 20, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. Note: CISA released technical information...

Original release date: May 28, 2021 Summary The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are responding to a spearphishing campaign targeting government organizations, intergovernmental organizations (IGOs), and non-governmental...

Original release date: March 17, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency...

Original release date: February 17, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. This joint advisory is the result of analytic efforts...

Original release date: October 27, 2020 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 7 framework. See the ATT&CK for Enterprise version 7 for all referenced threat actor tactics and techniques. This joint cybersecurity advisory...

Original release date: October 22, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are warning that Iranian advanced persistent threat (APT) actors are likely intent on influencing and interfering with the U.S. elections to...

Original release date: September 22, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise frameworks for all referenced threat actor techniques. This product was written by the Cybersecurity and...

Original release date: September 14, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA) has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources and common, well-known tactics...

Original release date: February 18, 2020 | Last revised: June 30, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) framework. See the MITRE ATT&CK for Enterprise and Link Removed frameworks for all referenced threat actor...

Original release date: February 18, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) framework. See the MITRE ATT&CK for Enterprise and Link Removed frameworks for all referenced threat actor techniques and mitigations. CISA...

Original release date: October 2, 2018 | Last revised: December 21, 2018 Systems Affected Retail Payment Systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS), the Department of the Treasury (Treasury), and the...