#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Phishing Attack | Breaking Cybersecurity News | The Hacker News

Category — Phishing Attack
Financially Motivated UNC3944 Threat Actor Shifts Focus to Ransomware Attacks

Financially Motivated UNC3944 Threat Actor Shifts Focus to Ransomware Attacks

Sep 18, 2023 Threat Intelligence / Ransomware
The financially motivated threat actor known as  UNC3944  is pivoting to ransomware deployment as part of an expansion to its monetization strategies, Mandiant has revealed. "UNC3944 has demonstrated a stronger focus on stealing large amounts of sensitive data for extortion purposes and they appear to understand Western business practices, possibly due to the geographical composition of the group," the threat intelligence firm  said . "UNC3944 has also consistently relied on publicly available tools and legitimate software in combination with malware available for purchase on underground forums." The group, also known by the names 0ktapus, Scatter Swine, and Scattered Spider, has been active since early 2022, adopting phone-based social engineering and SMS-based phishing to obtain employees' valid credentials using bogus sign-in pages and infiltrate victim organizations, mirroring tactics adopted by another group called  LAPSUS$ . While the group originall
W3LL Store: How a Secret Phishing Syndicate Targets 8,000+ Microsoft 365 Accounts

W3LL Store: How a Secret Phishing Syndicate Targets 8,000+ Microsoft 365 Accounts

Sep 06, 2023 Cyber Crime / Email Security
A previously undocumented "phishing empire" has been linked to cyber attacks aimed at compromising Microsoft 365 business email accounts over the past six years. "The threat actor created a hidden underground market, named W3LL Store, that served a closed community of at least 500 threat actors who could purchase a custom phishing kit called W3LL Panel, designed to bypass MFA, as well as 16 other fully customized tools for business email compromise (BEC) attacks," Group-IB  said  in a report shared with The Hacker News. The phishing infrastructure is estimated to have targeted more than 56,000 corporate Microsoft 365 accounts and compromised at least 8,000 of them, primarily in the U.S., the U.K., Australia, Germany, Canada, France, the Netherlands, Switzerland, and Italy between October 2022 and July 2023, netting its operators $500,000 in illicit profits. Some of the prominent sectors infiltrated using the phishing solution include manufacturing, IT, consultin
Shining a Light on Shadow Apps: The Invisible Gateway to SaaS Data Breaches

Shining a Light on Shadow Apps: The Invisible Gateway to SaaS Data Breaches

Sep 10, 2024SaaS Security / Risk Management
Shadow apps, a segment of Shadow IT, are SaaS applications purchased without the knowledge of the security team. While these applications may be legitimate, they operate within the blind spots of the corporate security team and expose the company to attackers.  Shadow apps may include instances of software that the company is already using. For example, a dev team may onboard their own instance of GitHub to keep their work separate from other developers. They might justify the purchase by noting that GitHub is an approved application, as it is already in use by other teams. However, since the new instance is used outside of the security team's view, it lacks governance. It may store sensitive corporate data and not have essential protections like MFA enabled, SSO enforced, or it could suffer from weak access controls. These misconfigurations can easily lead to risks like stolen source code and other issues. Types of Shadow Apps  Shadow apps can be categorized based on their interac
Expert Insights / Articles Videos
Cybersecurity Resources