#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

Phishing Attack | Breaking Cybersecurity News | The Hacker News

Financially Motivated UNC3944 Threat Actor Shifts Focus to Ransomware Attacks

Financially Motivated UNC3944 Threat Actor Shifts Focus to Ransomware Attacks

Sep 18, 2023 Threat Intelligence / Ransomware
The financially motivated threat actor known as  UNC3944  is pivoting to ransomware deployment as part of an expansion to its monetization strategies, Mandiant has revealed. "UNC3944 has demonstrated a stronger focus on stealing large amounts of sensitive data for extortion purposes and they appear to understand Western business practices, possibly due to the geographical composition of the group," the threat intelligence firm  said . "UNC3944 has also consistently relied on publicly available tools and legitimate software in combination with malware available for purchase on underground forums." The group, also known by the names 0ktapus, Scatter Swine, and Scattered Spider, has been active since early 2022, adopting phone-based social engineering and SMS-based phishing to obtain employees' valid credentials using bogus sign-in pages and infiltrate victim organizations, mirroring tactics adopted by another group called  LAPSUS$ . While the group originall
W3LL Store: How a Secret Phishing Syndicate Targets 8,000+ Microsoft 365 Accounts

W3LL Store: How a Secret Phishing Syndicate Targets 8,000+ Microsoft 365 Accounts

Sep 06, 2023 Cyber Crime / Email Security
A previously undocumented "phishing empire" has been linked to cyber attacks aimed at compromising Microsoft 365 business email accounts over the past six years. "The threat actor created a hidden underground market, named W3LL Store, that served a closed community of at least 500 threat actors who could purchase a custom phishing kit called W3LL Panel, designed to bypass MFA, as well as 16 other fully customized tools for business email compromise (BEC) attacks," Group-IB  said  in a report shared with The Hacker News. The phishing infrastructure is estimated to have targeted more than 56,000 corporate Microsoft 365 accounts and compromised at least 8,000 of them, primarily in the U.S., the U.K., Australia, Germany, Canada, France, the Netherlands, Switzerland, and Italy between October 2022 and July 2023, netting its operators $500,000 in illicit profits. Some of the prominent sectors infiltrated using the phishing solution include manufacturing, IT, consultin
Cybersecurity
Expert Insights
Cybersecurity Resources