#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
DevSecOps

Spear Phishing | Breaking Cybersecurity News | The Hacker News

Category — Spear Phishing
Researchers Uncover Covert Attack Campaign Targeting Military Contractors

Researchers Uncover Covert Attack Campaign Targeting Military Contractors

Sep 29, 2022
A new covert attack campaign singled out multiple military and weapons contractor companies with spear-phishing emails to trigger a multi-stage infection process designed to deploy an unknown payload on compromised machines. The highly-targeted intrusions, dubbed  STEEP#MAVERICK  by Securonix, also targeted a strategic supplier to the F-35 Lightning II fighter aircraft. "The attack was carried out starting in late summer 2022 targeting at least two high-profile military contractor companies," Den Iuzvyk, Tim Peck, and Oleg Kolesnikov  said  in an analysis. Infection chains begin with a phishing mail with a ZIP archive attachment containing a shortcut file that claims to be a PDF document about "Company & Benefits," which is then used to retrieve a stager -- an initial binary that's used to download the desired malware -- from a remote server. This PowerShell stager sets the stage for a "robust chain of stagers" that progresses through seven m...
Russian Hackers Exploiting Microsoft Follina Vulnerability Against Ukraine

Russian Hackers Exploiting Microsoft Follina Vulnerability Against Ukraine

Jun 22, 2022
The Computer Emergency Response Team of Ukraine (CERT-UA) has  cautioned  of a new set of spear-phishing attacks exploiting the "Follina" flaw in the Windows operating system to deploy password-stealing malware. Attributing the intrusions to a Russian nation-state group tracked as APT28 (aka Fancy Bear or Sofacy), the agency said the attacks commence with a lure document titled "Nuclear Terrorism A Very Real Threat.rtf" that, when opened, exploits the recently disclosed vulnerability to download and execute a malware called CredoMap. Follina ( CVE-2022-30190 , CVSS score: 7.8), which concerns a case of remote code execution affecting the Windows Support Diagnostic Tool (MSDT), was addressed by Microsoft on June 14, as part of its Patch Tuesday updates , but not before it was subjected to widespread zero-day exploit activity by numerous threat actors. According to an independent report published by Malwarebytes,  CredoMap  is a variant of the .NET-based credenti...
Watch Out For These 8 Cloud Security Shifts in 2025

Watch Out For These 8 Cloud Security Shifts in 2025

Feb 04, 2025Threat Detection / Cloud Security
As cloud security evolves in 2025 and beyond, organizations must adapt to both new and evolving realities, including the increasing reliance on cloud infrastructure for AI-driven workflows and the vast quantities of data being migrated to the cloud. But there are other developments that could impact your organizations and drive the need for an even more robust security strategy. Let's take a look… #1: Increased Threat Landscape Encourages Market Consolidation Cyberattacks targeting cloud environments are becoming more sophisticated, emphasizing the need for security solutions that go beyond detection. Organizations will need proactive defense mechanisms to prevent risks from reaching production. Because of this need, the market will favor vendors offering comprehensive, end-to-end security platforms that streamline risk mitigation and enhance operational efficiency. #2: Cloud Security Unifies with SOC Priorities Security operations centers (SOC) and cloud security functions are c...
New Saitama backdoor Targeted Official from Jordan's Foreign Ministry

New Saitama backdoor Targeted Official from Jordan's Foreign Ministry

May 13, 2022
A spear-phishing campaign targeting Jordan's foreign ministry has been observed dropping a new stealthy backdoor dubbed Saitama. Researchers from Malwarebytes and Fortinet FortiGuard Labs  attributed  the campaign to an Iranian cyber espionage threat actor tracked under the moniker APT34, citing  resemblances  to past campaigns staged by the group. "Like many of these attacks, the email contained a malicious attachment," Fortinet researcher Fred Gutierrez  said . "However, the attached threat was not a garden-variety malware. Instead, it had the capabilities and techniques usually associated with advanced persistent threats (APTs)." APT34, also known as OilRig, Helix Kitten, and Cobalt Gypsy, is known to be active since at least 2014 and has a track record of striking telecom, government, defense, oil, and financial sectors in the Middle East and North Africa (MENA) via targeted phishing attacks. Earlier this February, ESET  tied  the group to a ...
cyber security

Webinar: 5 Ways New AI Agents Can Automate Identity Attacks | Register Now

websitePush SecurityAI Agents / Identity Security
Watch how Computer-Using Agents can be used by attackers to automate account takeover and exploitation.
This Asia-Pacific Cyber Espionage Campaign Went Undetected for 5 Years

This Asia-Pacific Cyber Espionage Campaign Went Undetected for 5 Years

May 07, 2020
An advanced group of Chinese hackers has recently been spotted to be behind a sustained cyber espionage campaign targeting government entities in Australia, Indonesia, Philippines, Vietnam, Thailand, Myanmar, and Brunei—which went undetected for at least five years and is still an ongoing threat. The group, named 'Naikon APT,' once known as one of the most active APTs in Asia until 2015, carried out a string of cyberattacks in the Asia-Pacific (APAC) region in search of geopolitical intelligence. According to the latest investigation report Check Point researchers shared with The Hacker News, the Naikon APT group had not gone silent for the last 5 years, as initially suspected; instead, it was using a new backdoor, called " Aria-body ," to operate stealthily. "Given the characteristics of the victims and capabilities presented by the group, it is evident that the group's purpose is to gather intelligence and spy on the countries whose governments it ...
Targeted Phishing Attacks Successfully Hacked Top Executives At 150+ Companies

Targeted Phishing Attacks Successfully Hacked Top Executives At 150+ Companies

Apr 30, 2020
In the last few months, multiple groups of attackers successfully compromised corporate email accounts of at least 156 high-ranking officers at various firms based in Germany, the UK, Netherlands, Hong Kong, and Singapore. Dubbed ' PerSwaysion ,' the newly spotted cyberattack campaign leveraged Microsoft file-sharing services—including Sway, SharePoint, and OneNote—to launch highly targeted phishing attacks. According to a report Group-IB Threat Intelligence team published today and shared with The Hacker News, PerSwaysion operations attacked executives of more than 150 companies around the world, primarily with businesses in finance, law, and real estate sectors. "Among these high-ranking officer victims, more than 20 Office365 accounts of executives, presidents, and managing directors appeared." So far successful and still ongoing, most PerSwaysion operations were orchestrated by scammers from Nigeria and South Africa who used a Vue.js JavaScript framewor...
Why Minimizing Human Error is the Only Viable Defense Against Spear Phishing

Why Minimizing Human Error is the Only Viable Defense Against Spear Phishing

Feb 25, 2020
Phishing attacks have become one of the business world's top cybersecurity concerns. These social engineering attacks have been rising over the years, with the most recent report from the Anti-Phishing Working Group coalition identifying over 266,000 active spoofed websites, which is nearly double the number detected during Q4 2018. Hackers have evolved their methods, from regular phishing attacks to spear phishing, where they use email messages disguised as coming from legitimate sources to dupe specific individuals. This is why the global spear phishing protection software market is estimated to reach $1.8 billion by 2025. However, conventional defenses can still fall short due to one particular weakness in the security perimeter – the human factor. Indeed, some 33 percent of 2019's data breaches involved humans falling victim to social engineering attacks. And given how sophisticated and creative the phishing perpetrators have been getting, it's easy to see h...
US Govt Warns Critical Industries After Ransomware Hits Gas Pipeline Facility

US Govt Warns Critical Industries After Ransomware Hits Gas Pipeline Facility

Feb 19, 2020
The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) earlier today issued a warning to all industries operating critical infrastructures about a new ransomware threat that if left unaddressed could have severe consequences. The advisory comes in response to a cyberattack targeting an unnamed natural gas compression facility that employed spear-phishing to deliver ransomware to the company's internal network, encrypting critical data and knocking servers out of operation for almost two days. "A cyber threat actor used a spear-phishing link to obtain initial access to the organization's information technology network before pivoting to its operational technology network. The threat actor then deployed commodity ransomware to encrypt data for impact on both networks," CISA noted in its alert. As ransomware attacks continue to escalate in frequency and scale , the new development is yet another indication that p...
New Group of Hackers Targeting Businesses with Financially Motivated Cyber Attacks

New Group of Hackers Targeting Businesses with Financially Motivated Cyber Attacks

Nov 14, 2019
Security researchers have tracked down activities of a new group of financially-motivated hackers that are targeting several businesses and organizations in Germany, Italy, and the United States in an attempt to infect them with backdoor, banking Trojan, or ransomware malware. Though the new malware campaigns are not customized for each organization, the threat actors appear to be more interested in businesses, IT services, manufacturing, and healthcare industries who possess critical data and can likely afford high ransom payouts. According to a report ProofPoint shared with The Hacker News, the newly discovered threat actors are sending out low-volume emails impersonating finance-related government entities with tax assessment and refund lured emails to targeted organizations. "Tax-themed Email Campaigns Target 2019 Filers, finance-related lures have been used seasonally with upticks in tax-related malware and phishing campaigns leading up to the annual tax filing deadlines in...
GandCrab ransomware and Ursnif virus spreading via MS Word macros

GandCrab ransomware and Ursnif virus spreading via MS Word macros

Jan 25, 2019
Security researchers have discovered two separate malware campaigns, one of which is distributing the Ursnif data-stealing trojan and the GandCrab ransomware in the wild, whereas the second one is only infecting victims with Ursnif malware. Though both malware campaigns appear to be a work of two separate cybercriminal groups, we find many similarities in them. Both attacks start from phishing emails containing an attached Microsoft Word document embedded with malicious macros and then uses Powershell to deliver fileless malware. Ursnif is a data-stealing malware that typically steals sensitive information from compromised computers with an ability to harvest banking credentials, browsing activities, collect keystrokes, system and process information, and deploy additional backdoors. Discovered earlier last year, GandCrab is a widespread ransomware threat that, like every other ransomware in the market, encrypts files on an infected system and insists victims to pay a ransom ...
U.S. Trade Group Hacked by Chinese Hackers ahead of Trump-Xi Trade Summit

U.S. Trade Group Hacked by Chinese Hackers ahead of Trump-Xi Trade Summit

Apr 06, 2017
Researchers have uncovered a Chinese cyber-espionage against the United States ahead of the trade summit on Thursday between US President Donald Trump and China's President Xi Jinping. According to a new report published today by Fidelis Cybersecurity firm, the Chinese APT10 hacking group implanted a piece of malware on the "Events" page of the US National Foreign Trade Council (NFTC) website in February. Dubbed ' Operation TradeSecret ,' the attack against the NFTC site is seen as an attempt to conduct surveillance on the main industry players and lobbyists closely associated with U.S trade policy activities. Researchers say hackers placed a malicious link on the NFTC website, inviting the organization's board of directors to register for a meeting in Washington DC on March 7. But clicking on the link deployed a spying tool called " Scanbox ." Dates back to 2014, Scanbox – previously used by nation-state threat actors associated with the...
Yahoo! Hack! How It Took Just One-Click to Execute Biggest Data Breach in History

Yahoo! Hack! How It Took Just One-Click to Execute Biggest Data Breach in History

Mar 16, 2017
In the digital world, it just takes one click to get the keys to the kingdom. Do you know spear-phishing was the only secret weapon behind the biggest data breach in the history? It's true, as one of the Yahoo employees fell victim to a simple phishing attack and clicked one wrong link that let the hackers gain a foothold in the company's internal networks. You may be familiar with phishing attacks — an attempt to steal user credentials or financial data — while, Spear-phishing is a targeted form of phishing in which attackers trick employees or vendors into providing remote-access credentials or opening a malicious attachment containing an exploit or payload. Here's how the Yahoo's massive data breach was traced back to human error and who were the alleged masterminds behind this hack. On Wednesday, the US government charged two Russian spies (Dmitry Dokuchaev and Igor Sushchin) and two criminal hackers (Alexsey Belan and Karim Baratov) in connection with the 20...
FBI Most Wanted — Three 'Syrian Electronic Army' Hackers Charged for Cyber Crime

FBI Most Wanted — Three 'Syrian Electronic Army' Hackers Charged for Cyber Crime

Mar 23, 2016
Syrian Electronic Army (SEA) Hackers have made their place on the FBI's Most Wanted List. The US Department of Justice and the Federal Bureau of Investigation (FBI) are willing to pay $100,000 reward for any information that leads to the arrest of the heads of the infamous hacking group Syrian Electronic Army. On Tuesday, the DoJ unsealed charges against three suspected members of the alleged group: Ahmad Umar Agha (aka The Pro), 22 Firas Dardar (aka The Shadow), 27 Peter Romar , 36 Agha and Dardar were allegedly involved in hacking Associated Press Twitter account in April 2013 and spreading a false rumor claiming that the White House had been bombed, injuring President Obama. This caused a temporary stock market dip. The two hackers allegedly engaged in a long-running cyber-propaganda campaign in support of the Syrian President Bashar al‑Assad. They hacked into various Twitter accounts of the main news organizations from 2011 to 2013. Their victims...
FBI Director says 'Sloppy' Sony Hackers Left Clues that Point to North Korea

FBI Director says 'Sloppy' Sony Hackers Left Clues that Point to North Korea

Jan 08, 2015
The hackers group responsible for the last year's largest hacking attack on Sony Pictures Entertainment left many clues which proves that the Sony's hackers , who called themselves Guardians of Peace (GOP) , linked to North Korea, as claimed by the Federal Bureau of Investigation (FBI). Speaking at the International Conference on Cyber Security (ICCS) at Fordham University in New York on Wednesday, the director of the FBI defended his bureau's claim and said that the North Korean government was involved in the massive cyber attack against Sony Pictures – saying skeptics " don't have the facts that I have ." " There's not much I have high confidence about, " James Comey said, as reported by the FBI New York field office's official Twitter feed. " I have very high confidence... on North Korea. " According to Comey, the hackers usually relied on proxy connections to hide their real IP address each time they sent threatening ...
New BlackEnergy Crimeware Enhanced to Target Linux Systems and Cisco Routers

New BlackEnergy Crimeware Enhanced to Target Linux Systems and Cisco Routers

Nov 05, 2014
Security researchers at Kaspersky Lab have unearthed new capabilities in the BlackEnergy Crimeware weapon that has now ability to hacking  routers , Linux systems and Windows, targeting industry through Cisco network devices. The antivirus vendor's Global Research & Analysis Team released a report Monday detailing some of the new " relatively unknown " custom plug-in capabilities that the cyber espionage group has developed for BlackEnergy to attack Cisco networking devices and target ARM and MIPS platforms. The malware was upgraded with custom plugins including Ciscoapi.tcl which targets The Borg's kit, and According to researchers, the upgraded version contained various wrappers over Cisco EXEC-commands and " a punchy message for Kaspersky , " which reads, " F*uck U, Kaspersky!!! U never get a fresh B1ack En3rgy. So, thanks C1sco 1td for built-in backd00rs & 0-days. " BlackEnergy malware program was originally created and used by cy...
Microsoft Windows Zero-Day Vulnerability "CVE-2014-4114" Used to Hack NATO

Microsoft Windows Zero-Day Vulnerability "CVE-2014-4114" Used to Hack NATO

Oct 14, 2014
Once again a Russian cyber espionage group has gained media attention by exploiting a Zero-day vulnerability in Microsoft's Windows operating system to spy on the North Atlantic Treaty Organization ( NATO ), Ukrainian and Polish government agencies, and a variety of sensitive European industries over the last year. ZERO-DAY VULNERABILITY IN MICROSOFT WINDOWS Researchers at cyber intelligence firm iSight Partners have discovered a zero-day vulnerability that impacts desktop and server versions of Windows, from Vista and Server 2008 to current versions. They also uncovered a latest cyber-spying campaign - suspected to be based in Russia - that uses this Zero-day vulnerability ( CVE-2014-4114 ) to target government leaders and institutions for nearly five years. The recently detected Russian hacking group is dubbed as " Sandworm Team " by iSIGHT Partners because it found references to the Frank Herbert's " Dune " science fiction series in the malici...
WinRAR File Extension Spoofing vulnerability allows Hackers to Hide Malware

WinRAR File Extension Spoofing vulnerability allows Hackers to Hide Malware

Apr 02, 2014
Imagine, You Open a Winrar archive of MP3 files, but what if it will install a malware into your system when you play anyone of them. WinRAR, a widely used file archiver and data compression utility helps hackers to distribute malicious code. Israeli security researcher  Danor Cohen (An7i)   discovered the WinRAR file extension spoofing vulnerability. WinRAR file extension spoofing vulnerability allows hackers to modify the filename and extension inside the traditional file archive, that helps them to hide binary malicious code inside an archive, pretending itself as '.jpg' , '.txt' or any other format. Using a Hex editor tool, he analysed a ZIP file and noticed that winrar tool also adds some custom properties to an archive, including two names - First name is the original filename (FAX.png) and second name is the filename (FAX.png) that will appear at the WINRAR GUI window. Danor manipulated the second filename and extension to prepare a special Z...
Expert Insights / Articles Videos
Cybersecurity Resources