Tag phishing

FBI Warns Law Firms of Luna Moth’s Stealthy Phishing Campaign

May 27, 2025
Data Breach / Social Engineering

The FBI has issued a warning regarding a series of social engineering attacks targeting law firms, attributed to a criminal group known as Luna Moth. This campaign has been ongoing for the past two years, utilizing IT-themed social engineering calls and callback phishing emails to gain remote access to devices and steal sensitive information for extortion purposes. Also referred to as Chatty Spider, Silent Ransom Group (SRG), Storm-0252, and UNC3753, Luna Moth has been active since at least 2022, primarily employing a tactic called callback phishing, or Telephone-Oriented Attack Delivery (TOAD), to deceive users into calling phone numbers found in seemingly innocuous phishing emails related to invoices and subscription payments. Notably, Luna Moth is the same hacking group responsible for the previous BazarCall campaigns that deployed ransomware such as Conti.

FBI Warns Law Firms of Luna Moth’s Covert Phishing Operations May 27, 2025 Data Breach / Social Engineering The Federal Bureau of Investigation (FBI) has issued a significant alert regarding a series of sophisticated social engineering attacks orchestrated by a criminal group known as Luna Moth. This group has specifically…

Read More

FBI Warns Law Firms of Luna Moth’s Stealthy Phishing Campaign

May 27, 2025
Data Breach / Social Engineering

The FBI has issued a warning regarding a series of social engineering attacks targeting law firms, attributed to a criminal group known as Luna Moth. This campaign has been ongoing for the past two years, utilizing IT-themed social engineering calls and callback phishing emails to gain remote access to devices and steal sensitive information for extortion purposes. Also referred to as Chatty Spider, Silent Ransom Group (SRG), Storm-0252, and UNC3753, Luna Moth has been active since at least 2022, primarily employing a tactic called callback phishing, or Telephone-Oriented Attack Delivery (TOAD), to deceive users into calling phone numbers found in seemingly innocuous phishing emails related to invoices and subscription payments. Notably, Luna Moth is the same hacking group responsible for the previous BazarCall campaigns that deployed ransomware such as Conti.

North Korean Hackers Initiate New Cyber Attack Against South Korea

Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime, Geo Focus: Asia Report: North Korean Hacking Group Incorporates Ransomware into Cyber Operations Chris Riotta (@chrisriotta) • August 14, 2025 Image: Shutterstock Recent findings from South Korean cybersecurity researchers have revealed a robust cyberattack campaign attributed to the North Korean hacker group…

Read MoreNorth Korean Hackers Initiate New Cyber Attack Against South Korea

Astaroth Banking Malware Emerges in Brazil Through Targeted Spear-Phishing Campaign

On October 16, 2024, Cyber Attack / Banking Trojan

A new spear-phishing initiative in Brazil has been discovered, spreading the banking malware Astaroth (also known as Guildma) through obfuscated JavaScript to evade security measures. According to Trend Micro’s recent analysis, this campaign has particularly affected various sectors, including manufacturing, retail, and government agencies. Malicious emails often disguise themselves as official tax documents, exploiting the urgency of personal income tax submissions to lure victims into downloading the malware. Trend Micro is monitoring this cluster of threat activity under the name Water Makara. Additionally, Google’s Threat Analysis Group (TAG) has identified a similar campaign, dubbed PINEAPPLE, that also targets Brazilian users with the same malware. Both operations begin with phishing messages masquerading as communications from official entities.

Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack On October 16, 2024, reports surfaced detailing a resurgence of the Astaroth banking malware, also known as Guildma, targeting Brazilian entities through a sophisticated spear-phishing campaign. The ongoing threat involves the use of obfuscated JavaScript to bypass traditional security measures, allowing…

Read More

Astaroth Banking Malware Emerges in Brazil Through Targeted Spear-Phishing Campaign

On October 16, 2024, Cyber Attack / Banking Trojan

A new spear-phishing initiative in Brazil has been discovered, spreading the banking malware Astaroth (also known as Guildma) through obfuscated JavaScript to evade security measures. According to Trend Micro’s recent analysis, this campaign has particularly affected various sectors, including manufacturing, retail, and government agencies. Malicious emails often disguise themselves as official tax documents, exploiting the urgency of personal income tax submissions to lure victims into downloading the malware. Trend Micro is monitoring this cluster of threat activity under the name Water Makara. Additionally, Google’s Threat Analysis Group (TAG) has identified a similar campaign, dubbed PINEAPPLE, that also targets Brazilian users with the same malware. Both operations begin with phishing messages masquerading as communications from official entities.

Hackers Exploit PDFs to Impersonate Microsoft, DocuSign, and Others in Callback Phishing Schemes

Cybersecurity experts have raised alarms about phishing campaigns that mimic well-known brands, deceiving victims into calling phone numbers managed by cybercriminals. According to Cisco Talos researcher Omid Mirzaei, “A notable percentage of email threats featuring PDF payloads persuade victims to dial adversary-controlled numbers, showcasing a prevalent social engineering tactic referred to as Telephone-Oriented Attack Delivery (TOAD) or callback phishing.” An analysis of phishing emails with PDF attachments from May 5 to June 5, 2025, found that Microsoft and DocuSign were the most frequently impersonated brands. Other notable targets in TOAD emails included NortonLifeLock, PayPal, and Geek Squad. This surge in activity forms part of broader phishing efforts that leverage the trust associated with popular brands to provoke harmful actions. Typically, these messages include PDF attachments…

Hackers Target Users with PDF-Based Callback Phishing Impersonating Microsoft and DocuSign July 2, 2025 Recent findings from cybersecurity experts highlight an alarming trend in phishing attacks that exploit the trust associated with reputable brands such as Microsoft and DocuSign. These campaigns leverage PDF attachments to manipulate unsuspecting victims into calling…

Read More

Hackers Exploit PDFs to Impersonate Microsoft, DocuSign, and Others in Callback Phishing Schemes

Cybersecurity experts have raised alarms about phishing campaigns that mimic well-known brands, deceiving victims into calling phone numbers managed by cybercriminals. According to Cisco Talos researcher Omid Mirzaei, “A notable percentage of email threats featuring PDF payloads persuade victims to dial adversary-controlled numbers, showcasing a prevalent social engineering tactic referred to as Telephone-Oriented Attack Delivery (TOAD) or callback phishing.” An analysis of phishing emails with PDF attachments from May 5 to June 5, 2025, found that Microsoft and DocuSign were the most frequently impersonated brands. Other notable targets in TOAD emails included NortonLifeLock, PayPal, and Geek Squad. This surge in activity forms part of broader phishing efforts that leverage the trust associated with popular brands to provoke harmful actions. Typically, these messages include PDF attachments…

Surge in Leaked Credentials: Up 160%—Understanding the Tactics of Cyber Attackers

Leaked Credentials Surge by 160%: Unpacking the Threat Landscape August 8, 2025 Identity Protection / Endpoint Security The digital landscape has witnessed a striking surge in credential leaks, a development that carries profound implications for organizations across sectors. Though the immediate ramifications may not be overtly apparent, the long-term effects…

Read More

Surge in Leaked Credentials: Up 160%—Understanding the Tactics of Cyber Attackers

Supply Chain Attacks on Open Source Software are Becoming Unmanageable

Critical Supply-Chain Attacks Target Developers with Malicious npm and PyPI Packages Recent reports have surfaced regarding a string of supply-chain attacks targeting developers on npm and PyPI, resulting in the distribution of malicious packages designed to compromise systems and steal sensitive information. These incidents highlighted a significant vulnerability within open-source…

Read MoreSupply Chain Attacks on Open Source Software are Becoming Unmanageable

BBB Shares Tips to Help You Prevent Data Breaches

Rising Threat of Data Breaches: Protecting Your Business and Personal Information In recent months, numerous companies have reported data breaches that have compromised sensitive customer information, highlighting a growing concern among businesses across various sectors. Cybercriminals exploit malware and security vulnerabilities to access this information, often reselling it on the…

Read MoreBBB Shares Tips to Help You Prevent Data Breaches

China-Supported Hackers Ramp Up Attacks on Taiwan’s Chip Manufacturing Sector

Anti-Phishing, DMARC, Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime State-Sponsored Groups Target Semiconductor Sector with Spear-Phishing Attacks Prajeet Nair (@prajeetspeaks) • July 17, 2025 Chinese state-aligned hackers have escalated their espionage tactics against Taiwan’s semiconductor ecosystem through concentrated spear-phishing efforts. (Image: Shutterstock) Chinese state-aligned hackers are intensifying their espionage…

Read MoreChina-Supported Hackers Ramp Up Attacks on Taiwan’s Chip Manufacturing Sector