Fangxiao spoofs big brands, Instagram impersonators target students and Feds’ Hive warning
Cybersecurity campaign spoofs over 400 brands, cyberattackers target U.S. university students with Instagram phishing and Feds’ warning on Hive ransomware. Catch all this and more in this week’s edition of Cybersecurity Weekly.
Should you pay the ransom?
1. Long-standing Chinese cybercrime campaign spoofs over 400 brands
Threat intelligence company Cyjax has uncovered a cybercrime campaign spoofing over 400 well-known brands. Designed by the malicious Chinese for-profit group Fangxiao, the campaign involves threat actors sending links to websites impersonating brands like Coca-Cola, Unilever, Emirates, and McDonald’s on WhatsApp. Physical or financial incentives trick potential victims into spreading the campaign further, and victims are served scams or malware instead.
2. Instagram impersonators target thousands, slipping by Microsoft's cybersecurity
The Armorblox research team has identified a socially engineered attack aimed at university students in the U.S. The attack impersonated Instagram and began with an email with a subject line informing would-be victims that there was an unusual login on their account. The email’s body contained details specific to the receipt, like their Instagram handle, to instill a level of trust. Attackers aimed to lure victims into visiting a fake landing page they created to exfiltrate user credentials.
3. Hive ransomware actors have extorted over $100M from victims, says Feds
A joint advisory released by the FBI, the Department of Health and Human Services (HHS), and the U.S. Cybersecurity and Infrastructure Agency (CISA) has warned of a ransomware gang named Hive. The advisory revealed that Hive extorted more than $100 million in ransom payments from over 1,300 firms worldwide. Victims include organizations from a wide range of critical infrastructure sectors and industries, focusing on public health and healthcare entities.
4. Lazarus backdoor DTrack evolves to target Europe and Latin America
A Kaspersky advisory states the backdoor DTrack, which allows cybercriminals to upload, download, launch or delete files on a victim’s system, is still being used to target Latin American and European organizations. Among the executed and downloaded files already present in the standard DTrack toolset, the firm spotted a screenshot, a keylogger and a module for collecting victims’ host information. With such a toolset, adversaries can laterally move into the victims’ infrastructure and retrieve compromised information.
5. Chinese hackers use Google Drive to drop malware on government networks
Trend Micro researchers report that State-sponsored Chinese hackers launched spearphishing attacks to deploy malware in Google Drive on global research, academic, and government organizations’ systems. The researchers have attributed the campaign to the threat group Mustang Panda. The threat actors leveraged Google accounts to send victims email messages with links pointing to Google Drive or Dropbox folders. The legitimate platforms’ links made these emails look less suspicious, enabling them to bypass security mechanisms.
See Infosec IQ in action