Threat Actors Team Up for Post-Holiday Phishing Email Surge

Last week, two different threat actors teamed up to send thousands of post-holiday-break phishing emails destined for North American organizations.
Other than volume, the campaign was fairly standard fare.
What's more interesting, perhaps, is the timing of the campaign - and the relationship of the perpetrators behind it.
To the more interesting point, the main culprit, which Proofpoint tracks as TA866, was nearly silent for nine months prior.
Its co-conspirator, TA571, seems to have been offline during the winter break.
After enjoying some hot chocolates and holiday cheer, the former threat actor used the latter threat actor to successfully deliver its low-grade malicious content on a mass scale.
Spammers Team up with Traffic Distributors TA866 has been active since at least October 2022.
In its first few weeks of operation it was relatively tame, sending only a limited number of emails to a small number of organizations.
By the end of 2022, the group started linking to the URLs of malicious content via traffic distribution systems.
TDSes are an increasingly popular middleman of the cyber underground, connecting phishers to malicious content providers and filtering the victim traffic in between for maximum profit.
Just as quickly as it made this switch, TA866's campaigns exploded to thousands of emails per go-around.
It seems to be sticking with that formula, as this latest campaign utilizes TA571's TDS to distribute the malicious PDFs. TA866 isn't TA571's only partner-in-crime, though.
It has become clear that BattleRoyal, too, was making use of TA571's services.
Previous TA866 campaigns involved the Rhadamanthys stealer, a Dark Web offering used for nabbing crypto wallets, Steam accounts, passwords from browsers, FTP clients, chat clients, email clients, VPN configurations, cookies, files, and more.
Major Threat Actors Take a Holiday Besides the TDS partnerships, the timing of last week's attack may also reflect something deeper about today's cybercrime underground.
Just as surely as Mariah Carey can be heard on the radio right around the turn of winter every year, the cybersecurity community raises warning flags about incoming holiday attacks.
Emotet used to be the best example for this, regularly dropping off in December through mid-January.
Larson also notes that in some parts of the world, the holiday season extends deeper into January than it does in the US. In other words, the more serious threat actors who took Christmas off may just be getting back online around now.


This Cyber News was published on www.darkreading.com. Publication date: Thu, 18 Jan 2024 22:50:04 +0000


Cyber News related to Threat Actors Team Up for Post-Holiday Phishing Email Surge

Staying ahead of threat actors in the age of AI - At the same time, it is also important for us to understand how AI can be potentially misused in the hands of threat actors. In collaboration with OpenAI, today we are publishing research on emerging threats in the age of AI, focusing on identified ...
9 months ago Microsoft.com
The 6 Best Email Security Software & Tools of 2024 - To guarantee full protection against email threats, important features to consider when picking an email security solution include email filtering and spam detection, sandboxing, mobile support, advanced machine learning, and data loss prevention. ...
1 month ago Esecurityplanet.com
Spear Phishing vs Phishing: What Are The Main Differences? - Almost half of them used phishing to obtain the passwords of users. Highly targeted phishing campaigns against specific individuals or types of individuals are known as spear phishing. It's important to be able to spot phishing in general. For ...
9 months ago Techrepublic.com
What SOCs Need to Know About Water Dybbuk - According to the Federal Bureau of Investigation, BEC costs victims more money than ransomware, with an estimated US$2.4 billion being lost to BEC in the US in 2021. Recently, BEC scammers have been using stolen accounts from legitimate Simple Mail ...
1 year ago Trendmicro.com
Flipping the BEC funnel: Phishing in the age of GenAI - For years, phishing was just a numbers game: A malicious actor would slap together an extremely generic email and fire it out to thousands of recipients in the hope that a few might take the bait. Common among these new techniques was a shift towards ...
10 months ago Helpnetsecurity.com
Combat Phishing Attacks With AI-Powered Threat Protection - According to statistics, 81% of organizations have seen an increase in phishing emails since 2020, with an estimated 3.4 billion emails sent every day. AI-generated phishing emails are a sophisticated and evolving cybersecurity threat. ...
9 months ago Gbhackers.com
Threat Actors Team Up for Post-Holiday Phishing Email Surge - Last week, two different threat actors teamed up to send thousands of post-holiday-break phishing emails destined for North American organizations. Other than volume, the campaign was fairly standard fare. What's more interesting, perhaps, is the ...
10 months ago Darkreading.com
Threat actors misuse OAuth applications to automate financially driven attacks - Threat actors are misusing OAuth applications as an automation tool in financially motivated attacks. Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious ...
11 months ago Microsoft.com
The 3 Most Prevalent Cyber Threats of the Holidays - As many of us deck the halls, some folks are preparing for the cybersecurity holiday season - that perilous time of year rife with breaches, attacks, and threats in far greater frequency than in any other time of year. The surge in cyber business is ...
11 months ago Darkreading.com
Splunk: AI isn't making spear phishing more effective - Despite increased concerns, AI tools won't give adversaries an advantage when it comes to sending effective phishing emails, according to new research by Splunk's Surge security research team. In a blog post Thursday, Tamara Chacon, security ...
11 months ago Techtarget.com
TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793 - As part of this analysis, we look at threat actor TTPs employed throughout the intrusion and how they were identified and pieced together by the FortiGuard IR team. The following section of this report focuses on the activities of one of these threat ...
11 months ago Feeds.fortinet.com
Operation Morpheus took down 593 Cobalt Strike servers used by threat actors - Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Experts released PoC exploit code for a critical bug in Progress Telerik Report Servers. Threat actors may have exploited a zero-day in older iPhones, Apple warns. Nation-state ...
4 months ago Securityaffairs.com
Preparing for the Holiday Ransomware Storm - Particularly in a subset of industries, these teams find their organizations squarely in the crosshairs of cybercriminals during the holiday period, looking to profit. These industries' increased time sensitivity, criticality, and importance during ...
10 months ago Securityboulevard.com
Phishing Campaign Exploits Open Redirection Vulnerability In 'Indeed.com' - Phishing remains one of the most prevalent challenges facing organisations, with more than three billion malicious emails estimated to be sent around the world every day. Owing to the prevalence of the problem, Verizon's 2023 Data Breach ...
8 months ago Cyberdefensemagazine.com
"Quishing" you a Happy Holiday Season - QR Code phishing scams - What they are and how to avoid them. Originally invented to keep track of car parts in the early 90s, QR codes have been around for decades. Quishing, or QR Code phishing, exploits smartphone users scanning the 2D barcode, ...
11 months ago Netcraft.com
The Future of Phishing Email Training for Employees in Cybersecurity - One common method they use is through phishing emails. To counter this changing threat, companies must give importance to providing phishing email training for employees on identifying and responding properly to phishing attempts. Standard training ...
6 months ago Hackread.com
Email Security Trends And Predictions in 2024 - One of the most critical aspects of this broad topic is email security. Email security refers to the collective measures used to secure the access and content of an email account or service. An email service provider implements email security to ...
11 months ago Cybersecuritynews.com
USPS Delivery Phishing Scam Exploits SaaS Providers to Steal Data - A new USPS Delivery Phishing Scam has surfaced, in which scammers are exploiting Freemium Dynamic DNS and SaaS Providers to steal victims' login credentials and other data. Cybersecurity researchers at Bloster AI have uncovered a new USPS Delivery ...
11 months ago Hackread.com
The SANS Holiday Hack Challenge is back! The Register - Review and manage your consent Here's an overview of our use of cookies, similar technologies and how to manage them. Webinar Whether you are considering a career in cyber security or you already work in the industry, the 2023 SANS Holiday Hack ...
11 months ago Go.theregister.com
Business Email Compromise Scams: Prevention and Response - We will also highlight red flags to watch out for in suspicious emails, emphasizing the importance of implementing robust email authentication methods and comprehensive employee training programs to enhance awareness and response capabilities. BEC ...
10 months ago Securityzap.com
Secure email gateways struggle to keep pace with sophisticated phishing campaigns - In 2023, malicious email threats bypassing secure email gateways increased by more than 100%, according to Cofense. In just two years, Cofense identified over 1.5 million malicious emails bypassing their customers' SEGs, signaling a 37% increase in ...
8 months ago Helpnetsecurity.com
One Phish, Two Phish, Red Phish, Blue Phish - I sat down for a chat with George Skouroupathis, our phishing expert at Resonance Security. Phishing is often the first step taken by hackers in a larger scam. There are lots of different kinds of phishing attacks, but one of the most prevalent is ...
5 months ago Hackread.com
What Is Threat Modeling? - Threat modeling emerges as a pivotal process in this landscape, offering a structured approach to identify, assess, and address potential security threats. Threat Modeling Adoption and Implementation The successful adoption of threat modeling within ...
10 months ago Feeds.dzone.com
Don't phish for deals this holiday season - This season is also a prime opportunity for attackers seeking to capitalize on unsuspecting individuals, employing identity-based cyberattacks such as phishing to compromise users' credentials and take control of their accounts. While education on ...
11 months ago Securityboulevard.com
Cyber Monday Kicks Off Holiday Shopping Season With E-Commerce Security Risks - The post-Thanksgiving e-commerce shopping event known as Cyber Monday draws millions of consumers each year seeking out bargains online - to the tune of $11 billion in 2022. Amid the purchasing spree, consumers routinely share sensitive personally ...
11 months ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)