Threat Actors Using Multimedia Systems Via Stealthy Vishing Attack

The attackers leverage psychological manipulation tactics throughout the process, first creating curiosity with vague email content, then generating panic with the multimedia message, and finally applying high-pressure social engineering during the phone conversation to extract sensitive information from victims. These new attack vectors, observed in early 2025, represent an evolution in social engineering tactics where threat actors exploit commonly trusted file formats to deliver fraudulent messages prompting victims to make phone calls to fake customer support numbers. When analyzing samples like “Invoice QCFT-01031D15.mp4” (SHA256: 564474210b017fcad57c3ca3a9dd5fc130850ef01182d6dc745d5e2599354be9) and “ASIF_page-0001 (1).webp” (SHA256: fa578d184cf5f23d2fc5ef9eee45febc4e168edaeef7b1ba13c33124786e57cb), researchers discovered the files contained static images with fake payment information rather than actual multimedia content. Cybercriminals have developed sophisticated vishing techniques that leverage multimedia file formats to bypass security systems and target unsuspecting victims. Most email security solutions focus scrutiny on executable files or commonly abused document formats while giving multimedia files minimal inspection. Security experts recommend enhanced email filtering configurations that scrutinize multimedia attachments, especially when combined with financial-themed messages or when sent from free email services. The attacks typically begin with emails containing minimal content in the body, creating curiosity or urgency that compels recipients to open the attached multimedia files. This technique allows the files to retain their multimedia extension while functioning essentially as documents, creating a detection blind spot in many security systems. Threat actors specifically choose MP4 video files and WebP image formats because security systems typically consider these formats low-risk. Once opened, these files display fake invoices or payment notifications, often claiming to be from trusted financial services like PayPal, with urgent messages about unauthorized charges. Trellix researchers identified this novel campaign in January 2025, noting a significant shift from traditional vishing methods that relied on PDF attachments or direct email content. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 09 May 2025 12:10:05 +0000


Cyber News related to Threat Actors Using Multimedia Systems Via Stealthy Vishing Attack

Sophisticated Vishing Campaigns Take World by Storm - Voice phishing, or vishing, is having a moment right now, with numerous active campaigns across the world that are ensnaring even savvy victims who might seem likely to know better, defrauding them in some cases of millions of dollars. South Korea is ...
1 year ago Darkreading.com
Deep dive into synthetic voice phishing defense - Voice phishing attacks are an escalating threat and this alarming statistic highlights a pervasive lack of awareness among the general population. At the moment, different techniques are being used by both big and small businesses to fight back ...
1 year ago Cybersecurity-insiders.com
Who's calling? The threat of AI-powered vishing attacks - Service desk agents are prime targets for vishing attacks since they often handle sensitive information and user authentication requests. Vishing, or "voice phishing," is a form of social engineering where scammers use phone calls to deceive victims ...
1 month ago Bleepingcomputer.com
Threat Actors Using Multimedia Systems Via Stealthy Vishing Attack - The attackers leverage psychological manipulation tactics throughout the process, first creating curiosity with vague email content, then generating panic with the multimedia message, and finally applying high-pressure social engineering during the ...
8 hours ago Cybersecuritynews.com
Staying ahead of threat actors in the age of AI - At the same time, it is also important for us to understand how AI can be potentially misused in the hands of threat actors. In collaboration with OpenAI, today we are publishing research on emerging threats in the age of AI, focusing on identified ...
1 year ago Microsoft.com Kimsuky
Cofense Adds Vishing Simulation to its Popular PhishMe® Email Security Awareness Training - LEESBURG, Va. - December 13, 2023 - Cofense, the leading provider of email security awareness training and advanced phishing detection and response solutions, today announced a first-of-its-kind, fully managed and customizable vishing security ...
1 year ago Securityboulevard.com
Latest Information Security and Hacking Incidents - Vishing, short for voice phishing, involves scammers attempting to trick people into revealing sensitive information over the phone. These calls often impersonate authorities like the IRS or banks, creating urgency to manipulate victims. Vishing ...
1 year ago Cysecurity.news
Operation Morpheus took down 593 Cobalt Strike servers used by threat actors - Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Experts released PoC exploit code for a critical bug in Progress Telerik Report Servers. Threat actors may have exploited a zero-day in older iPhones, Apple warns. Nation-state ...
10 months ago Securityaffairs.com CVE-2024-0769 CVE-2022-38028 CVE-2023-49103 CVE-2023-46747 CVE-2023-46748 CVE-2023-4966 APT28
TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793 - As part of this analysis, we look at threat actor TTPs employed throughout the intrusion and how they were identified and pieced together by the FortiGuard IR team. The following section of this report focuses on the activities of one of these threat ...
1 year ago Feeds.fortinet.com CVE-2023-42793 APT29
Threat actors misuse OAuth applications to automate financially driven attacks - Threat actors are misusing OAuth applications as an automation tool in financially motivated attacks. Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious ...
1 year ago Microsoft.com
20 Best Endpoint Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive endpoint security against many threats.The user interface may overwhelm some users.Machine learning for real-time threat detection.Integration with existing systems may be complex.A central management ...
1 month ago Cybersecuritynews.com
What Is Cyber Threat Hunting? - Cyber threat hunting involves proactively searching for threats on an organization's network that are unknown to traditional cybersecurity solutions. A recent report from Armis found that cyber attack attempts increased by 104% in 2023, underscoring ...
1 year ago Techrepublic.com
How to Use Threat Intelligence Feeds for SOC/DFIR Teams - Threat intelligence feeds provide real-time updates on indicators of compromise, such as malicious IPs and URLs. Security systems can then ingest these IOCs to identify and block potential threats, which essentially grants organizations immunity to ...
11 months ago Cybersecuritynews.com
How to Overcome the Most Common Challenges with Threat Intelligence - Today's typical approach to threat intelligence isn't putting organizations in a place to do that. Instead, many threat intelligence tools are delivering too much uncurated and irrelevant information that arrives too late to act upon. Organizations ...
1 year ago Cyberdefensemagazine.com Hunters
What Is Threat Modeling? - Threat modeling emerges as a pivotal process in this landscape, offering a structured approach to identify, assess, and address potential security threats. Threat Modeling Adoption and Implementation The successful adoption of threat modeling within ...
1 year ago Feeds.dzone.com
Automating Threat Intelligence Enrichment In Your SIEM With MISP - In conclusion, automating threat intelligence enrichment between MISP and your SIEM using Python is a transformative step for any security operations center. This article explores how to architect, implement, and operationalize automated threat ...
2 weeks ago Cybersecuritynews.com
Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours - In late December 2022, we observed threat actors exploiting a publicly exposed Remote Desktop Protocol host, leading to data exfiltration and the deployment of Trigona ransomware. On Christmas Eve, within just three hours of gaining initial access, ...
1 year ago Thedfirreport.com Trigona
Top 7 Cyber Threat Hunting Tools for 2024 - Cyber threat hunting is a proactive security measure taken to detect and neutralize potential threats on a network before they cause significant damage. To seek out this type of threat, security professionals use cyber threat-hunting tools. With ...
1 year ago Techrepublic.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
IT and OT cybersecurity: A holistic approach - In comparison, OT refers to the specialized systems that control physical processes and industrial operations. OT Technologies include industrial control systems, SCADA systems and programmable logic controllers that directly control physical ...
1 year ago Securityintelligence.com
Using Threat Intelligence To Combat Advanced Persistent Threats (APTs) - By incorporating threat intelligence feeds into security operations, organizations gain valuable insights into the tactics, techniques, and procedures (TTPs) used by known APT groups. Modern platforms integrate contextual intelligence feeds, helping ...
3 weeks ago Cybersecuritynews.com
IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities - SUMMARY. The Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, National Security Agency, Environmental Protection Agency, and the Israel National Cyber Directorate-hereafter referred to as "The authoring agencies"-are ...
1 year ago Cisa.gov
10 Best EDR Tools ( Endpoint Detection & Response) - 2025 - What is good?What Could Be Better ?Provides comprehensive endpoint monitoring.Some users might find the installation and configuration process of the solution tedious.Protect your entire security stack with in-depth threat intelligence.Some users ...
1 month ago Cybersecuritynews.com
Companies Must Strengthen Cyber Defense in Face of Shifting Threat Actor Strategies - Critical for organizations to understand attackers' tactics, techniques, and procedures. The 2023 mid-year cyber threat report card portends an ominous outlook with staggering data including the fact that 332 million cryptojacking attacks were ...
1 year ago Cyberdefensemagazine.com
Co-op confirms data theft after DragonForce ransomware claims attack - These threat actors are experts at using social engineering attacks, SIM Swapping, and MFA fatigue attacks to breach networks and then steal data or deploy ransomware. However, soon after the news broke, BleepingComputer learned that the ...
1 week ago Bleepingcomputer.com Dragonforce Scattered Spider

Cyber Trends (last 7 days)