MuddyWater is a well-known threat actor group that has been active since 2017. They have regularly targeted various organizations in Middle East and Central Asia, primarily using spear phishing emails with malicious attachments. We recently observed a few interesting delivery documents with similarities to the known MuddyWater tools, techniques and procedures.
Read More
A newly-discovered information theft campaign in India has stolen passport scans, photo IDs, and tax information from 160 Indian military officers, military attaches stationed in the said country, consultants, and resellers. Some evidence suggests that the attackers are based out of Pakistan, although no evidence suggests ties to the government.
This operation was not particularly sophisticated, however it was still able to acquire sensitive information that was probably acquired from restricted sources within the Indian government. This shows that targeted attacks don’t need to be well-planned operations backed by a big budget and sufficient resources. What attackers may lack in technical sophistication, they can make up for through tenacity, persistence, and clever social engineering.
Read More
Like any other year, 2015 had its mix of ups and downs in the world of security. A fine line exists between the threats that we face and the solutions we have at our disposal; any slip-up on the part of defenders can make an existing problem that much worse. The coming year will not…
Read MoreCybercriminals have been taking advantage of tax season for years. While we have seen tax seasons involving countries like Australia and the U.K., it appears that cybercriminals tend to heavily favor the use of Internal Revenue Service (IRS) scams, especially during the US tax season. Over the years, the attackers’ means may have evolved but their…
Read MoreOriginally created to extend a browser’s functionality, browser extensions have become yet another tool for cybercriminals’ schemes. Earlier this year, Google has addressed the issue of malicious browser extensions by enforcing a policy that only allows installations if the extensions are hosted in the Chrome Web Store. While this policy can provide more security for…
Read More