April 2021

Transparent Tribe is an Advanced Persistence Threat (APT) group that has been active since 2013. Also known as PROJECTM and MYTHIC LEOPARD, the group is highly active and has been engaged in conducting various cyber espionage campaigns. The APT group is suspected to be politically motivated, as its victims include defense and diplomatic professionals. One of the tools used in its campaigns is a .NET RAT (Remote Access Trojan) also known as

Android mobile phone users across the U.K. are being targeted by text messages containing a spyware called “FluBot,”, according to the country’s National Cyber Security Centre. This variant of the attack is also referred to as Smishing, a combination of “SMS” and “phishing.”  In the case of phishing, attackers send fraudulent emails that trick recipients into opening a malware-aided attachment or clicking on a malicious link. On the other hand, in the case

A phishing attack is a type of social engineering attack that uses disguised emails as the attack vector. Phishing attacks are the most prevalent types of cyberattacks and are often used to establish the initial infection vector on target victims. Cybercrime attacks associated with APT groups and ransomware usually start with phishing attacks. The attackers masquerade as trusted entities and use legitimate-looking emails to dupe victims into opening them. Upon clicking the malicious link, it can further connect with a

On April 22, 2021, during our routine darkweb monitoring, researchers at Cyble discovered a Threat Actor (TA) posting sensitive Personally Identifiable Information (PII) including 59 million email IDs of US residents on a cybercrime forum called RaidForums.     Figure 1 is a screenshot of the post made by the TA.  The data includes, amongst other things-  Our research indicated that the TA joined the forum on October 26, 2020, and contributed to 32 other threads. A positive reputation of 2,567 suggests the TA has been considerably active in

The Donot Team APT organization (APT-C-35) is an Advanced Persistent Threat (APT) group that targets organizations having a government background. The threat group is known to carry out APT attacks against Pakistan, China, and countries in South Asia. The group mainly uses malicious programs developed in C++, python, .net, and other languages.  In addition to spreading malware via spear phishing emails with attachments containing either a vulnerability or a malicious macro, this group is particularly good at leveraging malicious Android APKs in their target attacks. These Android applications are often disguised as system tools and can

Recently, during our routine darkweb and cybercrime monitoring, Cyble researchers came across a Threat Actor (TA) posting more than 1.3 billion records containing sensitive information about Chinese citizens on a cybercrime forum called RaidForums. The data sources include:   Figure 1 is a screenshot of the post by the Threat Actor.   Figure 1 Post by the TA  Our research has indicated that the TA joined RaidForums in April 2021 and, so far, has contributed just two threads to the forum. The reputation is almost neutral, suggesting