Incidents

A Typhoon Worth Millions

In early November Typhoon Haiyan devastated the Philippines, with a catastrophic numbers of victims – several thousand were reported killed, while hundreds of thousands were evacuated. A few days after the typhoon struck we detected the first “Nigerian letters” in which scammers were exploiting the tragedy for their own selfish ends. The author of the letter below pretended to be a driver at a local security company. The tale of how he became a multi-millionaire sounds plausible enough.

The typhoon supposedly left the driver alone with a cargo of $11.5 million. Realizing he had lost his security escort and that the money was probably presumed lost, he decided to make the most of his predicament and conveyed the money to an associate at another security company. In the letter he is asking the recipient to help transfer the valuable cargo out of the Philippines in return for a generous reward. To add a touch of authenticity, the scammer added real links to news about the typhoon – mostly to the BBC. The news articles are the only reliable information provided in the letter. This amazing story of a newly-made millionaire, along with his name and surname are merely trying to deceive an unsuspecting recipient.

A Typhoon Worth Millions

Your email address will not be published.

 

Reports

The SessionManager IIS backdoor

In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East.

APT ToddyCat

ToddyCat is a relatively new APT actor responsible for multiple sets of attacks against high-profile entities in Europe and Asia. Its main distinctive signs are two formerly unknown tools that we call ‘Samurai backdoor’ and ‘Ninja Trojan’.

WinDealer dealing on the side

We have discovered that malware dubbed WinDealer, spread by Chinese-speaking APT actor LuoYu, has an ability to perform intrusions through a man-on-the-side attack.

APT trends report Q1 2022

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q1 2022.

Subscribe to our weekly e-mails

The hottest research right in your inbox