Incidents

A Typhoon Worth Millions

In early November Typhoon Haiyan devastated the Philippines, with a catastrophic numbers of victims – several thousand were reported killed, while hundreds of thousands were evacuated. A few days after the typhoon struck we detected the first “Nigerian letters” in which scammers were exploiting the tragedy for their own selfish ends. The author of the letter below pretended to be a driver at a local security company. The tale of how he became a multi-millionaire sounds plausible enough.

The typhoon supposedly left the driver alone with a cargo of $11.5 million. Realizing he had lost his security escort and that the money was probably presumed lost, he decided to make the most of his predicament and conveyed the money to an associate at another security company. In the letter he is asking the recipient to help transfer the valuable cargo out of the Philippines in return for a generous reward. To add a touch of authenticity, the scammer added real links to news about the typhoon – mostly to the BBC. The news articles are the only reliable information provided in the letter. This amazing story of a newly-made millionaire, along with his name and surname are merely trying to deceive an unsuspecting recipient.

A Typhoon Worth Millions

Your email address will not be published. Required fields are marked *

 

Reports

APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Subscribe to our weekly e-mails

The hottest research right in your inbox