This report contains spam and phishing statistics for Q3 2021, plus descriptions of scams linked to the Olympics, Euro 2020, COVID-19, and other relevant events.

Reports

At the end of 2021, we inspected UEFI firmware that was tampered with to embed a malicious code we dub MoonBounce. In this report we describe how the MoonBounce implant works and how it is connected to APT41.

It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income.

The ScarCruft group (also known as APT37 or Temp.Reaper) is a nation-state sponsored APT actor. Recently, we had an opportunity to perform a deeper investigation on a host compromised by this group.

In this report we provide details on a malicious VBS implant distributed via MS Excel droppers and a fake “Kaspersky Update Agent” which we attribute to WIRTE APT who may be linked to Gaza Cybergang.

Spam and phishing reports

Spam and phishing in Q3 2021

Spam and phishing in Q2 2021

Spam and phishing in Q1 2021

Spam and phishing in 2020

Spam and phishing in Q3 2020

Spam and phishing in Q2 2020

Spam and phishing in Q1 2020

Spam and phishing in 2019

Spam and phishing in Q3 2019

Spam and phishing in Q2 2019

Spam and phishing in Q1 2019

Spam and phishing in 2018

Spam and phishing in Q3 2018

Spam and phishing in Q2 2018

Spam and phishing in Q1 2018

Congratulations, you’ve won! The reality behind online lotteries

Keyloggers: How they work and how to detect them (Part 1)

Scammers’ delivery service: exclusively dangerous

Reports

MoonBounce: the dark side of UEFI firmware

The BlueNoroff cryptocurrency hunt is still on

ScarCruft surveilling North Korean defectors and human rights activists

WIRTE’s campaign in the Middle East ‘living off the land’ since at least 2019

Subscribe to our weekly e-mails