Category: Spam and phishing reports

Q2 2021 spam and phishing statistics, plus main trends: corporate mail phishing, compensation fraud, WhatsApp scam, etc.

Reports

According to older public researches, Lyceum conducted operations against organizations in the energy and telecommunications sectors across the Middle East. In 2021, we have been able to identify a new cluster of the group’s activity, focused on two entities in Tunisia.

While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the cluster GhostEmperor.

We discovered a campaign delivering the Tomiris backdoor that shows a number of similarities with the Sunshuttle malware distributed by DarkHalo APT and target overlaps with Kazuar.

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

Spam and phishing reports

Spam and phishing in Q2 2021

Spam and phishing in Q1 2021

Spam and phishing in 2020

Spam and phishing in Q3 2020

Spam and phishing in Q2 2020

Spam and phishing in Q1 2020

Spam and phishing in 2019

Spam and phishing in Q3 2019

Spam and phishing in Q2 2019

Spam and phishing in Q1 2019

Spam and phishing in 2018

Spam and phishing in Q3 2018

Spam and phishing in Q2 2018

Spam and phishing in Q1 2018

Spam and phishing in 2017

Congratulations, you’ve won! The reality behind online lotteries

Keyloggers: How they work and how to detect them (Part 1)

Scammers’ delivery service: exclusively dangerous

Reports

Lyceum group reborn

GhostEmperor: From ProxyLogon to kernel mode

DarkHalo after SolarWinds: the Tomiris connection

APT trends report Q2 2021

Subscribe to our weekly e-mails