Spam and phishing mail

Organ donation: home delivery

Promises to marry a potential groom if he covers his bride-to-be’s travel expenses to his hometown are a fairly common feature of fraudulent spam. Less common are more ‘noble’ offers of help, though even these charitable offers usually come at a price.

In a recent mailing, a resident from the Ukrainian city of Odessa expressed his wish to become an organ donor, but for a considerable fee. In the email, he provided an overview of his current state of health – “good, not perfect” – his biometric data (height – 1.74 m, weight – 63 kg) and even his blood type. The price for which he was willing to sell a kidney or his liver was not specified; the main condition was that the operation had to be done in a European clinic.

It is obvious that anyone who decides to take him up on his offer will have to pay a considerable sum of money. It is highly likely that our “man from Odessa” will also want money to pay for his trip to Europe or to carry out tests in a good laboratory, before disappearing once he receives a money transfer. Honesty and offers made in spam are just incompatible. Moreover, no one should ever enter into negotiations with people who send unsolicited emails, especially when it concerns health issues.

Organ donation: home delivery

Your email address will not be published. Required fields are marked *

 

Reports

Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Lazarus covets COVID-19-related intelligence

As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that the Lazarus group is going after intelligence that could help these efforts by attacking entities related to COVID-19 research.

Sunburst: connecting the dots in the DNS requests

We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we analyzed 1722 DNS records, leading to 1026 unique target name parts and 964 unique UIDs.

Subscribe to our weekly e-mails

The hottest research right in your inbox