Research

Twitter, Leaks and Spam

It’s quite common to see attackers use hot topics on social networks to force users to click on malicious links. So what would be more interesting these days than using the term “Wikileaks”?

The following message arrived this weekend on one of my spam mail accounts. The subject “Wikileaks on Twitter!” caught my attention as I didn’t expect to see a spam mail with that keyword.

The design was cleverly done to trick users into thinking the mail was sent from Twitter. The Twitter logo is integrated and the text promises to be a service e-mail. All three links lead to the same “Canadian Health & Care” Website which is already known for Phishing/Web Forgery.

The takeaway: Be very careful when clicking on any link in e-mails. A simple checks shows that none of the links here belongs or leads to Twitter at all.

Twitter, Leaks and Spam

Your email address will not be published. Required fields are marked *

 

Reports

Lyceum group reborn

According to older public researches, Lyceum conducted operations against organizations in the energy and telecommunications sectors across the Middle East. In 2021, we have been able to identify a new cluster of the group’s activity, focused on two entities in Tunisia.

GhostEmperor: From ProxyLogon to kernel mode

While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the cluster GhostEmperor.

APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

Subscribe to our weekly e-mails

The hottest research right in your inbox