EchoSpoofing leverages Proofpoint to Send Millions of Convincing Spoofed Emails
Malware Developments
EchoSpoofing leverages Proofpoint to Send Millions of Convincing Spoofed Emails
"EchoSpoofing" refers to a sophisticated phishing operation that has manipulated Proofpoint's email security infrastructure to send millions of convincingly spoofed emails, supposedly from major brands like Disney, IBM, and Coca-Cola. Despite advanced security protocols such as SPF and DKIM that typically ensure emails are sent from approved servers and authenticated with the domain's private key, threat actors found a way to dispatch emails that passed these security checks.
Cross-Platform Malware Enhancements in North Korean DEV#POPPER Campaign
The DEV#POPPER campaign, linked to North Korean threat actors, continues its efforts to target developers worldwide. The attackers have retooled their social engineering tactics, using fake job interviews to lure software developers into executing malicious code, and they have now expanded their attack surface to include Linux and macOS in addition to Windows. Affected victims are mainly located across South Korea, North America, Europe, and the Middle East, underlining the extensive reach of the attack.
Newly Discovered BITSLOTH Malware Exploits Windows BITS Service
Researchers have discovered BITSLOTH, an intricate backdoor that exploits the Windows Background Intelligent Transfer Service (BITS) to facilitate command-and-control activities. The malware, first identified during a cyber attack in the Latin American region, showcases a sophisticated design that has been refined over several years. The incident, labeled REF8747 revealed BITSLOTH's extensive capabilities, including keylogging, screen capture, and complex system exploration tools.
Recommended by LinkedIn
New DDoS Campaign Panamorfi Leverages Discord to Implement Attacks
A newly identified DDoS campaign, Panamorfi, utilizes Discord to control and amplify its attacks. Originating from compromised Jupyter notebooks, the campaign leverages the Java-based mineping tool, which disrupts network services under the attacker's command.
Identified Trends
Cloudflare Tunnels Abused by Threat Actors to Distribute RATs
Researchers detected a significant uptick in malware delivery through the abuse of TryCloudflare Tunnels. This financially motivated activity primarily delivers remote access trojans (RATs) and has shown increased sophistication in tactics to bypass detection. The campaigns, observed since February 2024, have evolved, leveraging Cloudflare Tunnels to create one-time access points without needing an account. This method allows attackers to remotely access data and resources, mimicking the functionality of VPNs or secure shell protocols, posing a notable threat to organizations worldwide.
Gain deeper CTI insights!
CyberProof’s CTI service offers comprehensive threat intelligence coverage, ensuring that your organization stays ahead of active threats that pose the greatest risk to your assets.
Our advanced CTI team investigates the threat landscape, providing you with detailed reports, related Indicators of Compromise (IOCs), technical recommendations, and MITRE ATT&CK mapping.