Phishing - Cybersec Sentinel

Phishing

A collection of 37 posts

Arkanix Stealer Jumps from Discord to Browser Sessions and Corporate Logins

Arkanix Stealer Jumps from Discord to Browser Sessions and Corporate Logins

Threat Group – Financially motivated cyber crime cluster operating within a malware as a service ecosystem and using Discord communities, gaming groups and social platforms for distribution Threat Type – Cross platform information stealer family with native C plus plus and legacy Python variants that focus on credential, cookie and wallet theft

Browser Notification Hijack via Matrix Push C2

Browser Notification Hijack via Matrix Push C2

Threat Group – Crimeware cluster similar to UNC5142 access brokers and web compromise crews using Matrix Push C2 Threat Type – Browser based C2 platform, phishing delivery system and malware loader sold as a MaaS service Exploited Vulnerabilities – Abuse of W3C Push API, Service Workers, notification prompts, clipboard and Run dialog through

GootLoader New Evasion Methods Target Search Driven Workflows

GootLoader New Evasion Methods Target Search Driven Workflows

Threat Group – UNC2565 (also tracked as Storm-0494) Threat Type – Malware Loader and Initial Access Platform Exploited Vulnerabilities – No specific CVE confirmed. Campaign relies on SEO poisoning, compromised WordPress sites, archive format inconsistencies, Windows Script Host execution, and legacy filename behaviour. Malware Used – GootLoader, GootBot, secondary payloads such as Cobalt Strike

Sindoor Dropper Phishing Exploits Linux Desktop Files for Persistent Remote Control

Sindoor Dropper Phishing Exploits Linux Desktop Files for Persistent Remote Control

Threat Group: Transparent Tribe / APT36 / Mythic Leopard / G0134 Threat Type: Targeted phishing dropper, Linux desktop shortcut abuse, remote administration tool deployment, cyber espionage Exploited Vulnerabilities: No public CVE exploitation confirmed. Abuse of Linux .desktop launcher behaviour, user execution, weak attachment controls, and trusted cloud storage delivery. Malware Used: Sindoor Dropper

ScarCruft and RokRAT Pose High Threat to Government and Academia

ScarCruft and RokRAT Pose High Threat to Government and Academia

Threat Group: ScarCruft / APT37 / Reaper / Red Eyes Threat Type: Advanced Persistent Threat (APT), Remote‑Access Trojan (RAT), Espionage and Ransomware Exploited Vulnerabilities: CVE‑2017‑8291 (Encapsulated PostScript vulnerability in Hangul Word Processor), CVE‑2024‑38178 (Internet Explorer mode of Microsoft Edge), vulnerabilities in Hancom Office; exploitation of Windows LNK files,

Fileless MixShell Malware Delivered Through Web Forms and Cloud Services

Fileless MixShell Malware Delivered Through Web Forms and Cloud Services

Threat Group: Unknown actor with possible overlaps to the UNK_GreenSec cybercriminal cluster Threat Type: Social engineering phishing campaign delivering a fileless, in memory backdoor Exploited Vulnerabilities: No software vulnerabilities exploited. The threat abuses web "Contact Us" forms, trusted cloud storage and user trust to bypass email gateways

Microsoft 365 Exchange Online Direct Send exploited for internal phishing campaigns

Microsoft 365 Exchange Online Direct Send exploited for internal phishing campaigns

Threat Group: Opportunistic and financially motivated actors targeting multiple sectors Threat Type: Phishing and email infrastructure abuse Exploited Vulnerabilities: Abuse of Microsoft 365 Exchange Online Direct Send feature; implicit trust of unauthenticated internal-looking emails; weak or unenforced SPF, DKIM, and DMARC Malware Used: None required for initial access; follow-on payloads

Charon ransomware adopts APT style tactics to target Middle East public sector and aviation

Charon ransomware adopts APT style tactics to target Middle East public sector and aviation

Threat Group: Suspected China linked Earth Baxia affiliate or imitator Threat Type: Ransomware Exploited Vulnerabilities: None confirmed. Suspected spear phishing and DLL sideloading Malware Used: Ransom.Win64.CHARON.THGBCBE Threat Score: 🔴 High (7.5/10) – Advanced persistent threat style capabilities, targeted operations, destructive behaviours, and potential state alignment Last Threat

Scattered Spider Shifts to Aviation, Retail, and Transport in Latest Campaigns

Scattered Spider Shifts to Aviation, Retail, and Transport in Latest Campaigns

Threat Group: Scattered Spider Threat Type: Cybercrime Group (Focused on Cloud Environments, Ransomware) Exploited Vulnerabilities: Azure Cross-Tenant Synchronization, Federated Identity Providers, Cloud Platforms Malware Used: AlphV ransomware, Spectre RAT Threat Score: 🔴 High (8.8/10) – Due to its sophisticated exploitation of cloud-based systems, privilege escalation methods, and use of advanced