-
Astaroth Infostealer Campaign : 16 June 2025
Key Points What you'll learn in this notification Information stealer Trojan that predominantly targets Brazil and Mexico with a financial motive. Employs country-specific social engineering tactics. Leverages newly registered, low-reputation domains that impersonate legitimate services. Samantha Clarke and the Mimecast…
-
German Tax and Accident Insurance Institution Impersonation : 03 June 2025
Key Points What you'll learn in this notification Attackers exploit institutional trust through sophisticated German tax authority impersonation. Emails appear to be generated by custom spam scripts with forged Thunderbird headers and high variability in subjects and sending email addresses Predominantly targeting…
-
Scattered Spider using fake CAPTCHA to evade detection : 22 May 2025
Key Points What you'll learn in this notification More than 150k phishing campaigns impersonating service providers including, SendGrid, HubSpot, Google and Okta Predominately sent from white-labelled SendGrid accounts Use of fake CAPTCHA to evade detection Recent campaigns predominately targeting Retail and Software as a…
-
OAuth Abuse : 5th May 2025
Key Points What you'll learn in this notification Campaign using OAuth applications Users are redirected to malicious pages Campaign Objective: possible Reconnaissance and Data Collection plus credential phishing Recent campaigns predominately target Real Estate and Professional Service businesses in the US The Mimecast…
-
Please help us improve our Threat Intelligence Notifications
Have you read the Threat Intelligence Notifications published on the Mimecast Threat Intelligence Hub? I am asking you to share your experience to help us make them as useful as possible for everyone: Please share at least one example of a specific TIN article that prompted you/your team to take action after reading it.…
-
SVG Attachment Abuse : 31st March 2025
Key Points What you'll learn in this notification Campaign using Scalable Vector Graphics (SVG) with JavaScript redirects Users are redirected to credential harvesting pages or download malware Rikesh Vekaria, Marcin Ulikowski, and the Mimecast threat researchers have recently identified several campaigns utilising…
-
Mimecast Phishing Campaign : 18 March 2025
Key Points What you'll learn in this notification Campaign impersonating Mimecast and other brands Predominately targeting real estate industries in the US Uses redirects through various email security rewritten links to a credential harvesting page "Rikesh Vekaria and the Mimecast threat researchers have recently…
-
JavaScript and Captcha Obfuscation : 10 March 2025
Key Points What you'll learn in this notification Threat operations are implementing sophisticated anti-analysis measures within CAPTCHA pages to evade detection and prevent investigation. The malicious pages actively detect security tools and redirect to innocuous destinations when identified, avoiding scrutiny by…
-
Impersonating Booking.com : 24 February 2025
Key Points What you'll learn in this notification Targeting hospitality sector predominately in the UK Operation employs the “Clickfix” technique to enhance its effectiveness Malware associated with these campaigns has been identified as LummaC, a popular infostealer Mimecast Threat Researchers have observed a malware…
-
Missing A Delivery : 12 February 2025
Key Points What you'll learn in this notification Targeting Not for Profit and Housing sectors predominantly in the UK Distributed via Biglobe with AWS S3 buckets hosting HTML pages The primary intent is exfiltrate sensitive data Mimecast Threat Researchers have observed a phishing campaign using the lure of a missed…