Community Discussions

Recent Discussions

HR Bonus-Themed QR Code Phishing Campaign Exploiting Year-End Corporate Processes : 21 November 2025
Key Points Threat Type: Credential harvesting via QR code phishing Brand Impersonated: DocuSign, company HR departments Primary Vector: Compromised email accounts sending PDF attachments with embedded QR codes Campaign Overview The Mimecast Threat Research team has identified an active credential harvesting campaign…
URL Pre Scanning Available Now!
Stop Malicious URLs Before They Reach Your Users Inbox Email security is evolving, and Mimecast is leading the charge with a fundamental shift in how we protect your organization from URL-based threats. We're excited to announce URL Pre-Delivery Scan—a capability that transforms our approach from reactive protection to…
New Employee Phishing Campaign Targets Microsoft 365 Credentials : 05 November 2025
Key Points Credential harvesting campaign impersonating new employee notifications across multiple organizations Multi-stage attack flow utilizing fake verification pages and CAPTCHA to evade detection Leverages FlowerStorm phishing-as-a-service platform with Adversary-in-the-Middle capabilities to bypass MFA Campaign…
Common Social Engineering Lures Used to Deploy Remote Monitoring Management Tools for Initial Access
10 October 2025 Key Points Continued shift from traditional malware delivery to abuse of legitimate Remote Monitoring and Management (RMM) tools for initial access Campaigns targeting organizations across multiple industries using social engineering lures including fake payment receipts, meeting invitations, and tax…
Mimecast Global Threat Intelligence Report – Policy Recommendations
Essential Mimecast Configurations Based on 2025 Global Threat IntelligenceThe cybersecurity landscape continues to evolve at breakneck speed, and our 2025 Global Threat Intelligence Report reveals concerning trends that demand immediate attention. Advanced business email compromise attacks are becoming more sophisticated,…
Services Australia Impersonation Drives Year-Round Credential Theft Operation : 17 October 2025
Key Points MCTO3001 - Threat operation with Services Australia and Centrelink impersonation campaigns across multiple sectors Infrastructure abuse of legitimate email services (SendGrid, Mailgun, Office 365) with Australian Gov display name Campaign objective: Credential harvesting and data theft through government…
Conflict-Themed Social Engineering Distributes RATs Across Eastern Europe : 17 October 2025
Key Points MCTO1025 also referred to as UCA- 0050 a cybercrime group conducting sustained year-long campaign targeting Ukraine, Romania, and Moldova from single ASN infrastructure Sophisticated social engineering campaigns impersonating Ukrainian and Russian security services, evacuation plans, and military mobilization…
SharePoint File Sharing Abuse with CAPTCHA Evasion : 17 October 2025
Key Points Threat actors exploiting SharePoint file sharing services for credential harvesting Multi-stage attack chain using compromised accounts and sophisticated evasion techniques Campaigns require Ctrl+Click interaction to bypass automated security analysis Fake Cloudflare CAPTCHA verification preceding Microsoft 365…
HR-Themed campaign Shifts from Credentials to RMM Tools : 17 October 2025
Key Points Long-running credential harvesting operation conducted by MCTO3022 targeting organizations with HR department impersonation Campaigns employ employee handbook compliance requirements and payroll authorization requests Latest campaign evolution includes Adobe PDF Sign impersonation that drops PDQConnect RMM tools…
HTML Tag Obfuscation : 21 July 2025
Key Points Threat actors utilizing HTML tag obfuscation to evade email security detection CSS styling techniques render malicious content evading security solutions while appearing legitimate to end users Brand impersonation campaigns leveraging Microsoft copyright obfuscation Campaign Overview The Mimecast Threat Research…
Adaptive Policies in Action
In our previous post, we explored the Human Risk Command Center (HRCC) and how it transforms abstract human behavior into quantifiable metrics. Now we're diving deep into adaptive policies—the intelligent controls that automatically adjust security measures based on user behavior and organizational threats. Read…
Astaroth Infostealer Campaign : 16 June 2025
Key Points What you'll learn in this notification Information stealer Trojan that predominantly targets Brazil and Mexico with a financial motive. Employs country-specific social engineering tactics. Leverages newly registered, low-reputation domains that impersonate legitimate services. Samantha Clarke and the Mimecast…
German Tax and Accident Insurance Institution Impersonation : 03 June 2025
Key Points What you'll learn in this notification Attackers exploit institutional trust through sophisticated German tax authority impersonation. Emails appear to be generated by custom spam scripts with forged Thunderbird headers and high variability in subjects and sending email addresses Predominantly targeting…
Scattered Spider using fake CAPTCHA to evade detection : 22 May 2025
Key Points What you'll learn in this notification More than 150k phishing campaigns impersonating service providers including, SendGrid, HubSpot, Google and Okta Predominately sent from white-labelled SendGrid accounts Use of fake CAPTCHA to evade detection Recent campaigns predominately targeting Retail and Software as a…