-
Common Social Engineering Lures Used to Deploy Remote Monitoring Management Tools for Initial Access
10 October 2025 Key Points Continued shift from traditional malware delivery to abuse of legitimate Remote Monitoring and Management (RMM) tools for initial access Campaigns targeting organizations across multiple industries using social engineering lures including fake payment receipts, meeting invitations, and tax…
-
Mimecast Global Threat Intelligence Report – Policy Recommendations
Essential Mimecast Configurations Based on 2025 Global Threat IntelligenceThe cybersecurity landscape continues to evolve at breakneck speed, and our 2025 Global Threat Intelligence Report reveals concerning trends that demand immediate attention. Advanced business email compromise attacks are becoming more sophisticated,…
-
Services Australia Impersonation Drives Year-Round Credential Theft Operation : 17 October 2025
Key Points MCTO3001 - Threat operation with Services Australia and Centrelink impersonation campaigns across multiple sectors Infrastructure abuse of legitimate email services (SendGrid, Mailgun, Office 365) with Australian Gov display name Campaign objective: Credential harvesting and data theft through government…
-
Conflict-Themed Social Engineering Distributes RATs Across Eastern Europe : 17 October 2025
Key Points MCTO1025 also referred to as UCA- 0050 a cybercrime group conducting sustained year-long campaign targeting Ukraine, Romania, and Moldova from single ASN infrastructure Sophisticated social engineering campaigns impersonating Ukrainian and Russian security services, evacuation plans, and military mobilization…
-
SharePoint File Sharing Abuse with CAPTCHA Evasion : 17 October 2025
Key Points Threat actors exploiting SharePoint file sharing services for credential harvesting Multi-stage attack chain using compromised accounts and sophisticated evasion techniques Campaigns require Ctrl+Click interaction to bypass automated security analysis Fake Cloudflare CAPTCHA verification preceding Microsoft 365…
-
HR-Themed campaign Shifts from Credentials to RMM Tools : 17 October 2025
Key Points Long-running credential harvesting operation conducted by MCTO3022 targeting organizations with HR department impersonation Campaigns employ employee handbook compliance requirements and payroll authorization requests Latest campaign evolution includes Adobe PDF Sign impersonation that drops PDQConnect RMM tools…
-
HTML Tag Obfuscation : 21 July 2025
Key Points Threat actors utilizing HTML tag obfuscation to evade email security detection CSS styling techniques render malicious content evading security solutions while appearing legitimate to end users Brand impersonation campaigns leveraging Microsoft copyright obfuscation Campaign Overview The Mimecast Threat Research…
-
Callback Scam Campaigns Impersonating Major Australian Banks : 24 September 2025
Key Points 70,000+ detections of callback scam campaigns targeting Australian organizations Multi-bank impersonation targeting Westpac, Commonwealth Bank, and Macquarie High-value targets including education, legal, and insurance sectors across Australia Social engineering through fake unauthorized transaction…
-
Hospitality-Focused Phishing Campaign Impersonates Expedia and Cloudbeds : 8 September 2025
Key Points Large-scale credential harvesting campaign targeting hospitality industry professionals Impersonates trusted hotel management platforms Expedia Partner Central and Cloudbeds Campaigns exploit trust in routine hotel reservation and commission notifications Campaign Overview Samantha Clarke, Ankit Gupta and…
-
ScreenConnect Super Admin Credential Harvesting : 25 August 2025
Key Points Low-volume spear phishing operation sending up to 1,000 emails per campaign run Initial access for potential ransomware deployment Senior IT professionals and administrators with super admin privileges Adversary-in-the-middle (AITM) phishing using EvilGinx framework Campaign Overview Samantha Clarke and the…