Community Discussions

Recent Discussions

Services Australia Impersonation Drives Year-Round Credential Theft Operation : 17 October 2025
Key Points MCTO3001 - Threat operation with Services Australia and Centrelink impersonation campaigns across multiple sectors Infrastructure abuse of legitimate email services (SendGrid, Mailgun, Office 365) with Australian Gov display name Campaign objective: Credential harvesting and data theft through government…
Conflict-Themed Social Engineering Distributes RATs Across Eastern Europe : 17 October 2025
Key Points MCTO1025 also referred to as UCA- 0050 a cybercrime group conducting sustained year-long campaign targeting Ukraine, Romania, and Moldova from single ASN infrastructure Sophisticated social engineering campaigns impersonating Ukrainian and Russian security services, evacuation plans, and military mobilization…
SharePoint File Sharing Abuse with CAPTCHA Evasion : 17 October 2025
Key Points Threat actors exploiting SharePoint file sharing services for credential harvesting Multi-stage attack chain using compromised accounts and sophisticated evasion techniques Campaigns require Ctrl+Click interaction to bypass automated security analysis Fake Cloudflare CAPTCHA verification preceding Microsoft 365…
HR-Themed campaign Shifts from Credentials to RMM Tools : 17 October 2025
Key Points Long-running credential harvesting operation conducted by MCTO3022 targeting organizations with HR department impersonation Campaigns employ employee handbook compliance requirements and payroll authorization requests Latest campaign evolution includes Adobe PDF Sign impersonation that drops PDQConnect RMM tools…
HTML Tag Obfuscation : 21 July 2025
Key Points Threat actors utilizing HTML tag obfuscation to evade email security detection CSS styling techniques render malicious content evading security solutions while appearing legitimate to end users Brand impersonation campaigns leveraging Microsoft copyright obfuscation Campaign Overview The Mimecast Threat Research…
Common Social Engineering Lures Used to Deploy Remote Monitoring Management Tools for Initial Access
10 October 2025 Key Points Continued shift from traditional malware delivery to abuse of legitimate Remote Monitoring and Management (RMM) tools for initial access Campaigns targeting organizations across multiple industries using social engineering lures including fake payment receipts, meeting invitations, and tax…
Continuous Phishing Operations targeting developers and NPM ecosystem. : 03 October 2025
Key Points Two major npm-focused campaigns identified as part of broader threat landscape: July "account maintenance" and September "2FA security update" operations These npm campaigns represent escalation in targeting critical development infrastructure using open source September 14, 2025: "Shai-Hulud" self-replicating…
Callback Scam Campaigns Impersonating Major Australian Banks : 24 September 2025
Key Points 70,000+ detections of callback scam campaigns targeting Australian organizations Multi-bank impersonation targeting Westpac, Commonwealth Bank, and Macquarie High-value targets including education, legal, and insurance sectors across Australia Social engineering through fake unauthorized transaction…
Hospitality-Focused Phishing Campaign Impersonates Expedia and Cloudbeds : 8 September 2025
Key Points Large-scale credential harvesting campaign targeting hospitality industry professionals Impersonates trusted hotel management platforms Expedia Partner Central and Cloudbeds Campaigns exploit trust in routine hotel reservation and commission notifications Campaign Overview Samantha Clarke, Ankit Gupta and…
BEC Campaign Using AI Generated Fake Email Threads. : 11 August 2025
Key Points Large-scale BEC invoice fraud campaign targets global organizations across multiple industries using urgent payment requests to exploit time-sensitive business processes. Attackers deploy sophisticated automation including AI-generated email content, programmatic file creation, and headless browser technology…
Astaroth Infostealer Campaign : 16 June 2025
Key Points What you'll learn in this notification Information stealer Trojan that predominantly targets Brazil and Mexico with a financial motive. Employs country-specific social engineering tactics. Leverages newly registered, low-reputation domains that impersonate legitimate services. Samantha Clarke and the Mimecast…
Scattered Spider using fake CAPTCHA to evade detection : 22 May 2025
Key Points What you'll learn in this notification More than 150k phishing campaigns impersonating service providers including, SendGrid, HubSpot, Google and Okta Predominately sent from white-labelled SendGrid accounts Use of fake CAPTCHA to evade detection Recent campaigns predominately targeting Retail and Software as a…
OAuth Abuse : 5th May 2025
Key Points What you'll learn in this notification Campaign using OAuth applications Users are redirected to malicious pages Campaign Objective: possible Reconnaissance and Data Collection plus credential phishing Recent campaigns predominately target Real Estate and Professional Service businesses in the US The Mimecast…