Weekly Threat Briefing: New Credential Phish Targets Employees with Salary Increase Scam

Weekly Threat Briefing: New Credential Phish Targets Employees with Salary Increase Scam

November 5, 2019 | Anomali Threat Research Team

The intelligence in this week’s iteration discuss the following threats: APT, Data leak, Phishing, PII, Targeted attacks, Vulnerabilities, and Zero day. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.

Observed Threats

This section includes the top threats observed from the Anomali Community user base as well as sensors deployed by Anomali Labs. A ThreatStream account is required to view this section. Click here to request a trial.

The Advanced Persistent Threat (APT) group “APT28” is believed to be a Russian-sponsored group that has been active since at least 2007. The group displays high levels of sophistication in the multiple campaigns that they have been attributed to, and various malware and tools used to conduct the operations align with the strategic interests of the Russian government. The group is believed to operate under the Main Intelligence Directorate (GRU), the foreign intelligence agency of the Russian armed forces.
The term, “MageCart,” first emerged in 2015, according to RiskIQ and Flashpoint researchers. The umbrella term, MageCart, refers to groups that target online commercial websites and injects payment skimming scripts to illicitly obtain credit card credentials. The group is suspected to be several groups under the umbrella of MageCart, the name given to keep track of these financially-motivated groups and their malicious activity. RiskIQ and Flashpoint suggest that there are approximately six to seven groups with each group acting slightly different in their targeting, skimmer functionality, and infrastructure. Magecart will be referred to as a single entity for the purposes of this actor profile, unless specified otherwise.
Anomali Threat Research Team
About the Author

Anomali Threat Research Team

Get the latest threat intelligence news in your email.