Threat Intelligence

Cybercriminals Exploit Reverse Tunnel Services and URL Shorteners to Launch Large-Scale Phishing Campaigns

XVigil has identified a surge in phishing sites hosted using reverse tunnel services. In this report, we delve into how threat actors use reverse tunnel services, along with URL shorteners, to orchestrate widespread campaigns, without leaving any traces.

June 22, 2022

Improvised Modus Operandi for Targeting Indian Banking Customers via SMS Forwarding Malware

CloudSEK team has uncovered a banking trojan, with improvised modus operandi, where the threat actor or a group of threat actors host a simple online complaint portal having the domains like online-complaint[.]com or customer-complaint[.]com and target Indian banking customers.

June 22, 2022

Overlooked Webhooks Exploit Endpoint Vulnerability in Slack Channels

BeVigil has detected leaked Slack webhooks in one of the applications being monitored. Exposed webhooks can be leveraged to access sensitive data and also propagate phishing messages.

June 22, 2022

Indian Rail Coach Factory PII and Credentials Shared From Past Data Breaches

CloudSEK team identified a post on a cybercrime forum where a threat actor posted the database of Rail Coach Factory, Kapurthala, India for free.

June 22, 2022

CoinEgg Scam Campaign Steals Victims’ Cryptocurrency and Data

CloudSEK researchers’ investigation discovered that the CoinEgg Scam/cryptocurrency scam was conducted by threat actors. We discovered an on-going malicious scheme involving multiple payment gateway domains and Android-based applications, used to lure unsuspecting individuals into a mass gambling scam.

June 14, 2022

Unauthenticated Confluence RCE Vulnerability (CVE-2022-26134) Actively Exploited in the Wild

CVE-2022-26314 is an unauthenticated and remote OGNL injection vulnerability that could lead to remote code execution.

June 13, 2022

170 SonicVPN Accesses Sold on a Cybercrime Forum

XVigil identified a post, advertising 170 SonicVPN accesses for USD 2,000. Threat actors have been targeting SonicVPN frequently, which puts these accesses at a high risk of being exploited.

June 13, 2022

Sophisticated Phishing Toolkit Dubbed “NakedPages” for Sale on Cybercrime Forums

XVigil discovered a threat actor advertising a “battle-tested” reverse proxy/PHP phishing app called “NakedPages”, on a cybercrime forum.

June 13, 2022

Hacktivist Group Summons Allies and Hackers to Unite Against Govt. of India

Category: Adversary Intelligence Threat Type: Hacktivism Industry: Government & Private Region: India Update 2: 13 June 2022, 18:30 IST CloudSEK’s researchers captured a

June 13, 2022

MS Office RCE Vulnerability “Follina” CVE-2022-30190 actively exploited by threat actors

CloudSEK’s Threat Research team has analyzed the MS Office RCE 0day vulnerability that has been dubbed as Follina and has been given the CVE-2022-30190. The attack vector and the vulnerability very closely resembles CVE-2021-40444.

June 3, 2022

Darkweb Mentions

Cybercriminals Exploit Reverse Tunnel Services and URL Shorteners to Launch Large-Scale Phishing Campaigns

Improvised Modus Operandi for Targeting Indian Banking Customers via SMS Forwarding Malware

Overlooked Webhooks Exploit Endpoint Vulnerability in Slack Channels

Indian Rail Coach Factory PII and Credentials Shared From Past Data Breaches

CoinEgg Scam Campaign Steals Victims’ Cryptocurrency and Data

Unauthenticated Confluence RCE Vulnerability (CVE-2022-26134) Actively Exploited in the Wild

170 SonicVPN Accesses Sold on a Cybercrime Forum

Sophisticated Phishing Toolkit Dubbed “NakedPages” for Sale on Cybercrime Forums

Hacktivist Group Summons Allies and Hackers to Unite Against Govt. of India

MS Office RCE Vulnerability “Follina” CVE-2022-30190 actively exploited by threat actors

Threatintel Redefined

Get Alerted