Threat Intelligence

Generaly, a new OTP bot setup capable of capturing OTP, Card CVV, pin codes, and recordings of the spoofed calls. The bot has a dedicated Telegram channel to capture & display information.

DragonForce has been actively targeting Indian entities under #OpsPatuk and #OpsIndia. Breach of some sensitive Government websites containing PII, military operations, and other government secrets.

Hostinger’s preview domain feature abused to host phishing sites

An RCE vulnerability in Zimbra webmail servers being actively exploited to target multiple organizations worldwide. The exploit was used to launch a spear phishing campaign against Europe.

CloudSEK discovered a threat actor group named SolidBit, offering RaaS (Ransom-as-a-Service) on an underground forum. The group is actively looking for partners to gain access to companies’ private networks in order to spread the ransomware called SolidBit.

CloudSEK’s contextual AI digital risk platform XVigil discovered a post by the Mysterious Team announcing the use of the Raven Storm tool DDoS attacks. The tool uses multi-threading for sending multiple packets at a single moment of time and getting the target down.

CloudSEK’s AI powered Digital Risk Protection (DRP) Platform identified a Twitter account involved in a new type of phishing scam campaign where the threat actor is misusing Zoho Forms to steal information from banking customers.

The threat actor group, TeamTNT, compromised multiple cloud instances and containerized environments.The target list includes Docker, Redis server, AWS, and Kubernetes.