Threat Intelligence

Keep up with the latest strains of Malware, Phishing Lures, Indicators of Compromise, and Data Leaks.

Articles in Blog Posts

February 14, 2025

The Faux SEO Spiderweb: Exploring how Black-hat SEO has riddled the Indian Internet Space

Black-hat SEO tactics are compromising the Indian internet space, with cybercriminals exploiting search engine poisoning to infiltrate government, educational, and financial websites. This in-depth analysis uncovers how malicious actors manipulate search rankings using keyword stuffing, cloaking, and backlinking to redirect unsuspecting users to fraudulent gaming and investment platforms. The report highlights the alarming scale of this digital deception, urging authorities to strengthen security measures and users to stay vigilant against manipulated search results. Stay informed and safeguard your online experience against black-hat SEO threats. 🚨 #CyberSecurity #SEO

Written by

Noel Varghese

February 10, 2025

DeepSeek ClickFix Scam Exposed! Protect Your Data Before It’s Too Late

Cybercriminals are exploiting DeepSeek’s rising popularity to launch ClickFix phishing campaigns, tricking users into clicking fake CAPTCHA links that steal credentials and install malware like Vidar and Lumma Stealer. These attacks impersonate DeepSeek’s branding to appear legitimate, bypass security measures, and infect unsuspecting victims. CloudSEK’s Threat Research Team has uncovered a malicious domain distributing malware via deceptive verification buttons. Learn how to spot these scams, secure your accounts with MFA, and avoid becoming the next victim! Stay informed and shield your data NOW before it’s too late! 🔥

Written by

Anshuman Das

January 24, 2025

No Honour Among Thieves: Uncovering a Trojanized XWorm RAT Builder Propagated by Threat Actors and Disrupting Its Operations

Discover how a trojanized version of the XWorm RAT builder exploited novice cybersecurity enthusiasts, spreading malware through GitHub, Telegram, and file-sharing platforms to compromise over 18,000 devices globally. This malicious tool exfiltrates sensitive data, employs advanced virtualization and registry techniques, and operates via Telegram-based command-and-control servers. Learn about the identified threat actors, their operational methods, and the disruption efforts that leveraged the malware's "kill switch" to mitigate its impact. Stay informed on proactive measures to protect against evolving cybersecurity threats.

Written by

Vikas Kundu

October 10, 2024

Analyzing Recent Cyber Attacks in the United States Coinciding with Columbus Day Celebration

Over recent months, the United States has faced a surge in cyber attacks, with ransomware incidents rising sharply from June to October 2024. Prominent groups, including Play, RansomHub, Lockbit, Qilin, and Meow, have targeted sectors such as Business Services, Manufacturing, IT, and Healthcare, compromising over 800 organizations. Major attacks included a breach of the City of Columbus by Rhysida ransomware and data leaks impacting Virginia’s Department of Elections and Healthcare.gov. Additionally, China’s "Salt Typhoon" espionage campaign is aggressively targeting U.S. ISPs, further complicating the cyber threat landscape. Hacktivist groups advocating pro-Russian and pro-Palestinian positions have also increased their attacks, affecting government entities and critical infrastructure. This report highlights the need for enhanced security protocols, regular audits, and public awareness initiatives to mitigate the growing cyber risks. Key recommendations include implementing multi-factor authentication, frequent employee training, and advanced threat monitoring to safeguard the nation's critical infrastructure and public trust.

Written by

CloudSEK TRIAD

October 4, 2024

Deepfake Controversy: Scammers Use Deepfakes of Virat Kohli, Anant Ambani to Fraud

CloudSEK’s latest research uncovers a troubling trend involving scammers using deepfake technology to promote fraudulent mobile applications. High-profile individuals, such as Virat Kohli, Anant Ambani, and even international figures like Cristiano Ronaldo and Ryan Reynolds, have been targeted through deepfake videos. These manipulated clips showcase them endorsing a mobile gaming app, luring unsuspecting users into scams. The fraudulent ads leverage the credibility of renowned news channels to enhance their legitimacy, fooling users into downloading harmful applications from fake domains resembling Google Play or Apple App Store. This emerging threat is particularly aimed at the Indian market but extends to other regions like Nigeria, Pakistan, and Southeast Asia. The deceptive gaming apps, designed to siphon money from users, require a minimum deposit, promising quick earnings but leading to significant financial losses. These scams exploit deepfake videos in creative ways to bypass detection, making them even more dangerous. To combat this growing threat, CloudSEK’s Deep Fake Analyzer offers a free solution for the cybersecurity community, helping professionals detect and mitigate the risks posed by manipulated videos, images, and audio. This tool is crucial in safeguarding organizations from deepfake-related scams and fraud. To access the CloudSEK Deep Fake Analyzer, visit https://community.cloudsek.com/

Written by

Gagan Aggarwal

September 24, 2024

Miles Away from Safety: The Frequent Flyer Fraud

This article examines how cybercriminals exploit stolen frequent flier accounts for money laundering. It covers motivations, trading of accounts, methods to monetize stolen miles, case studies, financial impact, and current prevention measures.

Written by

CloudSEK TRIAD

Articles in Threat Intelligence

November 15, 2023

Critical CSRF Vulnerability in IBM CICS TX - CVE-2023-42027 Demands Immediate Action

CVE-2023-42027 IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multi platforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts

November 6, 2023

CVE-2023-43792 baserCMS is a website development framework vulnerable to Code Injection attacks

CVE-2023-43792 is a code injection vulnerability in the mail form of baserCMS versions 4.6.0 to 4.7.6. This vulnerability allows an attacker to inject arbitrary code into the baserCMS application, which could then be executed by other users of the application.

November 6, 2023

CVE-2023-4197 Vulnerability in Dolibarr ERP CRM 18.0.1 Allows PHP Code Injection

CVE-2023-4197 Improper input validation in Dolibarr ERP CRM v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code

September 8, 2023

Hoze shell script dropped along with XMRig miners on misconfigured SSH Servers by Brute Forcing

CloudSEK’s Threat Intelligence Team uncovered a campaign, actively running from the past 1.8 years, that attacks and brute forces the SSH.

September 4, 2023

3,20,000+ Patient Records From Ayush Jharkhand Gov. In Shared On Dark Web Hacking Forums

A hacker known as Tanaka has exposed over 320,000 patient records from ayush.jharkhand.gov.in, detailing personal and medical information. The 7.3 MB database leak includes sensitive data from the AYUSH ministry's site

August 28, 2023

Rogue Scripts Are Exploiting OTP Verification APIs To Send Heaps of OTP SMSes, Hold The Potential Of Triggering Service Disruptions.

Discover how CloudSEK's AI-powered XVigil platform identified concerning GitHub repositories mentioning Indian companies and their APIs.

Join 10,000+ subscribers

Keep up with the latest news about strains of Malware, Phishing Lures,
Indicators of Compromise, and Data Leaks.