The NJCCIC observed multiple Telephone-Oriented Attack Delivery (TOAD) emails targeting New Jersey State employees. Threat actors use email spoofing to make the email appear to come from the legitimate robinhood[.]com. The email header information reveals the sender’s...
The NJCCIC observed a significant increase in phishing campaigns impersonating security alerts about unusual account activity, including warnings about credential loss and account access. These emails use a subject line of "No Reply" and spoofed addresses.
This Malware Analysis Report (MAR) was originally published on December 4 to share indicators of compromise (IOCs) and detection signatures for BRICKSTORM malware. The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA)...
In these campaigns, threat actors pose as human resources (HR) departments and send emails claiming to contain information on upcoming salary increases and yearly bonuses. They deceive users into downloading unknown files, RMM tools, and more.
Multiple vulnerabilities have been discovered in Fortinet products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the affected service account.
Remcos is advertised as a legitimate remote administration tool used for surveillance and penetration testing purposes; however, threat actors weaponize it as a remote access trojan (RAT) to gain unauthorized access, steal credentials, capture and exfiltrate data, and install malware.
The NJCCIC observed a campaign attempting to distribute Agent Tesla malware. Agent Tesla functions as a remote access trojan (RAT) with information-stealing capabilities, including keystroke logging, password harvesting, clipboard theft, and screen capture.
The NJCCIC received reports of the Calendaromatic malware affecting multiple New Jersey public sector organizations, including local and county government entities. Calendaromatic malware is a PUA primarily targeting entities in the United States.
The NJCCIC has observed an increase in the distribution of infostealing malware. This type of malware is popular among threat actors because of the kind and amount of information it can exfiltrate. Infostealers often have capabilities that allow threat actors to retrieve credentials.
The NJCCIC observed a malware campaign sent to New Jersey State employees, purporting to be proof of payment. The malicious emails contain a ZIP file labeled “Proof Of payment.001” with a SHA-256 hash. The ZIP file appears legitimate but includes a Microsoft EXE file.
