In these campaigns, threat actors pose as human resources (HR) departments and send emails claiming to contain information on upcoming salary increases and yearly bonuses. They deceive users into downloading unknown files, RMM tools, and more.
Multiple vulnerabilities have been discovered in Fortinet products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the affected service account.
Remcos is advertised as a legitimate remote administration tool used for surveillance and penetration testing purposes; however, threat actors weaponize it as a remote access trojan (RAT) to gain unauthorized access, steal credentials, capture and exfiltrate data, and install malware.
The NJCCIC observed a campaign attempting to distribute Agent Tesla malware. Agent Tesla functions as a remote access trojan (RAT) with information-stealing capabilities, including keystroke logging, password harvesting, clipboard theft, and screen capture.
The NJCCIC received reports of the Calendaromatic malware affecting multiple New Jersey public sector organizations, including local and county government entities. Calendaromatic malware is a PUA primarily targeting entities in the United States.
The NJCCIC has observed an increase in the distribution of infostealing malware. This type of malware is popular among threat actors because of the kind and amount of information it can exfiltrate. Infostealers often have capabilities that allow threat actors to retrieve credentials.
The NJCCIC observed a malware campaign sent to New Jersey State employees, purporting to be proof of payment. The malicious emails contain a ZIP file labeled “Proof Of payment.001” with a SHA-256 hash. The ZIP file appears legitimate but includes a Microsoft EXE file.
Before 2015, few established Voice over Internet Protocol (VoIP) options existed. Skype and TeamSpeak were among the most common, but were limited in scale and became outdated. Around this time, Discord hit the market, becoming a cultural staple in online gaming communities.
Malicious cell phone applications can hide in plain sight, often disguised as legitimate programs. Threat actors aim to deceive users into installing malicious software and giving permissions far beyond what legitimate apps require. To avoid the inherent distrust that users...
Wiper malware is a type of destructive malware that destroys organizational files and data, rendering them inaccessible and unusable. It typically spreads through phishing emails, malicious downloads, exploited vulnerabilities, Remote Desktop Protocol (RDP) exploits, etc.
