There is a campaign that uses an AI Trading Bot lure. The message makes several claims about the use of machine learning and real-time market analysis to gain a trading advantage. Instead, it installs two remote access trojans (RATs), Dark Crystal RAT (DCRat) and zgRAT.
During this holiday season, there have been continued reports of gift card scams targeting New Jersey State employees and residents. In the above campaign, threat actors create free PenTeleData (ptd[.]net) email accounts to lure their targets in social engineering schemes.
There is a new Xfinity/Comcast phishing campaign in which an email states that access to the user’s mailbox and stored data may be permanently discontinued if the user does not update their email. They employ actions taken by some providers to delete inactive accounts.
The NJCCIC observed a Ledger-themed cryptocurrency drainer phishing campaign targeting New Jersey State employees. Although “Ledger” appears in the sender’s display name, the sender’s email address comes from a “.kr” top-level domain (TLD) for South Korea.
Over the last several weeks, the NJCCIC has observed an increase in compromised New Jersey public sector accounts. These accounts are often compromised after a user submits their account credentials to a fraudulent webpage navigated to via a phishing email.
The NJCCIC identified a phishing campaign aimed at harvesting user credentials. The emails falsely claim that pending messages are waiting in the user’s organization mailbox and include a link to access them. Threat actors warn that the messages might expire within 12 hours if not reviewed.
The holiday season presents an attractive opportunity for threat actors to exploit holiday travelers making reservations and travel arrangements. Threat actors continue to impersonate major brands, create fraudulent websites, employ social engineering tactics, and more.
The NJCCIC has observed threat actor TA584, also known as Storm-0900 and UNC4122, sending phishing emails that mimic login.gov and Medicare.gov. In both campaigns, the messages include unique AWS URLs that likely lead to a landing page with a slide CAPTCHA.
Have you received a text message regarding an unpaid toll or package misdelivery lately? You are not the only one. Researchers discovered a SMiShing (SMS text phishing) campaign attributed to the "Smishing Triad" that has been circulating since April 2024.
Account compromises typically occur due to phishing emails, credential compromise, a lack of multi-factor authentication (MFA), exploited vulnerabilities, and data breaches. The NJCCIC recently received a report of a compromised account due to MFA fatigue (or MFA prompt bombing) .
