The NJCCIC received reports of a phishing scam abusing the legitimate Docusign platform and impersonating a New Jersey organization. In the Docusign envelope email notification, the impersonated organization’s name appears in the sender’s display name and the body of the email.
The NJCCIC observed multiple campaigns in which threat actors attempted to trick users into downloading the PDQ Connect Agent. PDQ Connect is a platform that allows agent-based device management for both remote and local devices. Once installed, threat actors can utilize...
The NJCCIC received reports of a surge in cryptocurrency scams in the past month. These scams aim to steal personally identifiable information (PII), private keys, wallet addresses, and funds. In fraudulent investment schemes, threat actors impersonate legitimate organizations, and more.
In June, the NJCCIC reported on an SMS phishing (SMiShing) scam where threat actors impersonated the New Jersey Department of Labor. We recently received reports of a new phishing scam imitating the NJ DOL and claiming to be an urgent message regarding the target's unemployment...
The NJCCIC observed a new iteration of ClickFix leading to the download of a recently discovered infostealer, MonsterV2. This infostealer can grab cryptocurrency wallets, account credentials, personally identifiable information such as Social Security numbers, and browser information.
In light of several recent natural disasters, the NJCCIC reminds users to exercise caution and conduct due diligence before donating funds. Cybercriminals often exploit the compassion and generosity of the public by conducting fraudulent schemes to steal funds.
GreyNoise identified a notable surge in scanning activity targeting MOVEit Transfer systems beginning on May 27. On June 12, they then observed exploitation attempts against CVE-2023-34362 and CVE-2023-36934. While these critical vulnerabilities are several years old...
The NJCCIC continues to observe Telephone-Oriented Attack Delivery (TOAD) attacks. Threat actors begin the attack by performing reconnaissance on their targets, gathering information from various sources such as past data breaches, data purchased on the dark web, etc.
"Sneaky Log" is a sophisticated cybercrime group that emerged in late 2024, operating a Phishing-as-a-Service (PhaaS) kit called "Sneaky 2FA" which is designed to bypass two-factor authentication (2FA), also known as multi-factor authentication (MFA).
The recent surge in data breaches is a significant cause for concern, including the publicly exposed database containing more than 184 million records of email addresses, usernames, passwords, and links to account login or authorization webpages.
