Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.

Threats Tagged 'phishing campaign'

View all threats tagged with 'phishing campaign'. Filter and sort to focus on specific types of threats.

Pro Console Lifetime

Stop chasing alerts. Route them.

Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.

Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)

View Plans & Pricing

API access activates after upgrading in Console -> Billing.

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

Filter Threats

Narrow down the results by type, severity, or affected countries

Search threats by title, CVE ID, or description. Maximum 100 characters.
Active filters (1):Tag: phishing campaign

Threats Tagged 'phishing campaign'

Click on any threat for detailed analysis and mitigation recommendations

Fake crypto scams try to piggyback off SpaceX IPO
0

This campaign involves scammers exploiting public interest in the SpaceX IPO by creating fraudulent investment portals that impersonate SpaceX, Elon Musk, and major financial brands such as Fidelity and Robinhood. The fake portals mimic legitimate investment onboarding processes, including W-8BEN tax forms for non-U.S. investors, and ask victims to select investment tiers before directing them to deposit funds via cryptocurrency wallets. The operation focuses on direct cryptocurrency theft rather than credential harvesting. Multiple randomized and SpaceX-themed domains are used to appear legitimate. One Bitcoin wallet linked to the campaign received approximately $8,700.

Join the discussion
Massive offensive launched on Russian businesses
0

In May and June 2026, the Clubfoot Wolf cluster executed a large-scale phishing campaign targeting Russian organizations across manufacturing, retail, e-commerce, agriculture, IT, transportation, healthcare, and science sectors, with primary focus on wholesale distributors of chemical products. Several Belarusian organizations were also compromised. The adversary sent phishing emails disguised as invoices or purchase requests, containing ZIP archives with decoy documents and malicious LNK files. Upon execution, a PowerShell script downloaded and installed NetSupport Manager, a legitimate remote administration tool, which was then used for malicious activities. The attackers employed URL shorteners to hide infrastructure and used multiple decoy files to build victim trust. The campaign demonstrated continuous evolution in delivery methods and infection chains.

Join the discussion
AsyncRAT and Remcos Delivered in Multi-Stage Phishing Campaign
0

A widespread phishing campaign distributing AsyncRAT and Remcos RATs has been observed targeting organizations across manufacturing, media, professional services, agriculture, and chemical industries globally. The attack leverages malicious Excel spreadsheets sent via emails impersonating business communications like purchase orders and payment advice. When macros are enabled, VBA code retrieves HTA payloads through URL shorteners and Cloudflare Workers infrastructure. The multi-stage infection chain employs heavy obfuscation including Base64 encoding, steganography in PNG files, and character substitution. The campaign intensified during June 2026, affecting organizations across Europe, Asia-Pacific, and the Americas. Infrastructure includes distinctive HTA naming conventions using concatenated positive English words. The operation likely uses automation for payload generation and may leverage LLMs for development efficiency.

Join the discussion
FIFA 2026 Security Alert: Cybercriminals Exploit Fan Excitement with Mass Phishing
0

Threat actors are exploiting anticipation for the FIFA World Cup 2026 through sophisticated phishing campaigns targeting fans seeking tickets, hospitality packages, and tournament information. Attackers have deployed FIFA-themed domains and mobile-optimized phishing infrastructure resolving to specific IP addresses, designed to harvest credentials and payment information. The campaigns feature convincing fake ticketing portals that mimic official FIFA services, collecting personal details including names, emails, phone numbers, and payment card data. Some variants redirect victims to online gambling platforms after credential theft. The infrastructure leverages third-party payment services like KOIpay and EBpay, with JavaScript redirecting users to external payment gateways. Victims face risks including fraudulent account creation, credential stuffing attacks, email account takeover, and unauthorized financial access. This operation represents part of a larger fraud ecosystem targeting the tournament.

Join the discussion
A Multi-Stage Steganographic Loader Campaign Deploying Diverse Payloads Globally
0

A sophisticated phishing campaign was identified distributing multiple malware families through a multi-stage loader utilizing steganography and fileless techniques. The infection chain begins with archive attachments containing files disguised as financial documents, primarily targeting Indian organizations using names related to GST, NEFT, RTGS, and IMPS transactions. The loader employs in-memory execution to avoid disk-based artifacts and uses embedded .NET Bitmap objects to conceal payloads. Various malware families have been deployed including Remcos RAT, Agent Tesla, MassLogger, Phantom Stealer, Dark Cloud, Red Line Stealer, Snake keyloggers, Formbook, and xworm. The final payloads establish persistence through registry Run keys, perform process hollowing, steal browser credentials, record audio and webcam, and exfiltrate data to command-and-control infrastructure. The campaign exhibits characteristics of a loader-as-a-service operation serving multiple threat actors globally.

Join the discussion
PHISH ALERT: From a Simple Phishing Email to a Full Attack Arsenal: The Evolution of "ClickFix"
0

A sophisticated phishing campaign leverages evolved ClickFix techniques to bypass modern endpoint security through victim-assisted execution. Targets receive emails with urgent OneDrive document lures containing malicious ZIP attachments. The attack uses LNK shortcuts that redirect victims to landing pages, silently injecting PowerShell commands into their clipboard. Through social engineering, victims are tricked into manually executing commands via Win+R, circumventing traditional security filters. The campaign employs DNS TXT records for payload staging, avoiding HTTP detection. The threat infrastructure hosts multiple malicious components including obfuscated scripts, fake MSI installers masquerading as legitimate software like ConnectWise, and ISO images with spyware for persistent access. This represents a shift toward long-game tactics focused on establishing full post-compromise environmental control.

Join the discussion

Showing 1 to 6 of 6 results

Filters:Tag: phishing campaign
Page 1 of 1
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses