Threats Tagged 't1534'

Multiple phishing campaigns are exploiting the FIFA World Cup 2026 event to target mobile users globally. These campaigns use typosquatting, institutional spoofing, and impersonation of major sports retailers to harvest credentials. A sophisticated recruitment fraud campaign also targets corporate Google Workspace accounts with an Adversary-in-the-Middle platform capable of bypassing MFA. Attack vectors include SMS, WhatsApp, and search engines, leveraging emotional urgency and ticket scarcity. This creates risks for enterprises as employees may access work resources via compromised personal devices.

In April 2026, threat actors deployed Nimbus RAT against a legal industry target using Microsoft Teams voice phishing. The attack began with email bombing (282 emails in 90 minutes), followed by a fake IT helpdesk contact via Teams who convinced the victim to grant Quick Assist remote access. Within 20 minutes, a Java-based RAT was deployed that uses Google Drive and Google Sheets for command-and-control, making network traffic appear benign. Analysis of 1,540 suspicious Teams messages across 172 customer environments over 12 months revealed 65% originated from throwaway onmicrosoft.com tenants with IT-themed names. The malware bundles its own Java runtime, implements two credential theft mechanisms, and allows in-memory second-stage code execution. Post-compromise targeting included Signal Desktop attachments and Outlook mailboxes.