As news of Silicon Valley Bank’s (SVB) collapse continues to dominate the headlines, cybercriminals are running phishing campaigns impersonating SVB and other financial institutions, including M-F-A and Bloomberg. Responding quickly to the 24-hour news cycle, cybercriminals aim to leverage their victims’ potential distress over their financial situation to make them more susceptible to this type of attack.

In recent years, phishing attacks have become increasingly sophisticated and are now being conducted through various messaging platforms such as Telegram. Telegram is a popular messaging app that allows users to send messages, photos, videos, and other files over the internet. It also provides APIs that allow developers to create custom bots and applications. Unfortunately, these same APIs can be used by malicious actors to exfiltrate credentials successfully phished from attacks.

AT&T is a massive telecommunications company with its headquarters in Dallas, Texas. The company is known as the largest telecommunications company in the world according to its revenue, and it is the third-largest mobile phone service provider in the United States. The company recently suffered an attack that exposed some of its customer data to hackers and may have put customers at risk. The attack wasn't on AT&T directly but on one of the company's external marketing vendors instead.

DC Health Link is part of the Affordable Care Act online marketplace of health insurance plans. The service provides health care to members of Congress as well as many staff members throughout Capitol Hill. This healthcare service was recently the victim of a cyber attack and suffered a serious data breach that exposed hundreds of politicians and Capitol Hill staff members.

Acer is a well-known tech company that's based in Taiwan and with facilities and offices around the world. The company's main headquarters are in San Jose, California, in the United States. The company is known for engineering, technical manufacturing, and creating many products in the electronics industry today. The organization recently suffered a significant data attack that may have exposed company secrets, product keys, and many software images that could hurt the organization.

In our new threat briefing report, Forescout’s Vedere Labs provides details on the recent ransomware campaign targeting VMware ESXi virtualization servers, or hypervisors, and analyzes two payloads used in these attacks: variants of the Royal and Clop ransomware. We also present the tactics, techniques and procedures (TTPs) used by attackers in this campaign, discuss mitigation recommendations and list indicators of compromise (IOCs) that can be used for detection or threat hunting.