As the most downloaded app in the world right now, the number of TEMU impersonation emails has increased by 112% since October 1st, 2023. As discounts and spending-based reward coupons form a substantial part of TEMU’s awareness campaigns, the company is reportedly spending $2bn annually on marketing. As the brand continues to grow in popularity, cybercriminals are increasingly leveraging it to lend authenticity to their spoofing attempts.

Threat actors often employ stealthy attack techniques to elude detection and stay under the defender’s radar. One way they do so is by using uncommon programming languages to develop malware. Using an uncommon programming language to develop malware provides several benefits, including: Netskope recently analyzed a malicious backdoor written in Nim, which is a relatively new programming language.

This new attack is pretty simple to spot on the front, but should it be successful in launching its’ malicious code, it’s going to take its’ victims for everything of value they have on their computer. The new Mr. Anon infostealer captures much more than just browser caches and passwords. It also uses basic social engineering tactics that prove to be effective enough to make attacks successful.

SecurityScorecard is analyzing a phishing campaign that deployed the Menorah malware, which is taking aim at users in the Middle East. This sophisticated campaign is being mounted by the threat actor group tracked as APT34, which is linked to Iran. This group is known for its focus on collecting sensitive intelligence and taking on high-profile targets across the Middle East including critical infrastructure and telecommunications entities.

The TargetCompany ransomware group, first identified in June 2021, garnered its name due to its distinctive practice of appending the names of the targeted organizations to encrypted files. Over time, the group has exhibited a dynamic evolution, frequently changing encryption algorithms, decryptor characteristics, and file name extensions.

On December 18th, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) issued an urgent advisory to highlight the ongoing malicious activities being conducted by the Play ransomware group.

Netskope Threat Labs publishes a monthly summary blog post of the top threats we are tracking on the Netskope platform. The purpose of this post is to provide strategic, actionable intelligence on active threats against enterprise users worldwide.

On December 19, 2023, the FBI successfully dismantled one of the ALPHV/BlackCat ransomware sites. The customary FBI banner now adorns its main page, while the other sites associated with the cybercrime gang remain operational. This development may be linked to the recent 5-day disruption of the entire gang’s Darknet infrastructure.

As more cybercriminal gangs continue to enter the game, the massive increase in unique types of malware means it will become increasingly difficult to identify and stop attacks. Blackberry just put out their Global Threat Intelligence Report in November, covering June through August of this year. According to the report, the number of attacks identified and stopped in the three-month period covered equates to an average of 26 attacks per minute.