""Both waves followed a nearly identical structure: phishing emails were styled as official notices regarding tax audits or prompted users to download an archive containing a 'list of tax violations.'""
""The campaign is estimated to have impacted organizations across the industrial, consulting, retail, and transportation sectors. More than 1,600 phishing emails were flagged between early January and early February.""
""The starting point of the attack chain is a phishing email containing a PDF file, which features two clickable links that lead to the download of a ZIP or RAR archive hosted on 'abc.haijing88[.]com.'""
A China-based cybercrime group has launched a campaign targeting organizations in Russia and India using a new malware named ABCDoor. The campaign involved phishing emails that appeared to be from the Income Tax Department of India, followed by similar attacks on Russian entities. Over 1,600 phishing emails were flagged, impacting various sectors. The campaign utilized a modified Rust-based loader to download the ValleyRAT backdoor, with the ABCDoor backdoor being part of the threat actor's arsenal since late 2024. The attack chain begins with a phishing email containing a malicious PDF file.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]