gcat_threathorizons_full_nov2021.pdf (3 MB)

Most recently, our team has responded to cryptocurrency mining abuse, phishing campaigns, and ransomware. APT28/Fancy Bear launched Gmail phishing campaign Based on research from TAG, the Russian government-backed attackers APT28 / Fancy Bear, which more recently has typically targeted Yahoo! Table 3: SPF breakdown One significant difference between legitimate emails from the compromised mail servers and phishing messages was the domain part of MessageId which is different and unique for every email address Highly targeted regions for this particular campaign include the United States, United Kingdom, and India. Spear-phishing and phishing campaigns are not new to the threat landscape; TAG observed recent attacks that targeted Gmail accounts and impersonated employment recruiters with the goal of stealing user credentials.