By Ashwani Mishra, Editor-Technology, 63SATS
Phishing scammers are exploiting a fake Trump assassination plot with tailored emails and bogus media logos to steal corporate credentials. Meanwhile, Maxar Space Systems has reported a data breach exposing employee information, and AI firm iLearningEngines suffered a $250,000 loss in a cyberattack involving misdirected wire payments.
Swiss residents face threats from fake weather app scams deploying the Coper Trojan to steal banking details and intercept 2FA codes. Additionally, ClickFix social engineering attacks are rising, enabling hackers to spread malware like AsyncRAT and Lumma Stealer across global targets.
Stay tuned for the latest cybersecurity updates from around the globe and your local networks.
Fake Trump Assassination Plot Used in Phishing Scheme
Cybersecurity experts at ESET have uncovered a phishing campaign exploiting a fabricated story about an assassination attempt on President elect Donald Trump. The campaign targets corporate networks, aiming to steal sensitive information and infiltrate systems. Emails used in the scheme are customized with fake media outlet logos to lend credibility and contain shortened URLs that direct victims to fraudulent login pages designed to capture credentials.
The narrative falsely claims an Iranian agent plot against Trump, playing on heightened public interest in his return to office. While two genuine assassination attempts were reported before the 2024 U.S. elections, this claim is entirely fabricated and serves as bait for unsuspecting users. Experts urge caution and advise corporate users to scrutinize suspicious emails to avoid falling victim to this scam.
Maxar Space Systems Suffers Data Breach, Employee Information Compromised
Maxar Space Systems, a prominent U.S. satellite manufacturer, has revealed a data breach compromising employee personal data. The intrusion, traced to a hacker using a Hong Kong-based IP address, reportedly went undetected for about a week before being discovered on October 11, 2024. Maxar immediately took action to prevent further unauthorized access and launched an investigation.
According to the company, the breached system contained files with sensitive employee information. Maxar, a leader in aerospace technology, is taking steps to strengthen its cybersecurity measures while notifying affected individuals. The incident highlights the growing risks of targeted attacks on critical industries.
AI Firm iLearningEngines Loses $250K in Cyber Fraud
Artificial intelligence company iLearningEngines has reported a cyberattack that resulted in the theft of a $250,000 wire payment. The company disclosed the incident in a filing with the U.S. Securities and Exchange Commission, revealing that a hacker gained unauthorized access to its network, misdirected the payment, and deleted email messages.
The breach, which has been contained, prompted iLearningEngines to activate its cybersecurity response plan and enlist external cybersecurity experts for the investigation. While the financial impact is expected to be short-term, the company acknowledges potential regulatory scrutiny, customer concerns, and reputational risks stemming from the incident.
Malware Campaign Targets Swiss Residents with Fake Weather App
The Swiss National Cyber Security Centre (NCSC) has identified a malware campaign targeting residents through fraudulent postal letters. The letters, disguised as official MeteoSwiss correspondence, encourage recipients to scan a QR code to download a malicious Android app. Posing as the legitimate Alertswiss app, the fake “AlertSwiss” app instead installs the Coper Trojan, which steals sensitive data, including banking credentials, and intercepts two-factor authentication codes.
The malicious app mimics the look of the genuine Alertswiss app but is hosted on an unverified third-party website rather than the Google Play Store. Once installed, the Trojan can log keystrokes, communicate with command-and-control servers, and display phishing screens. Authorities are urging the public to remain cautious and only download apps from verified sources.
‘ClickFix’ Social Engineering Gains Traction Among Cybercriminals
Threat actors are increasingly using the ‘ClickFix’ social engineering technique to deploy malware, according to a new report from Proofpoint. The analysis highlights multiple campaigns since March 2024, with both financially motivated hackers and espionage groups adopting the tactic.
Malware strains like AsyncRAT, Danabot, and Lumma Stealer are being distributed through this method. Among the groups utilizing ClickFix is a suspected Russian espionage team targeting Ukrainian organizations. Researchers believe the widespread adoption of this tactic is due to its effectiveness in deceiving victims and bypassing security measures.
Ransomware Gang Akira Leaks Record Number of Victims’ Data
Akira, a ransomware-as-a-service group, has published data from 35 victims on its darknet leak site in a single day, setting a new record. Known for enabling hackers to extort victims through data theft and encryption, the group emerged in March 2023 and has since earned $42 million from approximately 250 attacks.
The gang’s leak site, styled like an 80s command-line interface, features a “news” section for extortion messages and a “leaks” section for publishing stolen data. Akira’s aggressive approach has drawn attention, with experts attributing its rapid rise to the involvement of experienced ransomware operators.