k3ym𖺀May 12, 2025

🚨 New Phishing Threat Alert: Horabot is Back — and Smarter Than Ever 🦠

FortiGuard Labs just uncovered a stealthy new variant of Horabot, a phishing campaign that's targeting businesses across the Americas with banking trojans, remote access tools, and email hijacking tactics.

💡 Key Takeaways:

  • Uses fake IRS emails to bait victims
  • Delivers a multi-functional payload for stealing credentials & spreading laterally
  • Targets Spanish-speaking professionals in finance, energy, and other critical sectors
  • If you're in cybersecurity, this is a must-read. If you're in leadership, it's time to double-check your phishing defenses.

🔗 https://www.fortinet.com/blog/threat-research/horabot-unleashed-a-stealthy-phishing-threat

#CyberSecurity #Phishing #ThreatIntel #Horabot #Fortinet #CyberThreats

Horabot Unleashed: A Stealthy Phishing Threat | FortiGuard Labs

FortiGuard Labs observed a phishing campaign "Horabot" resurfacing with a sophisticated multi-stage attack, blending phishing, credential theft, and propagation. Learn more.…

Fortinet Blog
The Threat CodexSep 10, 2024
Insights on Cyber Threats Targeting Users and Enterprises in Mexico
#FROZENLAKE #Horabot #JanelaRAT #BBtok #UNC4984 #UNC5176 #UNC4812 #UNC4968 #UNC5227 #UNC2165 #UNC2666 #UNC3840
https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-targeting-mexico/
Insights on Cyber Threats Targeting Users and Enterprises in Mexico | Google Cloud Blog

Mexico faces a cyber threat landscape made up of a complex interplay of global and local threats.

Google Cloud Blog
RedPacket SecurityJun 2, 2023

Daily Threat Intelligence - June 02 - 2023 - https://www.redpacketsecurity.com/daily-threat-intelligence-june-02-2023/

#CyberSecurity #OSINT #ThreatIntel #qbot_malware #prosperix #zero_day_bug #middlesex_county_public_schools #moveit_transfer #horabot #postalfurious #harvard_pilgrim_health_care #compiled_python_code

Daily Threat Intelligence - June 02 - 2023 - RedPacket Security

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make

RedPacket Security
Just Another Blue TeamerJun 1, 2023

A new #Horabot campaign was observed targeting the Americas by Cisco Talos Intelligence Group and is the highlight of the #readoftheday! An unknown threat actor is targeting Spanish-speaking users and delivers a banking #trojan and spam tool to their victims. Enjoy and Happy Hunting!

Link is in the comments!

***I am going to leave one of the MITRE ATT&CK blank. I would like to see if any of you that see this can help FILL in that blank! If so send me a DM!***

Notable TTPs:
TA0001 - Initial Access
T1566.001 - Phishing: Spearphishing Attachment

TA0002 - Execution
T1204.001 - User Execution: Malicious Link
T1059.003 - Command and Scripting Interpreter: Windows Command Shell
T1059.001 - Command and Scripting Interpreter: PowerShell

TA0003 - Persistence
T1574.002 - Hijack Execution Flow: DLL Side Loading
T[Let me know what other technique or sub-technique was observed in this article!]

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting

Cisco TalosJun 1, 2023
The newly discovered #Horabot #botnet can completely take over a target's #Outlook mailbox, using their contact list to send more #spam and potentially steal sensitive information and login credentials https://blog.talosintelligence.com/new-horabot-targets-americas/
New Horabot campaign targets the Americas

Cisco Talos has observed a threat actor deploying a previously unidentified botnet program Talos is calling “Horabot,” which delivers a known banking trojan and spam tool onto victim machines in a campaign that has been ongoing since at least November 2020.

Cisco Talos Blog