Kaspersky Uncovers Horabot Campaign Targeting Mexico

Kaspersky's Security Operations Center has uncovered a complex Horabot campaign targeting Mexico, and is now sharing crucial insights on how it works and how to detect it. This critical threat intelligence will help defenders in Mexico and beyond prioritize their resources and stay one step ahead of the threat.

https://osintsights.com/kaspersky-uncovers-horabot-campaign-targeting-mexico

#Horabot #Mexico #Kaspersky #SecurityOperationsCenter #EmergingThreats

🚨 New Phishing Threat Alert: Horabot is Back — and Smarter Than Ever 🦠

FortiGuard Labs just uncovered a stealthy new variant of Horabot, a phishing campaign that's targeting businesses across the Americas with banking trojans, remote access tools, and email hijacking tactics.

💡 Key Takeaways:

• Uses fake IRS emails to bait victims
• Delivers a multi-functional payload for stealing credentials & spreading laterally
• Targets Spanish-speaking professionals in finance, energy, and other critical sectors
• If you're in cybersecurity, this is a must-read. If you're in leadership, it's time to double-check your phishing defenses.

🔗 https://www.fortinet.com/blog/threat-research/horabot-unleashed-a-stealthy-phishing-threat

#CyberSecurity #Phishing #ThreatIntel #Horabot #Fortinet #CyberThreats

Daily Threat Intelligence - June 02 - 2023 - https://www.redpacketsecurity.com/daily-threat-intelligence-june-02-2023/

#CyberSecurity #OSINT #ThreatIntel #qbot_malware #prosperix #zero_day_bug #middlesex_county_public_schools #moveit_transfer #horabot #postalfurious #harvard_pilgrim_health_care #compiled_python_code

A new #Horabot campaign was observed targeting the Americas by Cisco Talos Intelligence Group and is the highlight of the #readoftheday! An unknown threat actor is targeting Spanish-speaking users and delivers a banking #trojan and spam tool to their victims. Enjoy and Happy Hunting!

Link is in the comments!

***I am going to leave one of the MITRE ATT&CK blank. I would like to see if any of you that see this can help FILL in that blank! If so send me a DM!***

Notable TTPs:
TA0001 - Initial Access
T1566.001 - Phishing: Spearphishing Attachment

TA0002 - Execution
T1204.001 - User Execution: Malicious Link
T1059.003 - Command and Scripting Interpreter: Windows Command Shell
T1059.001 - Command and Scripting Interpreter: PowerShell

TA0003 - Persistence
T1574.002 - Hijack Execution Flow: DLL Side Loading
T[Let me know what other technique or sub-technique was observed in this article!]

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting