Monitor SG2d ago

Detected #KongTuke infection chain

Compromised site
-->
keneedy[.]lol/file.js (ClickFucker)
-->
keneedy[.]lol/api/v1/session (token)
-->
keneedy[.]lol/api/v1/verify (gateway)
-->
keneedy[.]lol/api/v1/status (clipboard)

Monitor SG2d ago

Detected #KongTuke infection chain

Compromised site
-->
reynoldy[.]lol/file.js (ClickFucker)
-->
reynoldy[.]lol/api/v1/session (token)
-->
reynoldy[.]lol/api/v1/verify (gateway)
-->
reynoldy[.]lol/api/v1/status (clipboard)

Monitor SG2d ago

Detected #KongTuke infection chain

Compromised site
-->
abernaehy[.]lol/file.js (ClickFucker)
-->
abernaehy[.]lol/api/v1/session (token)
-->
abernaehy[.]lol/api/v1/verify (gateway)
-->
abernaehy[.]lol/api/v1/status (clipboard)

Monitor SG3d ago

Detected #KongTuke infection chain

Compromised site
-->
correia[.]lol/file.js (ClickFucker)
-->
correia[.]lol/api/v1/session (token)
-->
correia[.]lol/api/v1/verify (gateway)
-->
correia[.]lol/api/v1/status (clipboard)
-->
k020e5b3g0h[.]com/d (tar)

66a344904e9e2f3042cb2e186c7a6809724eb961308abb4f396c420f1c784b91 d

The New Oil6d ago

#KongTuke hackers now use #Microsoft #Teams for corporate breaches

https://www.bleepingcomputer.com/news/security/kongtuke-hackers-now-use-microsoft-teams-for-corporate-breaches/

#cybersecurity #SocialEngineering #DataBreach

KongTuke hackers now use Microsoft Teams for corporate breaches

Initial access broker KongTuke has moved to Microsoft Teams for social engineering attacks, taking as little as five minutes to gain persistent access to corporate networks.

BleepingComputer
Monitor SGMay 14

Detected #KongTuke infection chain

Compromised site
-->
correia[.]lol/file.js (ClickFucker)
-->
correia[.]lol/api/v1/session (token)
-->
correia[.]lol/api/v1/verify (gateway)
-->
correia[.]lol/api/v1/status (clipboard)
-->
qiig7t2nzog[.]com/d (tar)

833a0e0ed8bc34a1af0fbb43c56f7bea2c73dde2295f4df2e2c27011d70f52fa d

Monitor SGMay 14

Detected #KongTuke infection chain

Compromised site
-->
correia[.]lol/file.js (ClickFucker)
-->
correia[.]lol/api/v1/session (token)
-->
correia[.]lol/api/v1/verify (gateway)
-->
correia[.]lol/api/v1/status (clipboard)

Analyst207May 14

KongTuke Hackers Exploit Microsoft Teams for Rapid Corporate Breaches

KongTuke hackers have found a lightning-fast way to breach corporations, exploiting Microsoft Teams to go from initial contact to persistent foothold in under five minutes. This alarming new tactic is part of KongTuke's evolving social engineering toolkit, complementing its previous web-based attacks.

https://osintsights.com/kongtuke-hackers-exploit-microsoft-teams-for-rapid-corporate-breaches?utm_source=mastodon&utm_medium=social

#MicrosoftTeams #Kongtuke #SocialEngineering #InitialAccessBroker #EmergingThreats

KongTuke Hackers Exploit Microsoft Teams for Rapid Corporate Breaches

Learn how KongTuke hackers exploit Microsoft Teams for rapid corporate breaches and protect your organization now with expert security tips and best practices.

OSINTSights
Monitor SGMay 13

Detected #KongTuke infection chain

Compromised site
-->
bradtte[.]lol/file.js (ClickFucker)
-->
bradtte[.]lol/api/v1/session (token)
-->
bradtte[.]lol/api/v1/verify (gateway)
-->
bradtte[.]lol/api/v1/status (clipboard)

Monitor SGMay 13

Detected #KongTuke infection chain

Compromised site
-->
bradtte[.]lol/file.js (ClickFucker)
-->
bradtte[.]lol/api/v1/session (token)
-->
bradtte[.]lol/api/v1/verify (gateway)
-->
bradtte[.]lol/api/v1/status (clipboard)
-->
1eh2e3taw3g[.]com/d (tar)

3aaae158a84409dbc3202b174005ed9acf39ca7f3785dbff07c56be928ff011f d