U.S.–China Business Council
March 7, 2025
•[ espionage, phishing, government ]
China-linked APT41/TA415 impersonated Rep. Moolenaar and USCBC in July 2025 spear-phishing to deliver malware and create remote tunnels to spy on U.S. trade-policy stakeholders; investigations ongoing; success not verified.
FlexCare Medical Staffing
March 6, 2025
•[ phishing, data leak ]
FlexCare sent breach letters after employee email compromises with sensitive data
Undisclosed Taiwan government agencies
March 1, 2025
•[ phishing, malware, espionage ]
Trend Micro and THN describe a March 2025 spear-phishing campaign by China-aligned MirrorFace targeting public institutions in Japan and Taiwan using OneDrive-delivered ZIPs that dropped ROAMINGMOUSE and an upgraded ANEL backdoor; reporting outlines techniques and targeting, not specific victim impact details for a single named org.
Balkan Investigative Reporting Network Journalists
February 26, 2025
•[ spyware, phishing, targeted attack ]
Amnesty reported two Serbian journalists targeted with Pegasus spyware via one-click links.
NioCorp Developments Ltd.
February 14, 2025
•[ phishing, Business Email Compromise ]
Business email compromise exploiting NioCorps email system to redirect vendor payments; no encryption detected.
Multiple South Korean government and business entities
February 12, 2025
•[ phishing, espionage ]
Spear-phishing campaign leveraging LNK and PowerShell scripts deployed by North Koreas RGB 3rd Technical Surveillance Bureau (Kimsuky) targeting South Korean government, defense, and cryptocurrency sectors.
Users of Indian banking mobile apps
February 11, 2025
•[ malware, phishing, data leak ]
Android malware campaign disguised as Indian bank apps, distributed via phishing links and fake APKs to install FinStealer; exfiltration of banking credentials and personal information confirmed by CYFIRMA and other researchers.
Illinois Department of Healthcare and Family Services
February 11, 2025
•[ phishing, data leak ]
Illinois Department of Healthcare and Family Services reported that an employees email account was compromised by a phishing attack discovered on February 11 2025.
Users of fake DeepSeek sites
February 6, 2025
•[ phishing, data leak ]
Phishing campaign using dozens of fake DeepSeek-branded websites to steal user credentials and cryptocurrency through fraudulent login and wallet interfaces.
PrivatBank
February 6, 2025
•[ phishing, malware, data leak ]
A criminal group identified as UAC-0006 used phishing emails with password-protected attachments to deliver SmokeLoader malware targeting PrivatBank customers. The campaign aimed to steal credentials and financial data, active since November 2024.
University end-users via cloned site
February 5, 2025
•[ malvertising, phishing, malware ]
Malvertising campaign cloning a German university website to distribute a fake Cisco AnyConnect installer which installed NetSupport RAT on victim machines.
Chemical, Food, and Pharmaceutical Enterprises in Russia
February 5, 2025
•[ infostealer, phishing, data leak ]
Nova Infostealer campaign led by Rezet, also known as Rare Wolf, targeted Russian chemical, food, and pharmaceutical firms, harvesting credentials and internal documents through phishing and malicious installers.
Russian Organizations Across Various Industries
February 5, 2025
•[ malware, phishing, data leak ]
Nova Infostealer malware campaign targeting Russian organizations across multiple industries collected credentials and files via phishing and malicious installers.
Russian Industrial Facilities
February 5, 2025
•[ infostealer, phishing, malware ]
Nova Infostealer was deployed by the threat group NGC4020 in Russian industrial facilities, stealing host credentials and files from infected endpoints through phishing and malicious installer packages.
Gregory & Appel Insurance
February 5, 2025
•[ phishing ]
Insurance firm reported unauthorized access linked to suspicious email purporting to be the Cfo.
163.com Users
February 4, 2025
•[ phishing, espionage ]
The Taiwanese-linked espionage group GreenSpot APT (aka PoisonVine / APT-Q-20) created spoofed 163.com domains and fake download pages to harvest email credentials from users in mainland China, Hong Kong, and Taiwan. Hunt.io attributed the campaigns infrastructure to Taiwan but no government department link has been identified.
Individual
January 27, 2025
•[ social, phishing, finance ]
Police began investigating when a 90-year-old man told authorities he gave $49,900 to a courier purportedly acting on behalf of PayPal. Victim was deceived via fake PayPal email & link leading to remote access of computer/password theft
Individual in Austria
January 26, 2025
•[ financial, phishing, finance ]
Eine Sdoststeirerin hat sich im Jnner an die Polizei gewandt, nachdem sie vermutet hatte, Opfer eines Phishing-Betrugs geworden zu sein. Sie fiel einem Link in einer SMS zum Opfer, eine Betrgerbande behob daraufhin Geld von ihrem Konto. Die Polizei verffentlichte nun Fotos der mutmalichen Betrger aus Wien.
~100 UTEP Students
January 22, 2025
•[ social, phishing, education ]
The University of Texas at El Paso (UTEP) is urging students to remain vigilant following a phishing attack that compromised several accounts.
Individual in Buchloe, Germany
January 13, 2025
•[ phishing ]
Im Bereich der Polizeiinspektion Buchloe kam es am vergangenen Montag zu zwei Fllen von sogenanntem Phishing, einer Betrugsmasche im Internet.
