TL; DR: Persistent phishing campaign and Flubot beyond Slovakia’s borders (week 19 and 20)

Security researchers have published information about a phishing campaign targeting German car companies, the malicious Flubot malware is spreading in the Czech Republic, and cybercriminals have exploited the theft of a well-known car company’s subdomain.

A long-term phishing campaign

Security researchers at CheckPoint have released information about a persistent phishing campaign that began in July 2021 and is still ongoing. The attacks take the form of phishing emails spreading various types of malware that can be purchased on the dark web (e.g. Raccoon Stealer, AZORult and BitRAT). This campaign targets in particular the German automotive industry.

Devastating ransomware attacks in Costa Rica

Costa Rica declared a cyber emergency following a ransomware attack from the Conti family. The attack knocked out the digital services of the National Treasury and limited the operations of the National Meteorological Institute, several ministries and other organizations. The Conti gang released information that government employees were working with them, and the amount they demanded for decryption keys doubled to $20 million. The Costa Rican government is offering a reward of $5 million for information leading to the discovery of employees working with the Conti and $10 million for information leading to the location or identification of any member of the Conti.

Spread of the Flubot malware beyond the borders of the Slovak Republic

In the Czech Republic, telecommunications companies have recorded hundreds of thousands of SMS and MMS messages spreading the Flubot malware. The propagated messages call for clicking on a malicious link and then installing a malicious application, which then sends the same prompts to the victim’s phone contacts and sends information from the victim’s device to the attackers. Flubot smishing can take various forms – online delivery tracking, a request to pay a fee, listening to a voicemail message, and more. NCSC SK-CERT has also warned against its spread.

A cardiologist’s unusual hobby

The US Department of Justice has charged a 55-year-old cardiologist from Venezuela with developing two ransomwares, Thanos and Jigsaw v.2. In addition to his work, the cybercriminal successfully coordinated a team of 5-20 members and taught hackers how to use the ransomware. He faces up to 10 years in prison for his crimes.

Ransomware attack with serious consequences

Lincoln College of Liberal Arts in the US state of Illinois will close after 157 years of operation. It cites a lack of funding following the COVID-19 pandemic and the December 2021 ransomware attack as the reason.

Sale of fake NFT tokens

An unknown cybercriminal group gained access to Ferrari’s official subdomain. They then used the access to host an NFT scam in which they started to promote and sell NFT tokens. As part of the phishing scheme, the attackers claimed in phishing messages that this was Ferrari’s official 4458 horsepower NFT series on the Ethereum network.


  • The European Union has condemned the Russian Federation cyberattack that hit the KA-SAT satellite network operated by Viasat,
  • Security researchers have uncovered a new phishing tool sold on the dark web site The tool allows cybercriminals to view stolen data completely anonymously in an encrypted format,
  • The publicly available ElasticSearch database belonging to an unknown company contained over 359 million records collected by SnowPlow Analytics. The records relate to 15 million users and include, among other things, IP addresses, geolocation data and websites visited,
  • the US government warns of activity by North Korean hackers posing as “freelancers”. They carry out cyberattacks after gaining employment in Western companies and obtaining privileges,
  • The U.S. Department of Justice convicted a Ukrainian cybercriminal responsible for brute-force attacks on login credentials. He was sentenced to 4 years in prison for the attacks and subsequent sale of the stolen data.

« Späť na zoznam