Rising Tide: Chasing the Currents of Espionage in the South China Sea
Proofpoint identified several waves of a phishing campaign resulting in the execution of the ScanBox reconnaissance framework, in part based on intelligence shared by PwC Threat Intelligence related to ongoing ScanBox activity.
The phishing campaign involved URLs delivered in phishing emails, which redirected victims to a malicious website posing as an Australian news media outlet.
The website’s landing page delivered a JavaScript ScanBox malware payload to selected targets.
In historic instances, ScanBox has been delivered from websites that were the victim of strategic web compromise (SWC) attacks with legitimate sites being injected with malicious JavaScript code.
In this instance, the threat actor controls the malicious site and delivers malicious code to unsuspecting users.
Featured Resources
blog
When Operational Efficiency Equals Compliance
This is Part 3 of our five-part series on Continuous Threat Exposure Management (CTEM). In today’s regulatory landscape, operational efficiency
CUSTOMERS
Non-profit Increases Financial Efficiency and Strengthens Cybersecurity Defenses
Facing increasing threats and tighter budgets, Walsall Housing Group Limited (whg), a UK housing association, turned to Cymulate to optimize
blog
Finding the Right Fit: Vulnerability Assessment vs. Penetration Testing
With more cyber threats than ever before, protecting your organization’s assets and sensitive data has never been more critical. Businesses
Subscribe to Our Blog
Subscribe now to get the latest insights, expert tips and updates on threat exposure validation.
Subscribe