Congratulations to @threatinsight researcher @aRtAGGI for presenting his research today at @CYBERWARCON, which links #Leviathan #TA423 #RedLadon campaigns against offshore energy companies in the #SouthChinaSea to kinetic maritime operations conducted by the Chinese Coast Guard! Researchers at @proofpoint identified RTF template injection campaigns from June 2021 - March 2022 targeting hydrocarbon exploration & offshore energy sectors just before Chinese Coast Guard intervention at key sites indicating a tie between cyber espionage & manned maritime ops.

Proofpoint Threat Research has observed intermittent injections on a media company that serves many major news outlets. This media company serves content via #Javascript to its partners. By modifying the codebase of this otherwise benign JS, it is now used to deploy #SocGholish. We track this actor as #TA569. TA569 historically removed and reinstated these malicious JS injects on a rotating basis. Therefore the presence of the payload and malicious content can vary from hour to hour and shouldn't be considered a false positive.

Proofpoint blocked a suspected state aligned phishing campaign targeting less than 10 Proofpoint customers (European gov & local US gov) attempting to exploit #Follina / #CVE_2022_30190. This campaign masqueraded as a salary increase and utilized an RTF (242d2fa02535599dae793e731b6db5a2) with the exploit payload downloaded from 45.76.53[.]253.