With +2M customers around the world, Proofpoint has unmatched visibility into the cyberthreat landscape. We monitor and track threat actors and their tactics, techniques and procedures, and surface these insights to customers and the community for awareness.

Here’s an example ⤵️ On 19 March, @Proofpoint identified a campaign purporting to be Fog ransomware using emails pretending to be job applicants. The emails were related to jobs in IT and AI/LLM, with the ransom note claiming to be Fog.

Congratulations to @threatinsight researcher @aRtAGGI for presenting his research today at @CYBERWARCON, which links #Leviathan #TA423 #RedLadon campaigns against offshore energy companies in the #SouthChinaSea to kinetic maritime operations conducted by the Chinese Coast Guard! Researchers at @proofpoint identified RTF template injection campaigns from June 2021 - March 2022 targeting hydrocarbon exploration & offshore energy sectors just before Chinese Coast Guard intervention at key sites indicating a tie between cyber espionage & manned maritime ops.

Proofpoint Threat Research has observed intermittent injections on a media company that serves many major news outlets. This media company serves content via #Javascript to its partners. By modifying the codebase of this otherwise benign JS, it is now used to deploy #SocGholish. We track this actor as #TA569. TA569 historically removed and reinstated these malicious JS injects on a rotating basis. Therefore the presence of the payload and malicious content can vary from hour to hour and shouldn't be considered a false positive.

Proofpoint blocked a suspected state aligned phishing campaign targeting less than 10 Proofpoint customers (European gov & local US gov) attempting to exploit #Follina / #CVE_2022_30190. This campaign masqueraded as a salary increase and utilized an RTF (242d2fa02535599dae793e731b6db5a2) with the exploit payload downloaded from 45.76.53[.]253.