Private equity and venture capital firm Insight Partners has its systems breached
Insight Partners, a major venture capital and private equity firm based in New York, disclosed that its systems were breached due to a sophisticated social engineering attack. The firm, which manages over $90 billion in assets and has invested in more than 800 technology companies, responded by notifying law enforcement and engaging cybersecurity experts to assess the impact.
While no evidence suggests ongoing unauthorized access, Insight Partners has yet to confirm whether any company or partner data was compromised. The firm assured stakeholders that the incident has not disrupted its operations. Investigations are ongoing, with updates to be provided as more information becomes available.
According to Acronis Cyberthreats Report H2 2024, email-based attacks surged by almost 200%, with nearly 50% of users targeted at least once. Phishing is still being the primary attack vector, 29% of users encountered phishing attempts via malicious URLs, and 14% experienced malware attacks. Social engineering attempts have risen by 7% compared to the previous year.
macOS users targeted via fake browser update prompts by new FrigidStealer malware
A new malware campaign is targeting macOS users through fake browser update prompts, delivering the FrigidStealer malware.
Researchers attribute the activity to a previously unknown threat actor, TA2727, which has also been linked to similar malware campaigns for Windows (Lumma Stealer). TA2727 uses web injects to distribute malware via compromised websites, often masquerading as legitimate browser updates for Google Chrome or Microsoft Edge. Unlike other threat actors, TA2727 customizes payloads based on the user’s geography or device type. For instance, users visiting infected sites in the U.K. or France may be prompted to download a malicious MSI installer.
As of January 2025, the campaign has evolved to target macOS users, with the FrigidStealer malware delivered through a fake update page. This malware prompts users to bypass macOS protections and uses AppleScript to steal sensitive data from browsers, notes, and cryptocurrency apps.
Japanese firms targeted by Winnti group in RevivalStone cyber espionage campaign
Researchers highlighted a new cyber espionage campaign dubbed RevivalStone, in which the Winnti group (also known as APT41) targeted Japanese companies.
As a part of this campaign, the attackers have compromised a managed service provider (MSP). They exploited an SQL injection vulnerability in the MSP's ERP system to deploy web shells, allowing them to gain initial access. Leveraging the MSP's shared infrastructure, the attackers could then spread further with malware to multiple client organizations, including those in the manufacturing, materials, and energy sectors.
This approach allowed the threat actors to efficiently infiltrate several companies through a single point of entry, underscoring the risks associated with third-party service providers.
South African ministry attacked through Outlook email drafts by FinalDraft malware
Researchers have discovered a new malware dubbed FinalDraft. The malware is using Outlook email drafts for covert command-and-control communication in attacks against a South American ministry.
The campaign involves a custom toolset, including PathLoader, the FinalDraft backdoor, and various post-exploitation utilities. The attack begins when the threat actor compromises a system using PathLoader, a lightweight executable that executes shellcode retrieved from the attacker's infrastructure while employing API hashing and string encryption to evade detection.
Once deployed by PathLoader, FinalDraft loads its configuration, generates a session ID, and communicates through Microsoft Graph API by hiding commands in Outlook email drafts instead of sending emails, making detection more difficult. The malware allows attackers to perform actions such as data exfiltration, process injection, and lateral movement, while leaving minimal traces. Persistence is achieved by storing an OAuth token in the Windows Registry, ensuring ongoing access to compromised systems.
Phishing campaign targets travelers heading to the U.K. and Malaysia
A sophisticated phishing campaign initially targeting travelers to Singapore has expanded to also target those heading to the U.K. and Malaysia. According to researchers, attackers are deceiving individuals navigating immigration systems by imitating official online submission processes for arrival cards.
The scam, first detected in September 2023, primarily targets high-level executives and peaks during busy travel seasons when people act hastily. Victims receive phishing emails urging them to complete their arrival card process, directing them to fake immigration websites nearly identical to legitimate government portals. These fraudulent sites trick users into providing sensitive personal and financial information, which is immediately harvested and sent to attacker-controlled servers.
Researchers warn that the stolen data can be used for identity theft, fraudulent transactions or sold on the dark web, with some evidence suggesting attackers acquire preexisting personal details from past breaches.
