Threat Hub

The Proofpoint threat research team has access to one of the largest, most diverse data sets in all of cybersecurity. We’re bringing you the highlights every week, right here at the Threat Hub.

| Weekly Brief

Monitoring recent Chinese cyber crime activity. And Bumblebee malware buzzes back into the threat landscape.

This week on The Threat Hub: Since early 2023, our researchers have seen an increase in the amount of malicious email targeting Chinese language speakers. These messages have attempted to deliver a range of malware, including a new variety dubbed ValleyRat. Campaigns have also featured Sainbox, a variant of Gh0stRAT. In total, more than 30 campaigns have distributed these malware variants in 2023, nearly all using Chinese language lures. Targeting has largely been of global businesses that have operations in China. Email lures have used perennial themes such as payments, invoices and new product information.

The increase in Chinese malware suggests increased activity by Chinese-speaking cyber criminals. And while there have been some similarities in delivery methods and tactics, we’ve seen enough variety to suggest multiple threat actors at work rather than a single operator. The blog post contains detailed analysis of individual campaigns and malware strains, including sample lures.

And on this week’s Five-Minute Forecast, CISA offers security reviews to critical infrastructure providers, Iranian attackers target defense contractors, and senior threat intelligence analyst Selena Larson shares an update on Knight ransomware.

Threat of the Week: Bumblebee

Late August saw the return of Bumblebee malware in volume in our campaign data for the first time since April. The malware’s return coincides with law enforcement disruption to Qbot, with Bumblebee a potential candidate to stand in for Qbot among initial access brokers.

Insights Chart of the Week
Board member concerns 2023
A Board Consensus

In our 2023 Cybersecurity: The Board Perspective report, board members show broad agreement on the most serious consequences of a breach, with business disruption, data leaks and reputational damage rated as being of equal concern.

Equip your team with threat intelligence

Threat Insight
APT Attacker Sends Mac Malware

Iran-aligned threat actor TA453 has expanded its repertoire, distributing malware targeting Apple devices.

Blog Post
Conversational Threats Surge on Mobile

Pig butchering and similar conversational attacks were the fastest growing mobile threats of 2022.

Threat Insight
Exploring the Post-Macro Landscape

Our researchers unpack all the changes from a year of rapid evolution in malware delivery techniques.

Go Deeper with our Premium Threat Info Service

Connect with threat analysts, understand threats with intelligence specific to your situation, and gain 24/7 visibility into the latest threat discoveries.

Learn More
Threat Report
2023 Human Factor

Cyber attackers target people. They exploit people. Ultimately, they are people. That's why people—not technology—are the most critical variable in today’s cyber threats. This year, the 2023 Human Factor report takes an even closer look at new developments in the threat landscape, focusing on the combination of technology and psychology that makes the modern attack chain so dangerous.

Threat Report
2023 State of the Phish

This year’s report dives deep into today’s threats—and how prepared users are to face them. Get a wealth of data, insight and advice based on knowledge assessments, self-reported cybersecurity habits and actual responses to simulated phishing emails.

About The Threat Research Team

Our threat researchers are responsible for tracking shifts in the cybersecurity landscape, identifying new attacks as they emerge, and monitoring how threat actor tactics, techniques and procedures change over time. The threats they detect and the signatures they write feed into our platforms and are keystones in a system that analyzes more than 2.6 billion emails, 49 billion URLs and 1.9 billion attachments every single day.

By studying what cyber criminals are doing now, our threat researchers are better able to anticipate what they’ll do next. Every day, their work keeps our customers protected—not just from today’s attacks, but tomorrow’s threats as they evolve.

Threat Hub Chart of the Week
Follow us @threatinsight:

Subscribe to the Proofpoint Blog