Global Windows phishing campaign delivering RATs
Campaign
Summary
Hide ▲
Show ▼
A rapidly growing phishing campaign is stealing credentials and delivering RATs to Windows users worldwide, creating long-term network access risk. It is hitting organizations across manufacturing, technology, healthcare, construction, and retail/hospitality. Detection counts have more than doubled in two weeks, showing fast expansion.
Related Happenings
Contagious Interview ClickFix BeaverTail campaign targeting crypto and retail roles
Campaign
First: 21.09.2025 13:56
Last: 21.09.2025 13:56
Sources 1
About this happening:
**North Korean operatives** expanded **Contagious Interview** with **ClickFix** lures and a **fake hiring platform** to deliver **BeaverTail** and **InvisibleFerret**, shifting th...
Contagious Interview ClickFix BeaverTail campaign targeting crypto and retail roles
CampaignAbout this happening: **North Korean operatives** expanded **Contagious Interview** with **ClickFix** lures and a **fake hiring platform** to deliver **BeaverTail** and **InvisibleFerret**, shifting th...
Noisy Bear Kazakhstan oil and gas phishing campaign
Campaign
First: 11.09.2025 15:00
Last: 11.09.2025 15:00
Sources 1
About this happening:
The **Noisy Bear** operation is conducting **phishing-based intrusion activity** against **Kazakhstan's oil and gas sector**, creating espionage risk for **KazMunayGas** and relat...
Noisy Bear Kazakhstan oil and gas phishing campaign
CampaignAbout this happening: The **Noisy Bear** operation is conducting **phishing-based intrusion activity** against **Kazakhstan's oil and gas sector**, creating espionage risk for **KazMunayGas** and relat...
Timeline
-
25.08.2025 18:13 1 articles · 9mo ago
Fortinet detects global Windows phishing campaign delivering RATs
Initial DisclosureFortinet Labs detected a rapidly growing phishing campaign targeting Windows users across a truly global scale, with manufacturing, technology, healthcare, construction, and retail/hospitality among the most affected sectors. The operation uses urgent lures such as missed voicemail notices and purchase orders to drive victims to personalized spoofed pages, where malicious JavaScript droppers install UpCrypter and ultimately deliver PureHVNC, DCRat, and Babylon RAT for credential theft and long-term network access.
Show sources
- Fast-Spreading, Complex Phishing Campaign Installs RATs — www.darkreading.com — 25.08.2025 18:13