Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

FAUX#ELEVATE phishing campaign targeting French-speaking corporate environments

Campaign
First reported
Last updated
Happening score
H score 34
1 unique sources, 1 articles

Summary

Hide ▲

The FAUX#ELEVATE phishing campaign is actively targeting French-speaking corporate environments with fake resume/CV lures that deliver malware for credential theft, data exfiltration, and Monero mining. The operation matters because it combines social engineering with multi-stage payload delivery and rapid post-execution abuse of compromised hosts.

Related Happenings

ModeloRAT malicious PowerShell and Dropbox delivery activity

Malware Activity
First: 14.05.2026 15:12 Last: 14.05.2026 15:12 Sources 1

About this happening: The **ModeloRAT** activity now uses a **malicious PowerShell command** and a **Dropbox ZIP payload** to gain persistent footholds, enabling **system reconnaissance**, **screenshot...

Open Happening

Vidar Stealer ClickFix campaign targeting multiple sectors

Campaign
First: 08.05.2026 14:00 Last: 08.05.2026 14:00 Sources 1

About this happening: The **Vidar Stealer** campaign is using **ClickFix** social engineering and compromised **WordPress** sites to deliver password-stealing malware, widening risk for **infrastructur...

Open Happening

TCLBanker self-spreading banking trojan

Malware Activity
First: 08.05.2026 01:06 Last: 08.05.2026 01:06 Sources 1

About this happening: The **TCLBanker** trojan now combines **trojanized installer** delivery with **self-spreading worm modules**, widening access to **59 banking, fintech, and cryptocurrency platform...

Open Happening

Vercel v0.dev phishing campaign using GenAI-built lure pages

Campaign
First: 07.05.2026 11:30 Last: 07.05.2026 11:30 Sources 1

About this happening: A campaign using **Vercel v0.dev** to build **highly convincing phishing pages** has lowered the skill and cost needed to run fraudulent sign-in and job-lure attacks. The activity...

Open Happening

UNC6692 email bombing and Microsoft Teams impersonation campaign

Campaign
First: 25.04.2026 18:07 Last: 25.04.2026 18:07 Sources 1

About this happening: UNC6692 is running a **social-engineering campaign** that uses **email bombing** and **Microsoft Teams impersonation** to push targets toward remote access and initial compromise....

Open Happening

Timeline

  1. 24.03.2026 18:35 2 articles · 2mo ago

    FAUX#ELEVATE phishing campaign targets French-speaking corporate environments

    Initial Disclosure

    FAUX#ELEVATE is an ongoing phishing campaign against French-speaking corporate environments that uses fake resume/CV documents and highly obfuscated VBScript files to deliver a multi-stage payload chain. The operation stages content through Dropbox, retrieves command-and-control configuration from compromised Moroccan WordPress sites, and exfiltrates stolen browser credentials and desktop files through mail[.]ru SMTP infrastructure. The malware chain combines credential theft, data exfiltration, and Monero mining, and it selectively targets domain-joined enterprise machines while avoiding standalone home systems.

    Show sources
    Open in new tab