Spear-Phishing Campaign Targets Automobile and E-commerce Industries

Cyber Security News by CyberSum.net

Published on October 20, 2025 at 06:00 AM

2 sources

Researchers at SEQRITE Labs have uncovered a targeted spear-phishing campaign aimed at organizations in the automobile and e-commerce industries. The operation, active since early October 2025, deploys a previously undocumented .NET-based backdoor dubbed CAPI, designed for credential theft, system reconnaissance, and persistent access. The attack chain uses tax-related decoy documents to lure employees and executes the payload through rundll32.exe, a legitimate Windows binary, to evade detection. The infection begins with a malicious ZIP archive named Payroll Recalculation as of October 1, 2025. Inside the ZIP, analysts found both LNK and PDF files, a common spear-phishing tactic to disguise executable payloads as legitimate business documents.

Also Read

Mysterious Elephant APT Group Targets Government Agencies

The Mysterious Elephant APT group has launched a sophisticated campaign targeting government and foreign policy agencies. The group uses custom-built malware and modified open-source utilities to siphon off sensitive data, including documents and images, from WhatsApp communications. The campaign, active since early 2025, employs spear phishing as the primary entry vector, with highly personalized emails invoking regional diplomatic themes. Once inside, the group deploys an arsenal of tools, including BabShell and MemLoader variants, to establish persistence and exfiltrate data. The group's infrastructure leverages wildcard DNS records and multiple VPS providers, complicating defensive tracking and attribution efforts.

By Cyber Security News by CyberSum.netOctober 16, 2025 at 03:00 PM