Cybersecurity researchers have uncovered a Vietnamese-speaking hacking group running a highly evasive, multi-stage campaign to steal sensitive information from over 4,000 victims across 62 countries. The most affected regions include South Korea, the U.S., the Netherlands, Hungary, and Austria.
Active since late 2024, the group has recently refined its techniques to bypass antivirus tools and mislead SOC analysts. According to SentinelLabs and Beazley Security, the attackers use PaxStealer, an infostealer first flagged by Cisco Talos in November 2024 for targeting government and education sectors in Europe and Asia.
The latest campaign is financially motivated. Stolen data includes 200,000+ passwords, hundreds of credit card records, and 4 million+ browser cookies, enabling account takeovers and financial fraud. The data is monetized via a Telegram-based subscription service, sold to other criminals for cryptocurrency theft or network access.
Attribution points to a Vietnam-based actor previously noted by Cisco Talos, though links to the Coral Raider group remain unconfirmed. The targeting is broad and opportunistic, affecting both corporate and home users.
The operation highlights the growing threat of regionally based cybercrime-as-a-service ecosystems and the need for enhanced defenses against stealthy, multi-stage malware campaigns.
Source link — https://cyberscoop.com/highly-evasive-vietnamese-speaking-hackers-stealing-data-from-thousands-of-victims-in-62-nations/
#CyberCrime #PaxStealer #InfoStealer #VietnamCyberThreat #CyberAttack #ThreatActors #CredentialTheft #BrowserCookies #CreditCardFraud #CyberCrimeAsAService #TelegramFraud #DataBreach #FinancialCybercrime #CyberThreatIntel #MultiStageMalware #SOCBypass #AntivirusEvasion #GlobalCyberThreat #SentinelLabs #BeazleySecurity
