// #data-theft
5 articles
UNC3753: Vishing Calls Combined With Physical Office Intrusions in U.S. Data Theft Extortion Campaign
Threat group UNC3753 has been documented combining voice phishing (vishing) with physical office intrusions to conduct data theft and extortion against U.S. organisations. The group uses vishing to gather employee credentials and facility access information, then deploys operatives physically to compromise targets. The hybrid TTPs represent a significant escalation in social engineering attack sophistication.
108 Malicious Chrome Extensions Exfiltrating Browser Data Removed from Web Store
Google has removed 108 extensions from the Chrome Web Store after researchers identified a coordinated malicious extension campaign conducting browser credential harvesting, session cookie theft, and clipboard monitoring across millions of installations. The extensions impersonated productivity tools, ad blockers, and security tools — with some active for over 18 months before detection. Enterprise Chrome deployments should audit installed extensions against the published IOC list.
26 Fake Crypto Wallet Apps Found on Apple App Store Harvesting Mnemonic Seed Phrases
Researchers have discovered 26 malicious applications that bypassed Apple's App Store review and actively harvest cryptocurrency wallet seed phrases from victims. Users who installed any suspect app should rotate all wallet credentials immediately — mnemonic phrase compromise results in permanent, irreversible asset loss.
ShinyHunters Breach Anodot SaaS Integrator, Steal Snowflake Customer Data via Harvested Tokens
The ShinyHunters threat group breached Anodot, an AI analytics platform used to integrate with Snowflake cloud data warehouses, and stole authentication tokens that enabled downstream data theft from over a dozen Snowflake customer environments. The attack is a textbook fourth-party risk incident: the direct target was not the victim organisations' systems but a trusted third-party integration layer.
Qilin Claims ASB Saarland Attack — 72 GB Stolen From German Humanitarian Organisation
Qilin ransomware claimed responsibility for a cyberattack against ASB Saarland, a German humanitarian and social services organisation, alleging theft of 72 GB of data including employee records, applicant data, health-related information, and client data. The attack continues Qilin's record-breaking March 2026 activity, during which the group claimed 131 victims — their highest monthly total — driven by wide deployment of BYOVD techniques to defeat endpoint detection.