Tag: tactics

Evilginx Attack Campaigns: Session Cookie Theft and MFA Bypass Tactics

Dec 5, 2025 1:32 AM

Tags: attack, authentication, cyber, cyberattack, login, mfa, phishing, tactics, theft, threat

Security researchers are issuing urgent warnings about a rising wave of cyberattacks leveraging Evilginx, an attacker-in-the-middle phishing toolkit that intercepts login flows to steal session cookies and circumvent multi-factor authentication (MFA) protections. The threat is particularly acute within educational institutions, where attackers are demonstrating alarming success rates. Evilginx operates with surgical precision by positioning itself…
From feeds to flows: Using a unified linkage model to operationalize threat intelligence

Dec 4, 2025 6:32 PM

Tags: access, api, attack, authentication, automation, business, ciso, cloud, compliance, container, control, corporate, credentials, cyber, cybersecurity, data, defense, exploit, finance, firewall, framework, github, government, iam, identity, infrastructure, intelligence, ISO-27001, malicious, metric, mitre, monitoring, network, nist, open-source, phishing, risk, risk-assessment, risk-management, saas, service, siem, soc, software, supply-chain, tactics, threat, tool, update, vulnerability, zero-trust

what to watch for, but not why it matters or how it moves through your environment.The result is a paradox of abundance: CISOs have more data than ever before, but less operational clarity. Analysts are overwhelmed by indicators disconnected from context or mission relevance.Each feed represents a snapshot of a potential threat, but it does…
‘MuddyWater’ Hackers Target Israeli Orgs With Retro Game Tactic

Dec 4, 2025 8:32 AM

Tags: apt, attack, hacker, iran, mobile, tactics

Iran’s top state-sponsored APT is usually rather crass. But in a recent spate of attacks, it tried out some interesting evasion tactics, including delving into Snake, an old-school mobile game. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/muddywater-hackers-israeli-orgs-retro-game
MuddyWater cyber campaign adds new backdoors in latest wave of attacks

Dec 2, 2025 11:49 AM

Tags: attack, backdoor, cyber, group, iran, tactics, threat

ESET researchers say an Iran aligned threat group is refining its playbook again, and the latest activity shows how much its tactics have shifted. MuddyWater is a long running … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/02/eset-muddywater-cyber-campaign/
MuddyWater cyber campaign adds new backdoors in latest wave of attacks

Dec 2, 2025 11:49 AM

Tags: attack, backdoor, cyber, group, iran, tactics, threat

ESET researchers say an Iran aligned threat group is refining its playbook again, and the latest activity shows how much its tactics have shifted. MuddyWater is a long running … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/02/eset-muddywater-cyber-campaign/
Ransomware Threats Moving Out to the Edge

Dec 2, 2025 12:49 AM

Tags: attack, exploit, flaw, hacker, network, ransomware, tactics, threat, vulnerability

Rapid7’s Christiaan Beek on Ransomware Tactics and How to Mitigate Attacks in 2026. Ransomware attacks are reaching record highs, and 2026 may be even worse, said Christiaan Beek, senior director of threat intel and analytics at Rapid7. He warns that hackers are exploiting vulnerabilities as soon as they’re disclosed, and they’re focusing on flaws in…
Tomiris Unleashes ‘Havoc’ With New Tools, Tactics

Dec 1, 2025 11:49 PM

Tags: cyber, espionage, government, group, russia, tactics, tool

The Russian-speaking group is targeting government and diplomatic entities in CIS member states and Central Asia in its latest cyber-espionage campaign. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/tomiris-unleashes-havoc-new-tools-tactics
What are zero-day attacks and why do they work?

Dec 1, 2025 6:49 PM

Tags: access, antivirus, attack, breach, bug-bounty, cyber, cybersecurity, data, detection, edr, email, endpoint, espionage, exploit, government, group, hacker, infrastructure, intelligence, malicious, mobile, network, phishing, risk, service, software, spear-phishing, strategy, supply-chain, tactics, threat, tool, unauthorized, update, vulnerability, vulnerability-management, zero-day, zero-trust

No available patch: These exploits are unknown to both vendors and defenders, meaning they have not been identified and patched yet, leaving the door open for attackers.High-value targets: These attacks are often used in cyber espionage, ransomware campaigns, and advanced persistent threats (APTs) to target high-value assets with sensitive data.Difficult to detect: These exploits often are missed by traditional detection tools, especially…
What are zero-day attacks and why do they work?

Dec 1, 2025 6:49 PM

Tags: access, antivirus, attack, breach, bug-bounty, cyber, cybersecurity, data, detection, edr, email, endpoint, espionage, exploit, government, group, hacker, infrastructure, intelligence, malicious, mobile, network, phishing, risk, service, software, spear-phishing, strategy, supply-chain, tactics, threat, tool, unauthorized, update, vulnerability, vulnerability-management, zero-day, zero-trust

No available patch: These exploits are unknown to both vendors and defenders, meaning they have not been identified and patched yet, leaving the door open for attackers.High-value targets: These attacks are often used in cyber espionage, ransomware campaigns, and advanced persistent threats (APTs) to target high-value assets with sensitive data.Difficult to detect: These exploits often are missed by traditional detection tools, especially…
Hackers Shift to ‘Living Off the Land’ Tactics to Evade EDR on Windows Systems

Dec 1, 2025 3:49 PM

Tags: cyber, cyberattack, edr, hacker, tactics, tool, windows

Security researchers have discovered that modern attackers are abandoning traditional offensive tools and instead weaponizing legitimate Windows utilities to conduct cyberattacks without triggering security alarms. This shift in tactics, known as >>Living Off the Land,
Hackers Launch 2,000+ Fake Holiday Shops in Massive Payment Theft Scheme

Dec 1, 2025 3:49 PM

Tags: cyber, cybersecurity, finance, hacker, infrastructure, network, phishing, tactics, theft, unauthorized

Cybersecurity researchers have uncovered a massive network of over 2,000 fraudulent online storefronts deliberately activated during the Black Friday and Cyber Monday shopping season to harvest consumer payment information and execute unauthorized financial transactions. The discovery reveals two distinct but potentially coordinated phishing clusters that leverage shared infrastructure, automated templates, and brand impersonation tactics to…
Hackers Launch 2,000+ Fake Holiday Shops in Massive Payment Theft Scheme

Dec 1, 2025 3:49 PM

Tags: cyber, cybersecurity, finance, hacker, infrastructure, network, phishing, tactics, theft, unauthorized

Cybersecurity researchers have uncovered a massive network of over 2,000 fraudulent online storefronts deliberately activated during the Black Friday and Cyber Monday shopping season to harvest consumer payment information and execute unauthorized financial transactions. The discovery reveals two distinct but potentially coordinated phishing clusters that leverage shared infrastructure, automated templates, and brand impersonation tactics to…
Tomiris Shifts to Public-Service Implants for Stealthier C2 in Attacks on Government Targets

Dec 1, 2025 7:49 AM

Tags: access, attack, government, russia, service, tactics, threat

The threat actor known as Tomiris has been attributed to attacks targeting foreign ministries, intergovernmental organizations, and government entities in Russia with an aim to establish remote access and deploy additional tools.”These attacks highlight a notable shift in Tomiris’s tactics, namely the increased use of implants that leverage public services (e.g., Telegram and Discord) as…
ToddyCat APT evolves to target Outlook archives and Microsoft 365 tokens

Nov 26, 2025 1:49 PM

Tags: access, apt, backdoor, cloud, corporate, detection, email, espionage, government, group, kaspersky, mail, malicious, microsoft, military, network, open-source, software, tactics, theft, tool

Outlook in the Crosshairs: Another evolution involves accessing actual mail data. ToddyCat deployed a tool named TCSectorCopya C++ utility that opens the disk as a read-only device and copies Outlook’s offline storage files (OST) sector by sector, bypassing any file-lock mechanisms that Outlook may enforce.Once OST files are extracted, they are fed into XstReader, an…
ToddyCat APT evolves to target Outlook archives and Microsoft 365 tokens

Nov 26, 2025 1:49 PM

Tags: access, apt, backdoor, cloud, corporate, detection, email, espionage, government, group, kaspersky, mail, malicious, microsoft, military, network, open-source, software, tactics, theft, tool

Outlook in the Crosshairs: Another evolution involves accessing actual mail data. ToddyCat deployed a tool named TCSectorCopya C++ utility that opens the disk as a read-only device and copies Outlook’s offline storage files (OST) sector by sector, bypassing any file-lock mechanisms that Outlook may enforce.Once OST files are extracted, they are fed into XstReader, an…
Hackers Trick macOS Users into Running Terminal Commands to Install FlexibleFerret Malware

Nov 26, 2025 12:49 PM

Tags: cyber, hacker, jobs, macOS, malicious, malware, north-korea, social-engineering, tactics, threat

North Korean-aligned threat actors are leveraging convincing fake job recruitment websites to deceive macOS users into executing malicious Terminal commands that deliver the FlexibleFerret malware, according to recent analysis from Jamf Threat Labs. The campaign, attributed to the Contagious Interview operation, represents a refined iteration of social engineering tactics designed to bypass macOS security protections,…
Hackers Trick macOS Users into Running Terminal Commands to Install FlexibleFerret Malware

Nov 26, 2025 12:49 PM

Tags: cyber, hacker, jobs, macOS, malicious, malware, north-korea, social-engineering, tactics, threat

North Korean-aligned threat actors are leveraging convincing fake job recruitment websites to deceive macOS users into executing malicious Terminal commands that deliver the FlexibleFerret malware, according to recent analysis from Jamf Threat Labs. The campaign, attributed to the Contagious Interview operation, represents a refined iteration of social engineering tactics designed to bypass macOS security protections,…
New Malware-as-a-Service ‘Olymp Loader’ Emerges on Hacker Forums With Advanced Anti-Analysis Features

Nov 26, 2025 12:49 PM

Tags: cyber, cybercrime, hacker, malware, service, tactics, threat

Olymp Loader has emerged as a sophisticated Malware-as-a-Service (MaaS) platform since its public debut in June 2025, quickly establishing itself as a notable threat across underground cybercriminal forums and Telegram channels. Marketed under the alias >>OLYMPO,
Alliances between ransomware groups tied to recent surge in cybercrime

Nov 26, 2025 8:49 AM

Tags: access, attack, awareness, backup, business, cloud, cybercrime, cybersecurity, data, encryption, exploit, extortion, group, healthcare, incident response, intelligence, law, leak, monitoring, ransom, ransomware, saas, service, software, tactics, theft, threat, vpn, vulnerability, zero-day

Ransomware groups change tactics to evade law enforcement: The latest quarterly study from Rapid7 also found that newly forged alliances are leading to a spike in ransomware activity while adding that tactical innovations, from refined extortion to double extortion and use of zero day, are also playing a part in increased malfeasance.The quarter also saw…
New ClickFix attacks use fake Windows Update screens to fool employees

Nov 26, 2025 5:49 AM

Tags: access, attack, awareness, captcha, computer, control, data, defense, detection, edr, email, endpoint, exploit, group, infection, intelligence, malicious, malware, monitoring, network, okta, phishing, powershell, russia, tactics, threat, tool, training, update, windows

Run dialog box, Windows Terminal, or Windows PowerShell. This leads to the downloading of scripts that launch malware.Two new tactics are used in the latest ClickFix campaign, says Huntress:the use since early October of a fake blue Windows Update splash page in full-screen, displaying realistic “Working on updates” animations that eventually conclude by prompting the user to…
Zscaler Threat Hunting Discovers and Reconstructs a Sophisticated Water Gamayun APT Group Attack

Nov 26, 2025 12:49 AM

Tags: access, apt, attack, backdoor, cloud, control, credentials, cve, data, detection, exploit, government, group, infrastructure, intelligence, malicious, malware, network, open-source, password, powershell, risk, russia, social-engineering, supply-chain, tactics, theft, threat, tool, vulnerability, windows, zero-day, zero-trust

This blog is intended to share an in-depth analysis of a recent multi-stage attack attributed to the Water Gamayun advanced persistent threat group (APT). Drawing on telemetry, forensic reconstruction, and known threat intelligence, the Zscaler Threat Hunting team reconstructed how a seemingly innocuous web search led to a sophisticated exploitation of a Windows MMC vulnerability,…
Zscaler Threat Hunting Discovers and Reconstructs a Sophisticated Water Gamayun APT Group Attack

Nov 26, 2025 12:49 AM

Tags: access, apt, attack, backdoor, cloud, control, credentials, cve, data, detection, exploit, government, group, infrastructure, intelligence, malicious, malware, network, open-source, password, powershell, risk, russia, social-engineering, supply-chain, tactics, theft, threat, tool, vulnerability, windows, zero-day, zero-trust

This blog is intended to share an in-depth analysis of a recent multi-stage attack attributed to the Water Gamayun advanced persistent threat group (APT). Drawing on telemetry, forensic reconstruction, and known threat intelligence, the Zscaler Threat Hunting team reconstructed how a seemingly innocuous web search led to a sophisticated exploitation of a Windows MMC vulnerability,…
DPRK’s FlexibleFerret Tightens macOS Grip

Nov 25, 2025 11:49 PM

Tags: credentials, macOS, scam, social-engineering, tactics

The actor behind the Contagious Interview campaign is continuing to refine its tactics and social engineering scams to wrest credentials from macOS users. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/dprks-flexibleferret-tightens-macos-grip
Advanced Security Isn’t Stopping Ancient Phishing Tactics

Nov 25, 2025 7:49 PM

Tags: attack, phishing, tactics

New research reveals that sophisticated phishing attacks consistently bypass traditional enterprise security measures. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/advanced-security-phishing-tactics
Advanced Security Isn’t Stopping Ancient Phishing Tactics

Nov 25, 2025 7:49 PM

Tags: attack, phishing, tactics

New research reveals that sophisticated phishing attacks consistently bypass traditional enterprise security measures. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/advanced-security-phishing-tactics
Advanced Security Isn’t Stopping Ancient Phishing Tactics

Nov 25, 2025 7:49 PM

Tags: attack, phishing, tactics

New research reveals that sophisticated phishing attacks consistently bypass traditional enterprise security measures. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/advanced-security-phishing-tactics
FAQ About Sha1-Hulud 2.0: The >>Second Coming<< of the npm Supply-Chain Campaign

Nov 25, 2025 9:49 AM

Tags: attack, cloud, corporate, data, defense, github, intelligence, malicious, malware, radius, risk, risk-analysis, supply-chain, tactics, threat, tool, update

Sha1-Hulud malware is an aggressive npm supply-chain attack compromising CI/CD and developer environments. This blog addresses frequently asked questions and advises cloud security teams to immediately audit for at least 800 compromised packages. A massive resurgence of the Sha1-Hulud malware family, self-titled by the attackers as “The Second Coming,” was observed around Nov. 24 targeting…
FAQ About Sha1-Hulud 2.0: The >>Second Coming<< of the npm Supply-Chain Campaign

Nov 25, 2025 9:49 AM

Tags: attack, cloud, corporate, data, defense, github, intelligence, malicious, malware, radius, risk, risk-analysis, supply-chain, tactics, threat, tool, update

Sha1-Hulud malware is an aggressive npm supply-chain attack compromising CI/CD and developer environments. This blog addresses frequently asked questions and advises cloud security teams to immediately audit for at least 800 compromised packages. A massive resurgence of the Sha1-Hulud malware family, self-titled by the attackers as “The Second Coming,” was observed around Nov. 24 targeting…
Elephant Group Launches Defense Sector Attacks Using MSBuild-Delivered Python Backdoor

Nov 25, 2025 1:49 AM

Tags: access, attack, backdoor, cyber, cyberattack, defense, detection, group, india, malware, tactics, threat

An India-aligned advanced persistent threat group known as Dropping Elephant has launched sophisticated cyberattacks against Pakistan’s defense sector using a newly developed Python-based backdoor delivered through an MSBuild dropper. The campaign demonstrates significant evolution in the threat actor’s tactics, techniques, and procedures, combining living-off-the-land binaries with custom malware to evade detection and establish persistent access…
APT35 Data Leak Uncovers the Iranian Hacker Group’s Operations and Tactics

Nov 25, 2025 1:49 AM

Tags: attack, breach, cyber, data, data-breach, espionage, group, hacker, intelligence, iran, leak, metric, tactics

In October 2025, a significant breach exposed internal operational documents from APT35, also known as Charming Kitten, revealing that the Iranian state-sponsored group operates as a bureaucratized, quota-driven cyber-espionage unit with hierarchical command structures, performance metrics, and specialized attack teams. The leaked materials provide an unprecedented window into how this Islamic Revolutionary Guard Corps Intelligence…