Tag: tactics

ForumTrol Operation Uses Chrome Zero-Day in Fresh Phishing Attacks

Dec 17, 2025 9:19 PM

Tags: apt, attack, browser, chrome, cve, cyber, exploit, google, group, phishing, russia, social-engineering, tactics, vulnerability, zero-day

The ForumTroll APT group has resurfaced with a sophisticated phishing campaign targeting Russian academics, marking a significant escalation in their ongoing operations against entities in Russia and Belarus. While the group initially gained notoriety for exploiting CVE-2025-2783, a zero-day vulnerability in Google Chrome, their latest offensive relies on refined social engineering tactics and commercial red…
BlindEagle Targets Colombian Government Agency with Caminho and DCRAT

Dec 17, 2025 10:19 AM

Tags: access, attack, authentication, cloud, communications, control, cybercrime, defense, detection, dkim, dmarc, dns, email, encryption, flaw, government, group, infrastructure, injection, Internet, malicious, malware, microsoft, open-source, phishing, powershell, rat, service, spear-phishing, startup, tactics, threat, tool, update, usa, windows

IntroductionIn early September 2025, Zscaler ThreatLabz discovered a new spear phishing campaign attributed to BlindEagle, a threat actor who operates in South America and targets users in Spanish-speaking countries, such as Colombia. In this campaign, BlindEagle targeted a government agency under the control of the Ministry of Commerce, Industry and Tourism (MCIT) in Colombia using…
LLM-Driven Automation: A New Catalyst for Ransomware and RaaS Ecosystems

Dec 16, 2025 9:19 PM

Tags: ai, automation, cyber, LLM, ransomware, tactics, threat

SentinelLABS has released a comprehensive assessment regarding the integration of Large Language Models (LLMs) into the ransomware ecosystem, concluding that while AI is not yet driving a fundamental transformation in tactics, it is significantly accelerating the operational lifecycle. The research indicates that measurable gains in speed, volume, and multilingual reach are reshaping the threat landscape,…
Amazon warns that Russia’s Sandworm has shifted its tactics

Dec 16, 2025 5:19 PM

Tags: access, exploit, intelligence, military, network, russia, tactics, vulnerability

Researchers said attackers linked to Russia’s military intelligence agency have moved from vulnerability exploits to focus on poorly configured network edge devices to keep its access to target networks. First seen on cyberscoop.com Jump to article: cyberscoop.com/amazon-threat-intel-russia-attacks-energy-sector-sandworm-apt44/
Report Surfaces Multiple Novel Social Engineering Tactics and Techniques

Dec 11, 2025 5:32 PM

Tags: ai, attack, cybercrime, malware, social-engineering, software, tactics, threat, update

HP’s latest threat report reveals rising use of sophisticated social engineering, SVG-based attacks, fake software updates, and AI-enhanced malware as cybercriminals escalate tactics to evade detection. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/report-surfaces-multiple-novel-social-engineering-tactics-and-techniques/
Report Surfaces Multiple Novel Social Engineering Tactics and Techniques

Dec 11, 2025 5:32 PM

Tags: ai, attack, cybercrime, malware, social-engineering, software, tactics, threat, update

HP’s latest threat report reveals rising use of sophisticated social engineering, SVG-based attacks, fake software updates, and AI-enhanced malware as cybercriminals escalate tactics to evade detection. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/report-surfaces-multiple-novel-social-engineering-tactics-and-techniques/
CISA and FBI Warn of Pro-Russia Hacktivist Attacks on Critical Infrastructure Worldwide

Dec 10, 2025 2:32 PM

Tags: advisory, attack, cisa, cyber, cybercrime, cybersecurity, infrastructure, international, russia, tactics, technology

The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and international partners from the European Cybercrime Centre (EC3) have released a joint cybersecurity advisory detailing the escalating activities of pro-Russia hacktivist groups. This new advisory highlights a shift in tactics, with hacktivists targeting Operational Technology (OT) and Industrial…
CISA and FBI Warn of Pro-Russia Hacktivist Attacks on Critical Infrastructure Worldwide

Dec 10, 2025 2:32 PM

Tags: advisory, attack, cisa, cyber, cybercrime, cybersecurity, infrastructure, international, russia, tactics, technology

The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and international partners from the European Cybercrime Centre (EC3) have released a joint cybersecurity advisory detailing the escalating activities of pro-Russia hacktivist groups. This new advisory highlights a shift in tactics, with hacktivists targeting Operational Technology (OT) and Industrial…
React2Shell Exploit Campaigns Tied to North Korean Cyber Intrusion Tactics

Dec 9, 2025 6:32 PM

Tags: cyber, exploit, hacker, malicious, north-korea, tactics

Sysdig has found sophisticated malicious campaigns exploiting React2Shell that delivered EtherRAT and suggested North Korean hackers’ involvement First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/react2shell-exploit-campaigns/
DeadLock Ransomware Uses BYOVD to Evade Security Measures

Dec 9, 2025 5:32 PM

Tags: cisco, ransomware, tactics

Cisco Talos has detected new tactics from a financially motivated actor using DeadLock ransomware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/deadlock-ransomware-uses-byovd/
Storm-0249 Escalates Ransomware Attacks with ClickFix, Fileless PowerShell, and DLL Sideloading

Dec 9, 2025 4:32 PM

Tags: access, attack, defense, network, powershell, ransomware, tactics, threat

The threat actor known as Storm-0249 is likely shifting from its role as an initial access broker to adopt a combination of more advanced tactics like domain spoofing, DLL side-loading, and fileless PowerShell execution to facilitate ransomware attacks.”These methods allow them to bypass defenses, infiltrate networks, maintain persistence, and operate undetected, raising serious concerns for…
Offensive security takes center stage in the AI era

Dec 8, 2025 8:32 AM

Tags: ai, attack, automation, business, ciso, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, framework, hacker, hacking, incident response, intelligence, malicious, offense, phishing, RedTeam, regulation, risk, skills, software, strategy, tactics, technology, threat, tool, vulnerability, vulnerability-management, windows

Red teaming, where ethical hackers simulate real-world attacks to test detection and response capabilities. Red teams aim to emulate threat actors by using stealthy tactics to bypass controls and achieve objectives such as data exfiltration or privilege escalation.Adversary emulation, where security pros re-create known threat actor tactics, techniques, and procedures (TTPs) based on threat intelligence…
Offensive security takes center stage in the AI era

Dec 8, 2025 8:32 AM

Tags: ai, attack, automation, business, ciso, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, framework, hacker, hacking, incident response, intelligence, malicious, offense, phishing, RedTeam, regulation, risk, skills, software, strategy, tactics, technology, threat, tool, vulnerability, vulnerability-management, windows

Red teaming, where ethical hackers simulate real-world attacks to test detection and response capabilities. Red teams aim to emulate threat actors by using stealthy tactics to bypass controls and achieve objectives such as data exfiltration or privilege escalation.Adversary emulation, where security pros re-create known threat actor tactics, techniques, and procedures (TTPs) based on threat intelligence…
ISMG Editors: Inside the Rapid Evolution of Ransomware

Dec 5, 2025 7:32 PM

Tags: ai, HIPAA, privacy, ransomware, tactics

Also: More HIPAA Challenges, the Growing AI Gap for Small- to Medium-Sized Firms. In this week’s panel, four ISMG editors discussed the latest shifts in ransomware tactics, a major development in the Texas challenge to the HIPAA Privacy Rule related to reproductive rights, and how SMBs navigating AI are facing very different challenges than large…
MuddyWater Hackers Use UDPGangster Backdoor to Bypass Network Defenses on Windows

Dec 5, 2025 4:32 PM

Tags: backdoor, cyber, defense, espionage, group, hacker, intelligence, network, social-engineering, tactics, threat, windows

The MuddyWater threat group has escalated its cyber espionage operations by deploying UDPGangster, a sophisticated UDP-based backdoor designed to infiltrate Windows systems while systematically evading traditional network defenses. Recent intelligence gathered by FortiGuard Labs reveals coordinated campaigns targeting high-value victims across Turkey, Israel, and Azerbaijan, employing social engineering tactics paired with advanced anti-analysis techniques that…
Evilginx Attack Campaigns: Session Cookie Theft and MFA Bypass Tactics

Dec 5, 2025 1:32 AM

Tags: attack, authentication, cyber, cyberattack, login, mfa, phishing, tactics, theft, threat

Security researchers are issuing urgent warnings about a rising wave of cyberattacks leveraging Evilginx, an attacker-in-the-middle phishing toolkit that intercepts login flows to steal session cookies and circumvent multi-factor authentication (MFA) protections. The threat is particularly acute within educational institutions, where attackers are demonstrating alarming success rates. Evilginx operates with surgical precision by positioning itself…
From feeds to flows: Using a unified linkage model to operationalize threat intelligence

Dec 4, 2025 6:32 PM

Tags: access, api, attack, authentication, automation, business, ciso, cloud, compliance, container, control, corporate, credentials, cyber, cybersecurity, data, defense, exploit, finance, firewall, framework, github, government, iam, identity, infrastructure, intelligence, ISO-27001, malicious, metric, mitre, monitoring, network, nist, open-source, phishing, risk, risk-assessment, risk-management, saas, service, siem, soc, software, supply-chain, tactics, threat, tool, update, vulnerability, zero-trust

what to watch for, but not why it matters or how it moves through your environment.The result is a paradox of abundance: CISOs have more data than ever before, but less operational clarity. Analysts are overwhelmed by indicators disconnected from context or mission relevance.Each feed represents a snapshot of a potential threat, but it does…
‘MuddyWater’ Hackers Target Israeli Orgs With Retro Game Tactic

Dec 4, 2025 8:32 AM

Tags: apt, attack, hacker, iran, mobile, tactics

Iran’s top state-sponsored APT is usually rather crass. But in a recent spate of attacks, it tried out some interesting evasion tactics, including delving into Snake, an old-school mobile game. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/muddywater-hackers-israeli-orgs-retro-game
MuddyWater cyber campaign adds new backdoors in latest wave of attacks

Dec 2, 2025 11:49 AM

Tags: attack, backdoor, cyber, group, iran, tactics, threat

ESET researchers say an Iran aligned threat group is refining its playbook again, and the latest activity shows how much its tactics have shifted. MuddyWater is a long running … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/02/eset-muddywater-cyber-campaign/
MuddyWater cyber campaign adds new backdoors in latest wave of attacks

Dec 2, 2025 11:49 AM

Tags: attack, backdoor, cyber, group, iran, tactics, threat

ESET researchers say an Iran aligned threat group is refining its playbook again, and the latest activity shows how much its tactics have shifted. MuddyWater is a long running … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/02/eset-muddywater-cyber-campaign/
Ransomware Threats Moving Out to the Edge

Dec 2, 2025 12:49 AM

Tags: attack, exploit, flaw, hacker, network, ransomware, tactics, threat, vulnerability

Rapid7’s Christiaan Beek on Ransomware Tactics and How to Mitigate Attacks in 2026. Ransomware attacks are reaching record highs, and 2026 may be even worse, said Christiaan Beek, senior director of threat intel and analytics at Rapid7. He warns that hackers are exploiting vulnerabilities as soon as they’re disclosed, and they’re focusing on flaws in…
Tomiris Unleashes ‘Havoc’ With New Tools, Tactics

Dec 1, 2025 11:49 PM

Tags: cyber, espionage, government, group, russia, tactics, tool

The Russian-speaking group is targeting government and diplomatic entities in CIS member states and Central Asia in its latest cyber-espionage campaign. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/tomiris-unleashes-havoc-new-tools-tactics
What are zero-day attacks and why do they work?

Dec 1, 2025 6:49 PM

Tags: access, antivirus, attack, breach, bug-bounty, cyber, cybersecurity, data, detection, edr, email, endpoint, espionage, exploit, government, group, hacker, infrastructure, intelligence, malicious, mobile, network, phishing, risk, service, software, spear-phishing, strategy, supply-chain, tactics, threat, tool, unauthorized, update, vulnerability, vulnerability-management, zero-day, zero-trust

No available patch: These exploits are unknown to both vendors and defenders, meaning they have not been identified and patched yet, leaving the door open for attackers.High-value targets: These attacks are often used in cyber espionage, ransomware campaigns, and advanced persistent threats (APTs) to target high-value assets with sensitive data.Difficult to detect: These exploits often are missed by traditional detection tools, especially…
What are zero-day attacks and why do they work?

Dec 1, 2025 6:49 PM

Tags: access, antivirus, attack, breach, bug-bounty, cyber, cybersecurity, data, detection, edr, email, endpoint, espionage, exploit, government, group, hacker, infrastructure, intelligence, malicious, mobile, network, phishing, risk, service, software, spear-phishing, strategy, supply-chain, tactics, threat, tool, unauthorized, update, vulnerability, vulnerability-management, zero-day, zero-trust

No available patch: These exploits are unknown to both vendors and defenders, meaning they have not been identified and patched yet, leaving the door open for attackers.High-value targets: These attacks are often used in cyber espionage, ransomware campaigns, and advanced persistent threats (APTs) to target high-value assets with sensitive data.Difficult to detect: These exploits often are missed by traditional detection tools, especially…
Hackers Shift to ‘Living Off the Land’ Tactics to Evade EDR on Windows Systems

Dec 1, 2025 3:49 PM

Tags: cyber, cyberattack, edr, hacker, tactics, tool, windows

Security researchers have discovered that modern attackers are abandoning traditional offensive tools and instead weaponizing legitimate Windows utilities to conduct cyberattacks without triggering security alarms. This shift in tactics, known as >>Living Off the Land,
Hackers Launch 2,000+ Fake Holiday Shops in Massive Payment Theft Scheme

Dec 1, 2025 3:49 PM

Tags: cyber, cybersecurity, finance, hacker, infrastructure, network, phishing, tactics, theft, unauthorized

Cybersecurity researchers have uncovered a massive network of over 2,000 fraudulent online storefronts deliberately activated during the Black Friday and Cyber Monday shopping season to harvest consumer payment information and execute unauthorized financial transactions. The discovery reveals two distinct but potentially coordinated phishing clusters that leverage shared infrastructure, automated templates, and brand impersonation tactics to…
Hackers Launch 2,000+ Fake Holiday Shops in Massive Payment Theft Scheme

Dec 1, 2025 3:49 PM

Tags: cyber, cybersecurity, finance, hacker, infrastructure, network, phishing, tactics, theft, unauthorized

Cybersecurity researchers have uncovered a massive network of over 2,000 fraudulent online storefronts deliberately activated during the Black Friday and Cyber Monday shopping season to harvest consumer payment information and execute unauthorized financial transactions. The discovery reveals two distinct but potentially coordinated phishing clusters that leverage shared infrastructure, automated templates, and brand impersonation tactics to…
Tomiris Shifts to Public-Service Implants for Stealthier C2 in Attacks on Government Targets

Dec 1, 2025 7:49 AM

Tags: access, attack, government, russia, service, tactics, threat

The threat actor known as Tomiris has been attributed to attacks targeting foreign ministries, intergovernmental organizations, and government entities in Russia with an aim to establish remote access and deploy additional tools.”These attacks highlight a notable shift in Tomiris’s tactics, namely the increased use of implants that leverage public services (e.g., Telegram and Discord) as…
ToddyCat APT evolves to target Outlook archives and Microsoft 365 tokens

Nov 26, 2025 1:49 PM

Tags: access, apt, backdoor, cloud, corporate, detection, email, espionage, government, group, kaspersky, mail, malicious, microsoft, military, network, open-source, software, tactics, theft, tool

Outlook in the Crosshairs: Another evolution involves accessing actual mail data. ToddyCat deployed a tool named TCSectorCopya C++ utility that opens the disk as a read-only device and copies Outlook’s offline storage files (OST) sector by sector, bypassing any file-lock mechanisms that Outlook may enforce.Once OST files are extracted, they are fed into XstReader, an…
ToddyCat APT evolves to target Outlook archives and Microsoft 365 tokens

Nov 26, 2025 1:49 PM

Tags: access, apt, backdoor, cloud, corporate, detection, email, espionage, government, group, kaspersky, mail, malicious, microsoft, military, network, open-source, software, tactics, theft, tool

Outlook in the Crosshairs: Another evolution involves accessing actual mail data. ToddyCat deployed a tool named TCSectorCopya C++ utility that opens the disk as a read-only device and copies Outlook’s offline storage files (OST) sector by sector, bypassing any file-lock mechanisms that Outlook may enforce.Once OST files are extracted, they are fed into XstReader, an…