Tag: tactics

Iranian Hackers Exploit RMM Tools to Target Academics and Foreign-Policy Experts

Nov 6, 2025 3:19 PM

Tags: credentials, cyber, exploit, group, hacker, iran, phishing, social-engineering, tactics, threat, tool

Proofpoint Threat Research has identified a previously unknown Iranian threat actor, dubbed UNK_SmudgedSerpent, that conducted sophisticated phishing campaigns against academics and foreign policy experts between June and August 2025. The group employed credential harvesting techniques, sophisticated social engineering, and remote management tools to infiltrate targets, revealing a complex web of overlapping tactics reminiscent of established…
Critical Bug in Midnight Ransomware Tool Unlocks File Recovery

Nov 6, 2025 3:19 PM

Tags: cyber, ransomware, tactics, threat, tool

In the ever-evolving landscape of cyber threats, a new ransomware strain, Midnight, has emerged, echoing the notorious tactics of its predecessor, Babuk. First detected by Gen researchers, Midnight blends familiar ransomware mechanics with novel cryptographic modifications”, some of which unintentionally open the door to file recovery. This represents a rare opportunity for victims to reclaim…
Iranian Hackers Exploit RMM Tools to Target Academics and Foreign-Policy Experts

Nov 6, 2025 3:19 PM

Tags: credentials, cyber, exploit, group, hacker, iran, phishing, social-engineering, tactics, threat, tool

Proofpoint Threat Research has identified a previously unknown Iranian threat actor, dubbed UNK_SmudgedSerpent, that conducted sophisticated phishing campaigns against academics and foreign policy experts between June and August 2025. The group employed credential harvesting techniques, sophisticated social engineering, and remote management tools to infiltrate targets, revealing a complex web of overlapping tactics reminiscent of established…
Hackers Exploit AI Tools to Intensify Ransomware Attacks on European Organizations

Nov 5, 2025 11:19 AM

Tags: ai, attack, breach, crowdstrike, cyber, cybercrime, defense, exploit, hacker, intelligence, leak, ransomware, social-engineering, tactics, threat, tool

European organizations are facing an unprecedented surge in ransomware attacks as cybercriminals increasingly adopt artificial intelligence and sophisticated social engineering tactics to breach defenses and accelerate their operations. According to the latest CrowdStrike 2025 European Threat Landscape Report, big game hunting ransomware adversaries have named approximately 2,100 European-based victims on more than 100 dedicated leak…
Hackers Exploit AI Tools to Intensify Ransomware Attacks on European Organizations

Nov 5, 2025 11:19 AM

Tags: ai, attack, breach, crowdstrike, cyber, cybercrime, defense, exploit, hacker, intelligence, leak, ransomware, social-engineering, tactics, threat, tool

European organizations are facing an unprecedented surge in ransomware attacks as cybercriminals increasingly adopt artificial intelligence and sophisticated social engineering tactics to breach defenses and accelerate their operations. According to the latest CrowdStrike 2025 European Threat Landscape Report, big game hunting ransomware adversaries have named approximately 2,100 European-based victims on more than 100 dedicated leak…
Anatomy of Tycoon 2FA Phishing: Tactics Targeting M365 and Gmail

Nov 4, 2025 12:19 PM

Tags: 2fa, authentication, cyber, malware, mfa, phishing, service, strategy, tactics, threat

The Tycoon 2FA phishing kit represents one of the most sophisticated threats targeting enterprise environments today. This Phishing-as-a-Service (PhaaS) platform, which emerged in August 2023, has become a formidable adversary against organizational security, employing advanced evasion techniques and adversary-in-the-middle (AiTM) strategies to bypass multi-factor authentication protections. According to the Any.run malware trends tracker, Tycoon 2FA…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
SesameOp: Using the OpenAI Assistants API for Covert C2 Communication

Nov 4, 2025 8:19 AM

Tags: api, backdoor, cloud, control, cyber, data-breach, detection, exploit, malicious, malware, microsoft, openai, service, tactics, threat

Microsoft’s Detection and Response Team has exposed a sophisticated backdoor malware that exploits the OpenAI Assistants API as an unconventional command-and-control communication channel. Named SesameOp, this threat demonstrates how adversaries are rapidly adapting to leverage legitimate cloud services for malicious purposes, making detection significantly more challenging for security teams. The discovery highlights the evolving tactics…
OAuth Device Code Phishing: Azure vs. Google Compared

Nov 3, 2025 5:20 PM

Tags: attack, google, identity, phishing, tactics

Device code phishing abuses the OAuth device flow, and Google and Azure produce strikingly different attack surfaces. Register for Huntress Labs’ Live Hack to learn about attack techniques, defensive tactics, and get an Identity Security Assessment. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/oauth-device-code-phishing-azure-vs-google-compared/
TDL 008 – Defending the Frontline: Ransomware, AI, and Real-World Lessons

Nov 3, 2025 5:19 AM

Tags: access, ai, attack, authentication, awareness, backup, breach, business, ceo, ciso, computer, country, crime, cyber, cybersecurity, data, deep-fake, email, exploit, extortion, finance, firewall, framework, fraud, government, group, guide, healthcare, ibm, incident, incident response, infrastructure, insurance, intelligence, law, mfa, microsoft, penetration-testing, phone, powershell, ransom, ransomware, risk, russia, scam, service, social-engineering, strategy, tactics, technology, theft, threat, tool, training, vpn, vulnerability, zero-day

Summary In this episode of “The Defender’s Log,” host David Redekop interviews Alexander Rau, a cybersecurity partner at KPMG, about the evolving incident response (IR) landscape. Rau notes that the past summer was exceptionally busy for IR, driven largely by zero-day firewall vulnerabilities. He highlights that threat actors are innovating, even using AI chatbots for…
TDL 008 – Defending the Frontline: Ransomware, AI, and Real-World Lessons

Nov 3, 2025 5:19 AM

Tags: access, ai, attack, authentication, awareness, backup, breach, business, ceo, ciso, computer, country, crime, cyber, cybersecurity, data, deep-fake, email, exploit, extortion, finance, firewall, framework, fraud, government, group, guide, healthcare, ibm, incident, incident response, infrastructure, insurance, intelligence, law, mfa, microsoft, penetration-testing, phone, powershell, ransom, ransomware, risk, russia, scam, service, social-engineering, strategy, tactics, technology, theft, threat, tool, training, vpn, vulnerability, zero-day

Summary In this episode of “The Defender’s Log,” host David Redekop interviews Alexander Rau, a cybersecurity partner at KPMG, about the evolving incident response (IR) landscape. Rau notes that the past summer was exceptionally busy for IR, driven largely by zero-day firewall vulnerabilities. He highlights that threat actors are innovating, even using AI chatbots for…
Rapid7: Cyber defences stuck in the 1980s as threats mount

Oct 30, 2025 4:19 PM

Tags: ai, cyber, detection, tactics, threat

The company’s chief product officer notes that many defence tactics are still stuck in the past, urging organisations to adopt AI-driven security platforms to improve threat detection and response First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366633571/Rapid7-Cyber-defences-stuck-in-the-1980s-as-threats-mount
Old threats, new consequences: 90% of cyber claims stem from email and remote access

Oct 30, 2025 4:19 PM

Tags: access, ai, attack, awareness, cisco, ciso, citrix, cloud, communications, control, credentials, cve, cyber, cybersecurity, data, defense, detection, email, encryption, finance, fraud, hacker, insurance, mail, malicious, microsoft, network, phishing, phone, ransomware, risk, sophos, tactics, threat, tool, update, vpn, vulnerability

2025 InsurSec Rankings Report, email and remote access remain the most prominent cyber threat vectors, accounting for 90% of cyber insurance claims in 2024.And, no surprise, larger companies continue to get hit hardest. But, interestingly, the virtual private networks (VPNs) many rely on are anything but secure, despite assumptions to the contrary.”We know from our…
Cyber Pros Needed: Securing the Middle Ground

Oct 30, 2025 4:19 PM

Tags: cyber, defense, ransom, ransomware, tactics, threat

Midsize Businesses Need Skilled Professionals as Threat Actors Shift Their Tactics As large enterprises continue to strengthen their defenses and reduce ransom payouts, ransomware operators are redirecting their attention toward midsize organizations. This shift has increased the urgency for adaptable, well-trained cyber professionals who can tailor enterprise-grade protections. First seen on govinfosecurity.com Jump to article:…
Russian hackers, likely linked to Sandworm, exploit legitimate tools against Ukrainian targets

Oct 29, 2025 4:26 PM

Tags: access, apt, data, exploit, hacker, network, russia, tactics, threat, tool, ukraine

Russian actors, likely linked to Sandworm, targeted Ukrainian firms using LotL tactics and dual-use tools to steal data and stay hidden, says Symantec and Carbon Black. Russian threat actors, likely linked to the APT Sandworm, targeted Ukrainian organizations to steal sensitive data and maintain long-term network access, Symantec Threat Hunter Team and Carbon Black report.…
Russian Hackers Target Government with Stealthy “Livingthe-Land” Tactics

Oct 29, 2025 3:26 PM

Tags: cyber, detection, government, hacker, malware, russia, tactics, threat, tool, ukraine, windows

Russian-linked attackers have intensified their targeting of Ukrainian organizations through sophisticated intrusions that rely heavily on legitimate Windows tools rather than malware. The attackers demonstrated remarkable restraint in their malware deployment, instead leveraging living-off-the-land tactics and dual-use tools to evade detection while accomplishing their objectives. A recent investigation by our Threat Hunter Team revealed two…
Russian Hackers Target Government with Stealthy “Livingthe-Land” Tactics

Oct 29, 2025 3:26 PM

Tags: cyber, detection, government, hacker, malware, russia, tactics, threat, tool, ukraine, windows

Russian-linked attackers have intensified their targeting of Ukrainian organizations through sophisticated intrusions that rely heavily on legitimate Windows tools rather than malware. The attackers demonstrated remarkable restraint in their malware deployment, instead leveraging living-off-the-land tactics and dual-use tools to evade detection while accomplishing their objectives. A recent investigation by our Threat Hunter Team revealed two…
Cybercriminals Launch Flood of Fake Forex Platforms to Harvest Logins

Oct 29, 2025 2:26 PM

Tags: crime, crypto, cyber, cybercrime, finance, group, login, organized, scam, social-engineering, tactics, threat

Fraudulent investment platforms impersonating legitimate cryptocurrency and forex exchanges have emerged as the primary financial threat across Asia, with organized crime groups operating at unprecedented scale. These sophisticated scams leverage social engineering tactics to deceive victims into transferring funds to attacker-controlled systems, blurring the lines between legitimate trading and criminal enterprise. The threat extends far…
Russian Hackers Target Ukrainian Organizations Using Stealthy Livingthe-Land Tactics

Oct 29, 2025 2:26 PM

Tags: access, attack, business, country, data, government, hacker, russia, service, tactics, threat, ukraine

Organizations in Ukraine have been targeted by threat actors of Russian origin with an aim to siphon sensitive data and maintain persistent access to compromised networks.The activity, according to a new report from the Symantec and Carbon Black Threat Hunter Team, targeted a large business services organization for two months and a local government entity…
Russian Hackers Target Ukrainian Organizations Using Stealthy Livingthe-Land Tactics

Oct 29, 2025 2:26 PM

Tags: access, attack, business, country, data, government, hacker, russia, service, tactics, threat, ukraine

Organizations in Ukraine have been targeted by threat actors of Russian origin with an aim to siphon sensitive data and maintain persistent access to compromised networks.The activity, according to a new report from the Symantec and Carbon Black Threat Hunter Team, targeted a large business services organization for two months and a local government entity…
Discover Practical AI Tactics for GRC, Join the Free Expert Webinar

Oct 29, 2025 12:26 PM

Tags: ai, compliance, governance, grc, intelligence, risk, tactics

Artificial Intelligence (AI) is rapidly transforming Governance, Risk, and Compliance (GRC). It’s no longer a future concept”, it’s here, and it’s already reshaping how teams operate.AI’s capabilities are profound: it’s speeding up audits, flagging critical risks faster, and drastically cutting down on time-consuming manual work. This leads to greater efficiency, higher accuracy, and a more…
Is your perimeter having an identity crisis?

Oct 29, 2025 10:31 AM

Tags: access, ai, attack, authentication, breach, business, cloud, communications, credentials, data, data-breach, defense, detection, email, endpoint, identity, infrastructure, intelligence, malicious, mfa, mobile, network, phishing, phone, RedTeam, resilience, smishing, social-engineering, strategy, tactics, threat

Craft phishing, smishing and vishing. Creating hyper-personalized emails that can be grammatically perfect, contextually aware and emotionally resonant. These messages no longer demonstrate the telltale signs of traditional phishing like broken English or generic greetings.Synthesize trust. Using voice-cloning AI to leave a quick, urgent voicemail from a trusted executive, bypassing the skepticism you’ve trained into…
10 NPM Packages That Automatically Run on Install and Steal Credentials

Oct 29, 2025 10:31 AM

Tags: attack, authentication, credentials, cyber, data, linux, macOS, malicious, malware, social-engineering, supply-chain, tactics, theft, threat, windows

A sophisticated supply chain attack involving ten malicious npm packages that execute automatically upon installation and deploy a comprehensive credential theft operation. The malware uses advanced obfuscation techniques, social engineering tactics, and cross-platform functionality to harvest sensitive authentication data from developers’ systems across Windows, Linux, and macOS environments. Socket’s Threat Research Team has uncovered a…
Beast Ransomware Targets Active SMB Connections to Infect Entire Networks

Oct 29, 2025 9:26 AM

Tags: cyber, cybersecurity, group, network, ransomware, tactics, threat

A sophisticated ransomware operation known as Beast has emerged as a significant cybersecurity threat, employing aggressive network propagation tactics that leverage Server Message Block (SMB) port scanning to infiltrate and encrypt systems across enterprise environments. The threat group, which evolved from the Monster ransomware strain, has been actively targeting organizations worldwide since its official launch…
YouTube Ghost Network Utilizes Spooky Tactics to Target Users

Oct 28, 2025 10:26 PM

Tags: malware, network, tactics

The malware operation uses compromised accounts and bot networks to distribute infostealers and has tripled its output in 2025. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/youtube-ghost-network-target-users
Ransomware Hackers Look for New Tactics Amid Falling Profits

Oct 28, 2025 9:26 PM

Tags: attack, cybersecurity, defense, email, extortion, group, hacker, incident response, ransomware, service, social-engineering, strategy, supply-chain, tactics

Digital Extortionists Try Recruiting Insiders, Email Barrages. Collective efforts to bolster cybersecurity defenses have been taking a big bite out of ransomware groups’ earnings, leading groups to reach for new strategies, including social engineering, supply chain attacks, extortion services and bribing insiders, warn incident response experts. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ransomware-hackers-look-for-new-tactics-amid-falling-profits-a-29867
RedTiger Malware Steals Data, Discord Tokens and Even Webcam Images

Oct 28, 2025 3:26 PM

Tags: authentication, data, malware, password, tactics

A new Python-based infostealer called RedTiger is targeting Discord gamers to steal authentication tokens, passwords, and payment information. Learn how the malware works, its evasion tactics, and essential security steps like enabling MFA. First seen on hackread.com Jump to article: hackread.com/redtiger-malware-discord-tokens-webcam-images/
BlueNoroff Shifts Tactics: Targets C-Suite and Managers with New Infiltration Methods

Oct 28, 2025 10:26 AM

Tags: attack, blockchain, cyber, finance, group, north-korea, strategy, tactics, threat

The North Korean-linked threat group BlueNoroff, also known by aliases including Sapphire Sleet, APT38, and Alluring Pisces, continues to evolve its attack tactics while maintaining its primary focus on financial gain. The group has shifted its strategy to employ sophisticated new infiltration methods targeting high-value victims including C-level executives, managers, and blockchain developers within the…