Tag: tactics

XwormRAT Hackers Leverage Code Injection for Sophisticated Malware Deployment

Jul 9, 2025 6:39 PM

Tags: cyber, cybercrime, detection, hacker, injection, malicious, malware, tactics

A sophisticated new distribution method for XwormRAT malware that leverages steganography techniques to hide malicious code within legitimate files. This discovery highlights the evolving tactics of cybercriminals who are increasingly using advanced obfuscation methods to bypass security detection systems and deceive unsuspecting users. The latest XwormRAT campaign represents a significant evolution in malware distribution methodology,…
Trend Micro flags BERT: A rapidly growing ransomware threat

Jul 9, 2025 6:39 PM

Tags: ceo, cybersecurity, data, edr, email, group, healthcare, malware, phishing, phone, radius, ransom, ransomware, tactics, threat, tool

Low-code, high impact: BERT is not an isolated development, it is part of a growing wave of emerging ransomware groups that are proving both capable and elusive. In just the last three to four months, cybersecurity researchers have identified multiple new ransomware families that signal a shift toward leaner, low-code, and faster malware operations.For instance,…
French intel chief warns of evolving Russian hybrid operations, ‘existential threat’ to Europe

Jul 9, 2025 6:39 PM

Tags: intelligence, russia, tactics, threat

DGSE intelligence head Nicolas Lerner said Moscow’s tactics are evolving and increasingly include on-the-ground activities carried out by paid operatives. First seen on therecord.media Jump to article: therecord.media/french-intelligence-chief-russia-threat
Hackers Manipulate Search Results to Target IT Pros with Trojanized PuTTY and WinSCP

Jul 8, 2025 9:34 PM

Tags: cyber, cybersecurity, exploit, hacker, malware, tactics, threat, tool

Arctic Wolf has uncovered a cunning cybersecurity threat that exploits search engine optimization (SEO) poisoning and malvertising tactics to distribute Trojanized versions of widely used IT tools such as PuTTY and WinSCP. This campaign cunningly targets IT professionals and system administrators, individuals who frequently rely on these tools for secure file transfers and remote system…
Researchers Reveal Scatter Spider’s Tools, Tactics, and Key Indicators

Jul 8, 2025 9:34 PM

Tags: attack, cyber, group, phishing, social-engineering, tactics, tool

Check Point Research has revealed important details about the phishing domain patterns and advanced attack techniques of the infamous Scattered Spider organization, which has brought a new wave of cyberthreats under close investigation. Known for their aggressive social engineering tactics, this financially motivated group active since at least 2022 and comprising young individuals aged 1922…
AiLock Ransomware Emerges with Hybrid Encryption Tactics: ChaCha20 Meets NTRUEncrypt

Jul 7, 2025 5:34 PM

Tags: cyber, cybersecurity, data, encryption, leak, malicious, ransom, ransomware, service, tactics

The AiLock ransomware organization, which Zscaler first discovered in March 2025, has become a powerful force in the ransomware-as-a-service (RaaS) market, which is a frightening trend for cybersecurity professionals. This malicious entity operates with a sophisticated structure, leveraging both a negotiation site to extract ransoms from victims and a Data Leak Site (DLS) to threaten…
Inside the ZIP Trap: How APT36 Targets BOSS Linux to Exfiltrate Critical Data

Jul 7, 2025 4:34 PM

Tags: cyber, data, defense, espionage, government, india, linux, tactics, threat

CYFIRMA has uncovered a highly sophisticated cyber-espionage campaign orchestrated by APT36, also known as Transparent Tribe, a Pakistan-based threat actor with a notorious history of targeting Indian defense and government sectors. This latest operation marks a significant shift in tactics, as APT36 adapts its arsenal to infiltrate Linux-based environments, specifically focusing on BOSS Linux, a…
Scattered Spider Enhances Tactics to Exploit Legitimate Tools for Evasion and Persistence

Jul 4, 2025 2:35 PM

Tags: cloud, cyber, cybercrime, exploit, group, phishing, tactics, tool

Scattered Spider, also tracked under aliases such as UNC3944, Scatter Swine, and Muddled Libra, has emerged as a formidable financially motivated cybercriminal group since at least May 2022. Initially known for targeting telecommunications and tech firms with phishing and SIM-swapping campaigns, the group has significantly evolved, orchestrating full-spectrum, multi-stage intrusions across both cloud and on-premises…
Massive Android Ad Fraud ‘IconAds’ Uses Google Play to Target and Exploit Users

Jul 4, 2025 11:35 AM

Tags: android, cyber, exploit, fraud, google, intelligence, malicious, tactics, threat

HUMAN’s Satori Threat Intelligence and Research Team has dismantled a sprawling ad fraud operation named IconAds, which infiltrated the Google Play Store with 352 malicious apps. At its peak, this scheme generated a staggering 1.2 billion bid requests daily, flooding users’ screens with out-of-context ads while employing cunning tactics to hide app icons and obscure…
Scattered Spider Tactics Include Data Theft, Extortion: CrowdStrike

Jul 2, 2025 10:34 PM

Tags: attack, crowdstrike, data, extortion, group, ransomware, tactics, theft, threat

Threat researchers from CrowdStrike are pointing to Scattered Spider’s focus on more than just traditional ransomware attacks, as experts have separately linked the threat group to a data theft attack against Australian airline Qantas. First seen on crn.com Jump to article: www.crn.com/news/security/2025/scattered-spider-tactics-include-data-theft-extortion-crowdstrike
FileFix Attack Chain Enables Malicious Script Execution

Jul 2, 2025 3:34 PM

Tags: attack, malicious, social-engineering, tactics, threat

By using social engineering tactics, threat actors are able to manipulate their victims into saving and renaming files that will backfire against them. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/filefix-attack-chain-malicious-script
Scattered Spider shifts focus to airlines as strikes hit Hawaiian, WestJet, and now Qantas

Jul 2, 2025 1:34 PM

Tags: attack, authentication, breach, business, cisa, ciso, corporate, credentials, cybersecurity, data, data-breach, government, group, hacker, identity, india, mfa, microsoft, network, password, phone, ransom, ransomware, social-engineering, supply-chain, tactics, unauthorized, vulnerability

Sophisticated help desk deception campaigns: The group has perfected calling corporate help desks and impersonating employees to trick support staff into resetting passwords and adding unauthorized devices to multi-factor authentication systems.Cybercrime syndicates like Scattered Spider operate as compartmentalized organizations, with distinct teams specializing in different attack phases, said Sunil Varkey, advisor at Beagle Security. “One…
TA829 Hackers Use New TTPs and Enhanced RomCom Backdoor to Evade Detection

Jul 1, 2025 7:34 PM

Tags: backdoor, cyber, cybercrime, detection, espionage, group, hacker, russia, tactics

The cybercriminal group TA829, also tracked under aliases like RomCom, Void Rabisu, and Tropical Scorpius, has been observed deploying sophisticated tactics, techniques, and procedures (TTPs) alongside an updated version of its infamous RomCom backdoor, now dubbed SingleCamper (aka SnipBot). This group, known for blending financially motivated cybercrime with espionage campaigns often aligned with Russian state…
TA829 and UNK_GreenSec Share Tactics and Infrastructure in Ongoing Malware Campaigns

Jul 1, 2025 7:34 PM

Tags: cybersecurity, group, infrastructure, malware, rat, tactics, threat

Cybersecurity researchers have flagged the tactical similarities between the threat actors behind the RomCom RAT and a cluster that has been observed delivering a loader dubbed TransferLoader.Enterprise security firm Proofpoint is tracking the activity associated with TransferLoader to a group dubbed UNK_GreenSec and the RomCom RAT actors under the moniker TA829. The latter is also…
New Report Uncovers Major Overlaps in Cybercrime and State-Sponsored Espionage

Jul 1, 2025 5:34 PM

Tags: cyber, cybercrime, espionage, group, russia, tactics

Proofpoint has identified similarities between the tactics of a pro-Russian cyber espionage group and a cybercriminal gang First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/major-overlaps-cybercrime-espionage/
Stealthy WordPress Malware Uses PHP Backdoor to Deliver Windows Trojan

Jul 1, 2025 1:34 PM

Tags: attack, backdoor, cyber, infection, malicious, malware, tactics, windows, wordpress

A sophisticated malware campaign targeting WordPress websites has recently been uncovered, showcasing an intricate and stealthy approach to delivering a Windows-based trojan. This attack, which operates beneath the surface of seemingly clean websites, employs a layered infection chain involving PHP-based droppers, obfuscated code, and IP-based evasion tactics to distribute a malicious payload named client32.exe. Hidden…
North Korean IT Workers Employ New Tactics to Infiltrate Global Organizations

Jul 1, 2025 11:34 AM

Tags: ai, china, cyber, intelligence, korea, microsoft, north-korea, russia, tactics, technology, threat, tool

Microsoft Threat Intelligence has uncovered a sophisticated operation by North Korean remote IT workers who are leveraging cutting-edge artificial intelligence (AI) tools to infiltrate organizations worldwide. Since at least 2020, these highly skilled individuals, often based in North Korea, China, and Russia, have been targeting technology-related roles across various industries to generate revenue for the…
How analyzing 700,000 security incidents helped our understanding of Living Off the Land tactics

Jul 1, 2025 7:34 AM

Tags: security-incident, tactics

This article shares initial findings from internal Bitdefender Labs research into Living off the Land (LOTL) techniques. Our team at Bitdefender Labs, comprised of hundreds of … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/01/bitdefender-lotl-security-incidents-phasr/
Scattered Spider shifts focus to airlines with strikes on Hawaiian and WestJet

Jun 30, 2025 3:33 PM

Tags: attack, authentication, breach, business, cisa, corporate, credentials, cybersecurity, data, data-breach, government, group, hacker, identity, india, mfa, microsoft, network, password, phone, ransom, ransomware, social-engineering, supply-chain, tactics, unauthorized, vulnerability

Sophisticated help desk deception campaigns: The group has perfected calling corporate help desks and impersonating employees to trick support staff into resetting passwords and adding unauthorized devices to multi-factor authentication systems.Cybercrime syndicates like Scattered Spider operate as compartmentalized organizations, with distinct teams specializing in different attack phases, said Sunil Varkey, advisor at Beagle Security. “One…
Scattered Spider Targets Tech Companies with Phishing Frameworks like Evilginx and Social Engineering Tactics

Jun 30, 2025 12:34 PM

Tags: credentials, cyber, finance, framework, group, hacking, phishing, social-engineering, tactics, technology, threat

The notorious hacking collective Scattered Spider, also known as UNC3944 or Octo Tempest, has emerged as a formidable threat to high-value industries, with a particular focus on technology, finance, and retail sectors. Recent research reveals that 81% of the group’s registered domains impersonate technology vendors, aiming to harvest credentials from high-value targets such as system…
Cybercriminals take malicious AI to the next level

Jun 30, 2025 11:33 AM

Tags: ai, automation, breach, chatgpt, cisco, control, credit-card, cybercrime, cybersecurity, dark-web, data, deep-fake, defense, finance, fraud, group, hacking, intelligence, LLM, malicious, marketplace, monitoring, phishing, service, social-engineering, strategy, tactics, threat, tool, vulnerability

Custom face generation for dating scamsAudio spoofing for voice verification fraudOn-demand video avatars that lip-sync based on customer-submitted scriptsThese services are increasingly offered with add-ons such as pre-loaded backstories,matching fake documents, and automated scheduling for calls. Prompt engineering as a service: Underground communities have also emerged around the art of crafting jailbreak prompts.These “bypass builders”…
Scattered Spider hackers shift focus to aviation, transportation firms

Jun 27, 2025 8:36 PM

Tags: hacker, insurance, tactics

Hackers associated with Scattered Spider tactics have expanded their targeting to the aviation and transportation industries after previously attacking insurance and retail sectors First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/scattered-spider-hackers-shift-focus-to-aviation-transportation-firms/
Cybersecurity Snapshot: U.S. Gov’t Urges Adoption of Memory-Safe Languages and Warns About Iran Cyber Threat

Jun 27, 2025 6:36 PM

Tags: access, advisory, ai, api, attack, authentication, best-practice, cisa, computer, computing, crypto, cryptography, cyber, cybersecurity, data, defense, encryption, exploit, finance, framework, google, governance, government, group, hacker, healthcare, infrastructure, injection, intelligence, Internet, iran, login, mfa, military, mitigation, mitre, network, nist, passkey, password, programming, ransomware, risk, rust, service, software, strategy, tactics, technology, terrorism, threat, tool, training, vulnerability, warfare

Check out the U.S. government’s latest call for developers to use memory-safe programming languages, as well as its warning for cybersecurity teams regarding cyber risk from hackers tied to Iran. Plus, get the latest on ransomware trends, the quantum computing cyber threat and more! Dive into five things that are top of mind for the…
Navigating a Heightened Cyber Threat Landscape: Military Conflict Increases Attack Risks

Jun 27, 2025 2:36 PM

Tags: advisory, ai, attack, authentication, breach, business, cloud, container, control, cyber, cyberattack, cybersecurity, data, data-breach, defense, detection, exploit, finance, firmware, group, hacker, hacking, Hardware, identity, infrastructure, intelligence, Internet, iran, mfa, military, network, password, risk, russia, service, strategy, tactics, technology, terrorism, threat, tool, update, vulnerability, vulnerability-management

The current geopolitical climate demands a proactive, comprehensive approach to cybersecurity. Here’s what you need to know, and how Tenable can help. The cybersecurity landscape is in constant flux, but rarely do we see such a rapid escalation of threats as we are currently experiencing. The U.S. Department of Homeland Security’s (DHS) National Terrorism Advisory…
Frequently Asked Questions About Iranian Cyber Operations

Jun 27, 2025 2:36 PM

Tags: access, advisory, api, apt, attack, authentication, awareness, cisa, cloud, credentials, cve, cyber, cybersecurity, data, data-breach, defense, dos, exploit, finance, framework, government, group, Hardware, identity, infrastructure, injection, Internet, iran, ivanti, malware, mfa, microsoft, middle-east, military, mitre, monitoring, network, password, ransomware, rce, remote-code-execution, risk, service, software, supply-chain, tactics, technology, terrorism, threat, tool, update, vpn, vulnerability, windows

Tenable’s Research Special Operations team focuses on some frequently asked questions about Iranian cyber operations, including the tactics, techniques and procedures employed by Iran-based threat actors. Background Tenable’s Research Special Operations (RSO) team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding Iranian cyber operations in the wake of the recent conflict and…
Don’t trust that email: It could be from a hacker using your printer to scam you

Jun 27, 2025 5:36 AM

Tags: authentication, control, credentials, data, defense, dkim, dmarc, email, endpoint, exploit, framework, hacker, infrastructure, iot, login, mail, microsoft, monitoring, network, phishing, powershell, qr, risk, scam, tactics, tool, vulnerability, zero-day

tenantname.mail.protection.outlook.com, and companies’ internal email address formats can be trivial to figure out or easy to scrape from public sources or social media. Once an attacker has the domain and a valid email address, they are able to send emails that appear to come from inside the organization.In the campaign observed by Varonis’ forensics experts,…
Researchers Demonstrate Windows Registry Manipulation via C++ Program

Jun 26, 2025 10:36 AM

Tags: api, cyber, cyberattack, cybersecurity, defense, exploit, malware, tactics, windows

Cybersecurity researchers have developed a C++ program demonstrating how attackers manipulate the Windows Registry to establish persistence, evade defenses, and alter system behavior. This technique, central to many cyberattacks, exploits the registry’s role as Windows’ configuration database. The program uses Windows API functions to modify registry keys, simulating tactics employed by real-world malware while highlighting…
Dire Wolf Ransomware Comes Out Snarling, Bites Technology, Manufacturing

Jun 25, 2025 7:36 PM

Tags: extortion, group, ransomware, tactics, technology

The emerging group has already gotten its teeth into 16 victims since May with its double extortion tactics, claiming victims in 11 countries, including the US, Thailand, and Taiwan. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/dire-wolf-ransomware-manufacturing-technology
The CISO’s 5-step guide to securing AI operations

Jun 24, 2025 10:35 AM

Tags: ai, api, best-practice, business, cio, ciso, cloud, control, cybersecurity, data, deep-fake, framework, google, governance, guide, infosec, injection, intelligence, law, LLM, mitre, programming, risk, risk-management, software, startup, supply-chain, tactics, technology, threat, tool, training, unauthorized, vulnerability

2. Develop a comprehensive and continuous view of AI risks: Getting a handle on organizational AI risks starts with the basics, such as an AI asset inventory, software bills of material, vulnerability and exposure management best practices, and an AI risk register. Beyond basic hygiene, CISOs and security professionals must understand the fine points of…
Successful Military Attacks are Driving Nation States to Cyber Options

Jun 24, 2025 5:35 AM

Tags: attack, china, communications, computing, cyber, cyberattack, cybersecurity, data, defense, exploit, extortion, finance, fraud, government, healthcare, infrastructure, iran, korea, middle-east, military, north-korea, russia, service, tactics, technology, tool, ukraine, vulnerability, warfare

With daring military attacks, kinetic warfare is shifting the balance of power in regions across the globe, upending the perception of power projection. Powerful nations are reeling from the impacts of bold assaults and seeking additional methods to drive foreign policy”Š”, “Šcyber may look as an appealing asymmetric warfare capability that is worth doubling-down on.…