Tag: tactics
-
China-Based Threat Actor Mustang Panda’s TTPs Leaked
A significant milestone for cybersecurity experts is the disclosure of specific tactics, methods, and procedures (TTPs) used by Mustang Panda, an advanced persistent threat (APT) group based in China, which has illuminated their intricate activities. First observed in 2017 but potentially active since 2014, Mustang Panda is a state-sponsored actor specializing in cyber espionage, targeting…
-
New Android Trojan Variant Expands with Ransomware Tactics
A new version of the Hook Android banking Trojan features 107 remote commands, including ransomware overlays First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/android-trojan-expands-ransomware/
-
Formal Methods for Stellar DeFi: Verifying Lending Protocol with Certora Sunbeam Prover
Hello! My name is Kirill Ziborov, and I’m a formal verification engineer and security researcher at Positive Web3. From February 24 to March 18, an audit contest for the Blend protocol on the Stellar blockchain was held on the Code4rena. In addition to the traditional manual audit, the competition included a formal verification track using…
-
Beware! Fake Google Play Store Sites Used to Spread Android Malware
Cybersecurity researchers have identified a resurgence of SpyNote malware campaigns targeting Android users through sophisticated fake Google Play Store websites. The malicious actor behind these attacks has implemented new anti-analysis techniques and expanded their deceptive tactics since previous reports, demonstrating a persistent threat to mobile device security. Deceptive Campaign Hits Popular Apps The threat actor…
-
Chinese UNC6384 Hackers Use Valid Code-Signing Certificates to Evade Detection
Google Threat Intelligence Group (GTIG) has uncovered a multifaceted cyber espionage operation attributed to the PRC-nexus threat actor UNC6384, believed to be associated with TEMP.Hex (also known as Mustang Panda). This campaign, aligned with China’s strategic interests, primarily targeted diplomats in Southeast Asia alongside global entities, employing advanced tactics such as adversary-in-the-middle (AitM) attacks, captive…
-
Behind the Coinbase breach: Bribery emerges as enterprise threat
Coinbase’s widely praised incident response: Coinbase’s transparency, firm stance against the ransom, quick remediation, and willingness to compensate its customers earned wide praise from cybersecurity professionals.According to Coinbase’s Martin, the hackers resorted to paying help desk workers in India precisely because the company had built such a robust security program. Bribery, according to Martin, was…
-
Munich Reinsurance unites global security teams to boost resilience, cut costs
Tags: access, best-practice, business, cloud, conference, cyber, cybersecurity, defense, detection, edr, group, incident response, intelligence, jobs, lessons-learned, metric, network, resilience, risk, siem, skills, soc, strategy, tactics, threat, toolConsolidate functions into one incident response team, one threat intelligence team, and one threat-hunting team serving all Munich brands around the clock.Improve team capabilities by blending the strongest skills of each team into more mature, well-rounded functions.Reduce redundancies in responsibilities, tools, and processes to cut costs.To reach these goals, Munich deployed various tactics, including:Combining best…
-
IoT under siege: The return of the Mirai-based Gayfemboy Botnet
Mirai-based Gayfemboy botnet resurfaces, evolving to target systems worldwide; Fortinet researchers provided details about the new campaign. FortiGuard Labs researchers tracked a new Gayfemboy botnet campaign, the malware exploits known flaws in DrayTek, TP-Link, Raisecom, and Cisco, showing evolved tactics and renewed activity. The Gayfemboy botnet was first identified in February 2024, it borrows the…
-
BQTLOCK Ransomware-as-a-Service Emerges, Boasting Sophisticated Evasion Tactics
Ransomware-as-a-Service (RaaS) models continue to democratize sophisticated attacks in the ever-changing world of cybercrime by allowing affiliates with little technical know-how to distribute ransomware through profit-sharing or subscription models. A newly identified strain, BQTLock, has emerged since mid-July 2025, operating under this RaaS paradigm and marketed aggressively on dark web forums and Telegram channels. Overview…
-
Breach Roundup: Scattered Spider Hacker Gets 10 Years
Also: New ‘Quishing’ Tactics, Pro-Houthi Hacker Sentenced to 20 Months. This week, a Scattered Spider hacker sentenced, new squishing tricks, a pro-Houthi hacker gets 20 months in the United Kingdom, a Taiwanese web hosting provider hacked, the Business Council of New York and Ohio Medical Cannabis Center breached, North Korean hackers target Seoul and an…
-
Paper Werewolf Exploits WinRAR Zero-Day Vulnerability to Deliver Malware
Cyber spies associated with the threat actor group Paper Werewolf have demonstrated advanced capabilities in bypassing email security filters by delivering malware through seemingly legitimate archive files, a tactic that exploits the commonality of such attachments in business correspondence. Despite their sophistication, these attackers continue to rely on detectable tactics, techniques, and procedures (TTPs), underscoring…
-
Tailing Hackers, Columbia University Uses Logging to Improve Security
Logging netflows provided valuable insight about attacker tactics during a breach by state-sponsored hackers targeting Columbia’s research labs. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/tailing-hackers-columbia-university-logging-improve-security
-
Tailing Hackers, Columbia University Uses Logging to Improve Security
Logging netflows provided valuable insight about attacker tactics during a breach by state-sponsored hackers targeting Columbia’s research labs. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/tailing-hackers-columbia-university-logging-improve-security
-
Futurum Signal is Live: Real-Time Intelligence for Cyber Defenders
Tags: ai, attack, cyber, cybersecurity, intelligence, phishing, ransomware, tactics, threat, update, zero-dayIn cybersecurity, timing is everything. Threats don’t wait for quarterly analyst updates, and adversaries don’t schedule their attacks to match publication calendars. We live in a world where zero-days drop overnight, AI-powered phishing campaigns spin up in hours, and ransomware operators pivot their tactics daily. In this kind of environment, static analyst reports are less..…
-
New Ghost-Tapping Attacks Target Apple Pay and Google Pay Users’ Linked Cards
Chinese-speaking cybercriminals are using ghost-tapping techniques to take advantage of Near Field Communication (NFC) relay tactics in a sophisticated evolution of payment card fraud. They are mainly targeting mobile payment services such as Apple Pay and Google Pay. This attack vector involves relaying stolen payment card credentials from compromised devices to mules’ burner phones, enabling…
-
North Korean Hackers’ Secret Linux Malware Surfaces Online
Phrack Magazine’s latest issue #72 has unveiled a significant data leak from a suspected North Korean hacking operation, including exploit tactics, compromised system details, and a sophisticated Linux rootkit. The dump, linked to a Chinese threat actor targeting South Korean and Taiwanese government and private sectors, shows overlaps with the North Korean Kimsuky APT group.…
-
Law Enforcement Seizes BlackSuit Ransomware Servers Targeting U.S. Critical Infrastructure
Tags: control, cyber, extortion, group, infrastructure, international, law, ransomware, tactics, threatThe U.S. Department of Justice, in collaboration with multiple domestic and international law enforcement agencies, announced the seizure of critical infrastructure associated with the BlackSuit ransomware group, formerly known as Royal. Authorities dismantled four command-and-control (C2) servers and nine domains utilized by the threat actors for deploying ransomware payloads, extorting victims through double-extortion tactics, and…
-
Charon Ransomware Emerges With APT-Style Tactics
The first documented deployment of the novel malware in a campaign against the Middle Eastern public sector and aviation industry may be tied to China’s state-sponsored actor Earth Baxia. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/charon-ransomware-apt-tactics
-
Cybercrime Groups ShinyHunters, Scattered Spider Join Forces in Extortion Attacks on Businesses
Tags: attack, credentials, cybercrime, data, extortion, finance, group, service, tactics, technology, theftAn ongoing data extortion campaign targeting Salesforce customers may soon turn its attention to financial services and technology service providers, as ShinyHunters and Scattered Spider appear to be working hand in hand, new findings show.”This latest wave of ShinyHunters-attributed attacks reveals a dramatic shift in tactics, moving beyond the group’s previous credential theft and database…
-
ShinyHunters Tactics Now Mirror Scattered Spider
There’s growing evidence that two of arguably the most dangerous cybercrime groups out there are tag-teaming big targets. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/shinyhunters-tactics-mirror-scattered-spider
-
Researchers Detail Script-Masking Tactics That Bypass Defenses
Security researchers and cybersecurity professionals are highlighting the growing sophistication of payload obfuscation techniques that allow malicious actors to bypass traditional defense mechanisms. As organizations increasingly rely on web application firewalls (WAFs) and automated security tools, attackers are developing more creative methods to disguise their malicious code as harmless data, presenting significant challenges for enterprise…
-
9 things CISOs need know about the dark web
Tags: 2fa, access, ai, attack, automation, backup, blockchain, botnet, breach, captcha, ceo, ciso, communications, corporate, credentials, crypto, cyber, cybercrime, cybersecurity, dark-web, data, data-breach, ddos, deep-fake, defense, detection, dns, exploit, extortion, finance, fraud, group, guide, hacking, identity, incident, incident response, infrastructure, intelligence, international, jobs, law, leak, lockbit, malicious, malware, marketplace, mfa, monitoring, network, open-source, phishing, privacy, ransomware, resilience, risk, russia, saas, scam, service, strategy, tactics, technology, threat, tool, training, vpn, vulnerability, zero-dayNew groups form after major marketplaces are disrupted: International takedown efforts damage infrastructure and curb cybercrime operations by disrupting larger operations, removing major players from the ecosystem and scattering user bases.However, the dark web is highly adaptive and sophisticated actors often maintain contingency plans, including mirrors, backups, and alternative forums, according to Edward Currie, associate…
-
Why DNS threats should be on every CISO’s radar in 2025
DNS is once again in the crosshairs of threat actors. According to the 2025 DNS Threat Landscape Report by Infoblox, attackers are changing tactics, and enterprises are … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/12/dns-threat-landscape-2025/
-
BERT Ransomware
A New Breed of Cyber Threat A new ransomware strain is making waves, not just for its technical prowess but also for the mystery behind its name: BERT Ransomware. As businesses and individuals race to defend themselves against increasingly complex attacks, BERT stands out for blending classic ransomware tactics with modern evasion techniques. But what……
-
UAC-0099 Tactics, Techniques, Procedures and Attack Methods Revealed
Tags: attack, cyber, defense, email, espionage, government, malicious, military, phishing, powershell, spear-phishing, tactics, threat, ukraineUAC-0099, a persistent threat actor active since at least 2022, has conducted sophisticated cyber-espionage operations against Ukrainian government, military, and defense entities, evolving its toolkit across three major campaigns documented in CERT-UA alerts from June 2023, December 2024, and August 2025. Initially relying on the PowerShell-based LONEPAGE loader delivered via spear-phishing emails with malicious attachments…
-
DarkCloud Stealer Uses Novel Infection Chain and ConfuserEx Obfuscation Techniques
Unit 42 researchers have identified a significant evolution in the distribution tactics of DarkCloud Stealer, an infostealer malware first observed shifting its delivery mechanisms in early April 2025. This update introduces a novel infection chain that incorporates advanced obfuscation via ConfuserEx, culminating in a Visual Basic 6 (VB6) payload designed to thwart static and dynamic…
-
DarkCloud Stealer Targets Windows Systems to Harvest Login Credentials and Financial Data
A new variant of the DarkCloud information-stealer malware has been observed targeting Microsoft Windows systems, primarily affecting Windows users by collecting sensitive data such as login credentials, financial information, and personal contacts. Discovered in early July 2025 by Fortinet’s FortiGuard Labs, this high-severity campaign leverages sophisticated phishing tactics to initiate infections, demonstrating advanced evasion methods…
-
Leaked Credentials Up 160%: What Attackers Are Doing With Them
When an organization’s credentials are leaked, the immediate consequences are rarely visible”, but the long-term impact is far-reaching. Far from the cloak-and-dagger tactics seen in fiction, many real-world cyber breaches begin with something deceptively simple: a username and password.According to Verizon’s 2025 Data Breach Investigations Report, leaked credentials accounted for 22% of breaches First seen…

