Tag: tactics
-
Law Enforcement Seizes BlackSuit Ransomware Servers Targeting U.S. Critical Infrastructure
Tags: control, cyber, extortion, group, infrastructure, international, law, ransomware, tactics, threatThe U.S. Department of Justice, in collaboration with multiple domestic and international law enforcement agencies, announced the seizure of critical infrastructure associated with the BlackSuit ransomware group, formerly known as Royal. Authorities dismantled four command-and-control (C2) servers and nine domains utilized by the threat actors for deploying ransomware payloads, extorting victims through double-extortion tactics, and…
-
Cybercrime Groups ShinyHunters, Scattered Spider Join Forces in Extortion Attacks on Businesses
Tags: attack, credentials, cybercrime, data, extortion, finance, group, service, tactics, technology, theftAn ongoing data extortion campaign targeting Salesforce customers may soon turn its attention to financial services and technology service providers, as ShinyHunters and Scattered Spider appear to be working hand in hand, new findings show.”This latest wave of ShinyHunters-attributed attacks reveals a dramatic shift in tactics, moving beyond the group’s previous credential theft and database…
-
Charon Ransomware Emerges With APT-Style Tactics
The first documented deployment of the novel malware in a campaign against the Middle Eastern public sector and aviation industry may be tied to China’s state-sponsored actor Earth Baxia. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/charon-ransomware-apt-tactics
-
ShinyHunters Tactics Now Mirror Scattered Spider
There’s growing evidence that two of arguably the most dangerous cybercrime groups out there are tag-teaming big targets. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/shinyhunters-tactics-mirror-scattered-spider
-
Researchers Detail Script-Masking Tactics That Bypass Defenses
Security researchers and cybersecurity professionals are highlighting the growing sophistication of payload obfuscation techniques that allow malicious actors to bypass traditional defense mechanisms. As organizations increasingly rely on web application firewalls (WAFs) and automated security tools, attackers are developing more creative methods to disguise their malicious code as harmless data, presenting significant challenges for enterprise…
-
9 things CISOs need know about the dark web
Tags: 2fa, access, ai, attack, automation, backup, blockchain, botnet, breach, captcha, ceo, ciso, communications, corporate, credentials, crypto, cyber, cybercrime, cybersecurity, dark-web, data, data-breach, ddos, deep-fake, defense, detection, dns, exploit, extortion, finance, fraud, group, guide, hacking, identity, incident, incident response, infrastructure, intelligence, international, jobs, law, leak, lockbit, malicious, malware, marketplace, mfa, monitoring, network, open-source, phishing, privacy, ransomware, resilience, risk, russia, saas, scam, service, strategy, tactics, technology, threat, tool, training, vpn, vulnerability, zero-dayNew groups form after major marketplaces are disrupted: International takedown efforts damage infrastructure and curb cybercrime operations by disrupting larger operations, removing major players from the ecosystem and scattering user bases.However, the dark web is highly adaptive and sophisticated actors often maintain contingency plans, including mirrors, backups, and alternative forums, according to Edward Currie, associate…
-
Why DNS threats should be on every CISO’s radar in 2025
DNS is once again in the crosshairs of threat actors. According to the 2025 DNS Threat Landscape Report by Infoblox, attackers are changing tactics, and enterprises are … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/12/dns-threat-landscape-2025/
-
BERT Ransomware
A New Breed of Cyber Threat A new ransomware strain is making waves, not just for its technical prowess but also for the mystery behind its name: BERT Ransomware. As businesses and individuals race to defend themselves against increasingly complex attacks, BERT stands out for blending classic ransomware tactics with modern evasion techniques. But what……
-
UAC-0099 Tactics, Techniques, Procedures and Attack Methods Revealed
Tags: attack, cyber, defense, email, espionage, government, malicious, military, phishing, powershell, spear-phishing, tactics, threat, ukraineUAC-0099, a persistent threat actor active since at least 2022, has conducted sophisticated cyber-espionage operations against Ukrainian government, military, and defense entities, evolving its toolkit across three major campaigns documented in CERT-UA alerts from June 2023, December 2024, and August 2025. Initially relying on the PowerShell-based LONEPAGE loader delivered via spear-phishing emails with malicious attachments…
-
DarkCloud Stealer Uses Novel Infection Chain and ConfuserEx Obfuscation Techniques
Unit 42 researchers have identified a significant evolution in the distribution tactics of DarkCloud Stealer, an infostealer malware first observed shifting its delivery mechanisms in early April 2025. This update introduces a novel infection chain that incorporates advanced obfuscation via ConfuserEx, culminating in a Visual Basic 6 (VB6) payload designed to thwart static and dynamic…
-
DarkCloud Stealer Targets Windows Systems to Harvest Login Credentials and Financial Data
A new variant of the DarkCloud information-stealer malware has been observed targeting Microsoft Windows systems, primarily affecting Windows users by collecting sensitive data such as login credentials, financial information, and personal contacts. Discovered in early July 2025 by Fortinet’s FortiGuard Labs, this high-severity campaign leverages sophisticated phishing tactics to initiate infections, demonstrating advanced evasion methods…
-
Leaked Credentials Up 160%: What Attackers Are Doing With Them
When an organization’s credentials are leaked, the immediate consequences are rarely visible”, but the long-term impact is far-reaching. Far from the cloak-and-dagger tactics seen in fiction, many real-world cyber breaches begin with something deceptively simple: a username and password.According to Verizon’s 2025 Data Breach Investigations Report, leaked credentials accounted for 22% of breaches First seen…
-
Leaked Credentials Up 160%: What Attackers Are Doing With Them
When an organization’s credentials are leaked, the immediate consequences are rarely visible”, but the long-term impact is far-reaching. Far from the cloak-and-dagger tactics seen in fiction, many real-world cyber breaches begin with something deceptively simple: a username and password.According to Verizon’s 2025 Data Breach Investigations Report, leaked credentials accounted for 22% of breaches First seen…
-
10 Best Red Teaming Companies for Advanced Attack Simulation in 2025
Tags: attack, cyber, cybersecurity, defense, penetration-testing, RedTeam, tactics, threat, vulnerabilityRed teaming companies are specialized cybersecurity firms that use a proactive, adversarial approach to test an organization’s defenses by simulating a real-world cyberattack. Unlike traditional penetration testing, which typically focuses on finding specific vulnerabilities, red teaming emulates the tactics, techniques, and procedures (TTPs) of an advanced persistent threat (APT) actor. The goal is to evaluate…
-
Beef up AI security with zero trust principles
Tags: access, ai, attack, control, data, data-breach, defense, intelligence, LLM, mitigation, mitre, monitoring, risk, strategy, tactics, threat, update, vulnerability, zero-trustStrategies for CSOs: Brauchler offered three AI threat modelling strategies CSOs should consider:Trust flow tracking, the tracking of the movement of data throughout an application, and monitoring the level of trust that is associated with that data. It’s a defense against an attacker who is able to get untrusted data into an application to control…
-
Lazarus Hackers Use Fake Camera/Microphone Alerts to Deploy PyLangGhost RAT
North Korean state-sponsored threat actors associated with the Lazarus Group, specifically the subgroup known as Famous Chollima, have evolved their tactics by deploying a new Python-based remote access trojan (RAT) dubbed PyLangGhost. This malware represents a reimplementation of the earlier GoLangGhost RAT, exhibiting code structures indicative of AI-assisted porting, including Go-like logic patterns and extensive…
-
Raspberry Robin Malware Targets Windows Systems via New CLFS Driver Exploit
The Raspberry Robin malware, also known as Roshtyak, has undergone substantial updates that enhance its evasion and persistence on Windows systems. Active since 2021 and primarily disseminated through infected USB devices, this sophisticated downloader has integrated advanced obfuscation techniques to thwart reverse-engineering efforts. Encryption Tactics Researchers at Zscaler’s ThreatLabz have observed the addition of multiple…
-
AI company Perplexity is sneaking to get around blocks on crawlers, Cloudflare alleges
Cloudflare said it received complaints from customers about Perplexity using stealthy tactics to evade network blocks against systematic browsing and scraping of web pages. First seen on cyberscoop.com Jump to article: cyberscoop.com/perplexity-blocks-on-crawlers-cloudflare/
-
Five Things To Know From CrowdStrike’s 2025 Threat Hunting Report
Attackers have put increased efforts behind compromising multiple IT domains at targeted victims as part of utilizing stealthier tactics, according to CrowdStrike’s latest threat hunting report released Monday. First seen on crn.com Jump to article: www.crn.com/news/security/2025/five-things-to-know-from-crowdstrike-s-2025-threat-hunting-report
-
Response to CISA Advisory (AA25-212A): CISA and USCG Identify Areas for Cyber Hygiene Improvement After Conducting Proactive Threat Hunt at US Critical Infrastructure Organization
In response to the recently published CISA Advisory (AA25-212A), AttackIQ has provided actionable recommendations to help organizations emulate such attacks. These recommendations enable organizations to emulate tactics and techniques, helping to assess and improve their defenses against similar adversarial behaviors. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/response-to-cisa-advisory-aa25-212a-cisa-and-uscg-identify-areas-for-cyber-hygiene-improvement-after-conducting-proactive-threat-hunt-at-us-critical-infrastructure-org…
-
LockBit Operators Use Stealthy DLL Sideloading to Mask Malicious App as Legitimate One
Operators of LockBit ransomware have improved their tactics, methods, and procedures (TTPs) to avoid detection and increase damage in the always changing world of cyberthreats. By exploiting DLL sideloading and masquerading, these attackers disguise malicious activities within legitimate system processes, enabling persistence and seamless integration into compromised environments. DLL sideloading tricks trusted applications into loading…
-
How bright are AI agents? Not very, recent reports suggest
CSOs should ‘skip the fluff’: Meghu’s advice to CSOs: Stop reading the marketing and betting too much of your business on AI/LLM technology as it exists today. Start small and always have a human operator to guide it.”If you skip the fluff and get to the practical application, we have a new technology that could…
-
Industry groups urge vigilance as Scattered Spider evolves tactics
Information-sharing organizations warned their members that Scattered Spider continues to pose a major threat. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ISAC-vigilance-scattered-spider-tactics/756455/