Tag: tactics

TA397’s Global Targeting Tactics Reveal Indian State-Backed Cyber Operations

Jun 7, 2025 5:54 AM

Tags: cyber, india, tactics

The post TA397’s Global Targeting Tactics Reveal Indian State-Backed Cyber Operations appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/ta397s-global-targeting-tactics-reveal-indian-state-backed-cyber-operations/
Cutting-Edge ClickFix Tactics Snowball, Pushing Phishing Forward

Jun 6, 2025 10:54 PM

Tags: business, malware, phishing, tactics

Several widespread ClickFix campaigns are underway, bent on delivering malware to business targets, and they represent a new level of phishing sophistication that defenders need to be prepared for, researchers warn. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/cutting-edge-clickfix-snowball-phishing
New phishing campaign hijacks clipboard via fake CAPTCHA for malware delivery

Jun 6, 2025 2:54 PM

Tags: attack, captcha, endpoint, exploit, Internet, korea, malware, north-korea, phishing, spam, tactics, tool

Fail-proof exploit of ‘verification fatigue’: SlashNext highlighted that the campaign’s success stems largely from its exploitation of human psychology.”Modern internet users are inundated with spam checks, CAPTCHAs, and security prompts on websites, and they’ve been conditioned to click through these as quickly as possible,” Kelley added. “Attackers exploit this ‘verification fatigue,’ knowing that many users…
ANY.RUN Empowers Government Agencies with Real-Time Threat Detection

Jun 6, 2025 1:55 PM

Tags: breach, cyber, cyberattack, detection, government, infrastructure, malicious, malware, phishing, tactics, threat

Government agencies worldwide are facing an unprecedented wave of cyberattacks, with adversaries employing advanced tactics to breach critical infrastructure and steal sensitive data. Recent case studies analyzed using the ANY.RUN malware analysis platform reveal how attackers are leveraging phishing, domain spoofing, and malicious document delivery to target public sector organizations. These incidents highlight the urgent…
Researchers Detail Bitter APT’s Evolving Tactics as Its Geographic Scope Expands

Jun 5, 2025 5:54 PM

Tags: apt, group, hacking, india, intelligence, malware, tactics, threat

The threat actor known as Bitter has been assessed to be a state-backed hacking group that’s tasked with gathering intelligence that aligns with the interests of the Indian government.That’s according to new findings jointly published by Proofpoint and Threatray in an exhaustive two-part analysis.”Their diverse toolset shows consistent coding patterns across malware families, particularly in…
CISA Releases TTPs IoCs for Play Ransomware That Hacked 900+ Orgs

Jun 5, 2025 11:55 AM

Tags: cisa, cyber, cybersecurity, infrastructure, ransomware, tactics

The Cybersecurity and Infrastructure Security Agency (CISA), alongside the Federal Bureau of Investigation (FBI) and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), has released detailed Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IoCs) for the notorious Play ransomware group. As of May 2025, the FBI has identified approximately 900 entities…
Livingthe-land tactics evident in most major cyberattacks

Jun 4, 2025 11:54 PM

Tags: cyberattack, tactics

First seen on scworld.com Jump to article: www.scworld.com/brief/living-off-the-land-tactics-evident-in-most-major-cyberattacks
Hackers use Vishing to breach Salesforce customers and swipe data

Jun 4, 2025 4:55 PM

Tags: access, attack, authentication, best-practice, breach, cloud, data, extortion, group, hacker, least-privilege, malware, mfa, microsoft, monitoring, network, okta, service, social-engineering, tactics, threat, tool

Lateral movement for further extortion: After breaching Salesforce, the group moves laterally across cloud services, targeting tools like Okta, Microsoft 365, and Workplace to widen the scope of the breach.Researchers point out that, in some cases, extortion attempts have surfaced months after the initial intrusion, with the threat actors even claiming ties to the infamous…
Threat Actors Abuse ‘Prove You Are Human’ System to Distribute Malware

Jun 4, 2025 10:54 AM

Tags: attack, captcha, cyber, exploit, malicious, malware, powershell, tactics, threat, windows

Threat actors have been found exploiting the ubiquitous >>Prove You Are Human
The high cost of misconfigured DevOps tools: Global cryptojacking hits enterprises

Jun 3, 2025 4:54 PM

Tags: access, api, attack, authentication, cloud, control, data-breach, docker, exploit, flaw, infrastructure, Internet, jobs, least-privilege, malware, open-source, service, software, tactics, threat, tool, unauthorized

Lockdown of DevOps exposure: Wiz urges organizations to lock down exposed DevOps infrastructure by following established best practices. For Nomad, enforcing access control lists (ACLs) would have blocked the unauthenticated job executions used in this campaign. Public Gitea instances should be fully patched, with git hooks disabled and the installation locked unless absolutely needed.In Consul,…
Scattered Spider: Three things the news doesn’t tell you

Jun 3, 2025 4:54 PM

Tags: exploit, group, identity, mfa, phishing, tactics, threat

Scattered Spider isn’t one group, it’s an identity-first threat model evolving fast. From vishing to AiTM phishing, they’re exploiting MFA gaps to hijack the cloud. Watch the Push Security webinar to learn how their identity-based tactics work, and how to stop them. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/scattered-spider-three-things-the-news-doesnt-tell-you/
The high cost of misconfigured DevOps: Global cryptojacking hits enterprises

Jun 3, 2025 12:55 PM

Tags: access, api, attack, authentication, cloud, control, data-breach, docker, exploit, flaw, infrastructure, Internet, jobs, least-privilege, malware, open-source, service, software, tactics, threat, tool, unauthorized

Lockdown of DevOps exposure: Wiz urges organizations to lock down exposed DevOps infrastructure by following established best practices. For Nomad, enforcing access control lists (ACLs) would have blocked the unauthenticated job executions used in this campaign. Public Gitea instances should be fully patched, with git hooks disabled and the installation locked unless absolutely needed.In Consul,…
Lyrix Ransomware Targets Windows Users with Advanced Evasion Techniques

Jun 3, 2025 11:54 AM

Tags: cyber, cybersecurity, malicious, ransom, ransomware, software, tactics, threat, windows

A formidable new strain of ransomware, dubbed Lyrix, has recently surfaced, posing a significant threat to Windows users worldwide. Cybersecurity researchers have identified Lyrix as a highly advanced malicious software designed to encrypt critical files and demand substantial ransoms for decryption keys. New Threat Emerges with Sophisticated Tactics Unlike typical ransomware, Lyrix incorporates cutting-edge evasion…
Threat Actors Leverage ClickFix Technique to Deploy EddieStealer Malware

Jun 2, 2025 9:54 PM

Tags: attack, captcha, cyber, cybersecurity, data, malicious, malware, rust, social-engineering, tactics, threat

Cybersecurity researchers have identified a sophisticated malware campaign utilizing deceptive CAPTCHA interfaces to distribute EddieStealer, a Rust-based information stealing malware that targets sensitive user data across multiple platforms. The attack employs the ClickFix technique, tricking victims into executing malicious commands through fake verification prompts, representing a significant evolution in social engineering tactics used by cybercriminals.…
Pro-Ukraine hacker group Black Owl poses ‘major threat’ to Russia, Kaspersky says

Jun 2, 2025 5:54 PM

Tags: cybersecurity, group, hacker, kaspersky, russia, tactics, threat, tool, ukraine

BO Team, also known as Black Owl, has been active since early 2024 and appears to operate independently, with its own arsenal of tools and tactics, researchers at Russian cybersecurity firm Kaspersky said. First seen on therecord.media Jump to article: therecord.media/pro-ukraine-hacker-group-black-owl-major-threat-russia
New PyPI Supply Chain Attacks Target Python and NPM Users on Windows and Linux

Jun 2, 2025 1:54 PM

Tags: attack, cyber, linux, malicious, open-source, pypi, supply-chain, tactics, windows

Checkmarx Zero researcher Ariel Harush has uncovered a sophisticated malicious package campaign targeting Python and NPM users across Windows and Linux platforms through typo-squatting and name-confusion attacks against popular packages. This coordinated supply chain attack demonstrates unprecedented cross-ecosystem tactics and advanced evasion techniques that security researchers warn represent an evolution in open-source threats. Cross-Ecosystem Typo-Squatting…
6 hard truths security pros must learn to live with

Jun 2, 2025 12:54 PM

Tags: ai, attack, breach, business, ciso, control, credentials, cyber, cyberattack, cybercrime, cybersecurity, data, data-breach, defense, detection, finance, fraud, gartner, hacker, ibm, insurance, jobs, network, phishing, resilience, risk, risk-management, skills, social-engineering, tactics, technology, threat, training, vulnerability

No matter how good you are, your organization will be victimized: This is a hard one to swallow, but if we take the “five stages of grief” approach to cybersecurity, it’s better to reach the “acceptance” level than to remain in denial because much of what happens is simply out of your control.A global survey…
North Korean IT Workers Exploit Legitimate Software and Network Tactics to Evade EDR

May 30, 2025 10:55 AM

Tags: control, cyber, data-breach, detection, edr, endpoint, exploit, identity, network, north-korea, software, tactics

A North Korean IT worker, operating under a false identity, was uncovered infiltrating a Western organization with a sophisticated remote-control system. This incident, exposed during a U.S. federal raid on a suspected laptop farm, showcases a chilling trend where adversaries leverage legitimate software and low-level network protocols to evade traditional Endpoint Detection and Response (EDR)…
Warning: Threat actors now abusing Google Apps Script in phishing attacks

May 30, 2025 5:55 AM

Tags: access, attack, awareness, cloud, communications, control, credentials, defense, email, google, login, malicious, microsoft, password, phishing, service, tactics, threat, tool, training

script[.]google[.]com. The attacker is betting the user will see and trust the Google brand, and therefore trust the content.”By using a trusted platform to host the phishing page, the threat actor creates a false sense of security, obscuring the underlying threat with the goal of getting the recipient to enter their email and password without…
Webinar | How to Build a Platform-Based Defense Against Evolving Cyber Threats

May 30, 2025 12:55 AM

Tags: ai, cyber, defense, network, tactics, threat

Palo Alto Networks on How to Construct a Defense for Modern Threats. The rapid evolution of cyber threats, amplified by the integration of AI into adversarial tactics, calls for a shift in defensive strategies. Traditional approaches are no longer sufficient to address the sophistication, scale, and speed of modern attacks. First seen on govinfosecurity.com Jump…
PumaBot Targets Linux Devices in Latest Botnet Campaign

May 29, 2025 7:55 PM

Tags: botnet, linux, tactics

While the botnet may not be completely automated, it uses certain tactics when targeting devices that indicate that it may, at the very least, be semiautomated. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/pumabot-targets-linux-devices-botnet-campaign
Security for High Velocity Engineering

May 29, 2025 2:55 PM

Tags: software, strategy, tactics

Strategy and Tactics for Protecting and Enabling Modern Software Organizations First seen on tldrsec.com Jump to article: tldrsec.com/p/security-for-high-velocity-engineering
UTG015 Hackers Launch Massive Brute-Force Attacks on Government Web Servers

May 29, 2025 1:55 PM

Tags: attack, cyber, exploit, government, group, hacker, malicious, tactics, vulnerability

The hacker group UTG-Q-015, first identified in December 2024 for mounting attacks on major websites like CSDN, has escalated its malicious activities, targeting government and enterprise web servers with unprecedented aggression. Initially disclosed for their tactics of website manipulation, the group has since pivoted to exploiting 0day and Nday vulnerabilities, launching widespread brute-force scanning and…
6 rising malware trends every security pro should know

May 29, 2025 8:55 AM

Tags: adobe, ai, antivirus, apple, attack, awareness, backdoor, business, captcha, cloud, corporate, cybercrime, data, defense, detection, encryption, endpoint, exploit, extortion, framework, group, hacking, incident response, infrastructure, intelligence, Internet, law, leak, macOS, malicious, malware, network, password, phishing, powershell, programming, pypi, ransom, ransomware, service, social-engineering, software, supply-chain, tactics, theft, threat, tool, update, vulnerability, worm

Malicious packages targeting developer environments: Threat actors are systematically compromising the software supply chain by embedding malicious code within legitimate development tools, libraries, and frameworks that organizations use to build applications.”These supply chain attacks exploit the trust between developers and package repositories,” Immersive’s McCarthy tells CSO. “Malicious packages often mimic legitimate ones while running harmful…
The latest in phishing scams: stealing your information through fake online forms

May 28, 2025 3:55 PM

Tags: attack, cybercrime, exploit, phishing, scam, tactics, technology, threat
FBI: Silent Ransom Group Adopts Vishing Campaign Against Law Firms

May 27, 2025 7:54 PM

Tags: extortion, group, law, ransom, ransomware, tactics

The non-ransomware extortion group has switched up tactics and victimology in a deliberate and focused campaign similar to those of other attackers focused on stealing sensitive data. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/fbi-silent-ransom-group-vishing-law-firms
Researchers Uncover macOS ‘AppleProcessHub’ Stealer: TTPs and C2 Server Details Revealed

May 27, 2025 12:54 PM

Tags: apple, cyber, detection, macOS, malware, tactics, threat

Researchers have identified a novel information-stealing malware dubbed ‘AppleProcessHub,’ designed to infiltrate Apple systems and exfiltrate sensitive user data. This discovery sheds light on an evolving threat landscape where macOS, often considered a secure platform, is increasingly becoming a target for sophisticated adversaries. The malware employs advanced tactics, techniques, and procedures (TTPs) to evade detection…
How CISOs can defend against Scattered Spider ransomware attacks

May 27, 2025 8:54 AM

Tags: access, antivirus, attack, backup, ciso, control, credentials, data, defense, detection, edr, exploit, google, group, guide, hacker, hacking, identity, infrastructure, Internet, Intruder, law, mandiant, mfa, network, password, phishing, phone, ransom, ransomware, social-engineering, tactics, threat, tool, vmware, vpn, zero-day

Significant shift to social engineering: Over the past two years, many Scattered Spider members have been arrested and even convicted, including one key member known as “King Bob,” who was arrested in early 2024 and later pleaded guilty to the charges against him. Six other significant Scattered Spider members were arrested in late 2024.Due to…
How Google Meet Pages Are Exploited to Deliver PowerShell Malware

May 27, 2025 8:54 AM

Tags: attack, cyber, cyberattack, email, exploit, google, macOS, malicious, malware, phishing, powershell, social-engineering, tactics, windows

A new wave of cyberattacks exploits user trust in Google Meet by deploying meticulously crafted fake meeting pages that trick victims into running malicious PowerShell commands. This campaign, dubbed ClickFix, leverages advanced social engineering tactics, bypassing traditional security measures and targeting Windows and macOS systems. The attack begins with phishing emails containing links that closely…
Feel Relieved by Perfecting Your NHI Tactics

May 27, 2025 5:54 AM

Tags: breach, cybersecurity, data, finance, healthcare, risk, service, soc, strategy, tactics, tool

Is Your Cybersecurity Strategy Ready for Non-Human Identities? Non-Human Identities (NHIs) and Secrets Security Management have emerged as crucial components of a comprehensive cybersecurity strategy. These powerful tools, once adequately managed, can significantly decrease the risk of security breaches and data leaks. Professionals in various sectors, including financial services, healthcare, travel, DevOps, and SOC teams,……