Tag: tactics
-
New Scattered Spider Tactics Target VMware vSphere Environments
Scattered Spider has targeted VMware vSphere environments, exploiting retail, airline and insurance sectors First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/scattered-spider-targets-us-virtual/
-
Inside Laundry Bear: Unveiling Infrastructure, Tactics, and Procedures
Dutch intelligence agencies AIVD and MIVD, alongside Microsoft Threat Intelligence, have identified Laundry Bear also tracked as Void Blizzard as a sophisticated Russian state-sponsored advanced persistent threat (APT) group active since at least April 2024. This actor has focused on espionage operations against NATO countries, Ukraine, and various organizations including the Dutch police, a Ukrainian…
-
Malicious ISO File Used in Romance Scam Targeting German Speakers
Sublime Security reveals a cunning romance/adult-themed scam targeting German speakers, leveraging Keitaro TDS to deliver an AutoIT-based malware loader. Learn how this sophisticated campaign operates, its deceptive tactics, and the hidden payload. First seen on hackread.com Jump to article: hackread.com/malicious-iso-file-romance-scam-on-german-speakers/
-
Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure
Tags: attack, cybercrime, google, group, infrastructure, mandiant, phone, ransomware, software, tactics, vmwareThe notorious cybercrime group known as Scattered Spider is targeting VMware ESXi hypervisors in attacks targeting retail, airline, and transportation sectors in North America.”The group’s core tactics have remained consistent and do not rely on software exploits. Instead, they use a proven playbook centered on phone calls to an IT help desk,” Google’s Mandiant team…
-
Scattered Spider Exploiting VMware vSphere
Hacking Tactics Linked to Retail, Airline Compromises. The loosely connected band of adolescent cybercriminals tracked as Scattered Spider has joined the VMware hypervisor hacking bandwagon, pivoting into virtual servers through corporate instances of Active Directory. vSphere integration with Active Directory adds a yet another layer of insecurity. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/scattered-spider-exploiting-vmware-vsphere-a-29059
-
Hackers Use Weaponized .HTA Files to Infect Victims with Red Ransomware
CloudSEK’s TRIAD team uncovered an active development site deploying Clickfix-themed malware linked to the Epsilon Red ransomware. This variant deviates from traditional clipboard-based command injection tactics by directing victims to a secondary page on the same domain, where malicious shell commands are executed silently through ActiveXObject(>>WScript.Shell
-
Phishing Attack Spoofs Facebook Login Page to Capture Credentials
Cybercriminals are using a variety of dishonest tactics in a sophisticated phishing effort aimed at Facebook users in order to obtain login information. The attack begins with a malicious redirect that leads victims to a fraudulent website mimicking legitimate Facebook interfaces. Here, users encounter a fake CAPTCHA prompt designed to appear as a standard security…
-
New CastleLoader Attack Uses Cloudflare-Themed Clickfix Method to Compromise Windows Systems
A newly identified loader malware dubbed CastleLoader has emerged as a significant threat since early 2025, rapidly evolving into a distribution platform for various information stealers and remote access trojans (RATs). Leveraging sophisticated phishing tactics under T1566 and drive-by compromise methods classified as T1189, attackers masquerade as legitimate software libraries, online meeting platforms like Google…
-
FBI and CISA Warn of Interlock Ransomware Targeting Critical Infrastructure
FBI warns of Interlock ransomware using unique tactics to hit businesses and critical infrastructure with double extortion. First seen on hackread.com Jump to article: hackread.com/fbi-cisa-interlock-ransomware-target-critical-infrastructure/
-
Microsoft Reveals Chinese State Hackers Exploiting SharePoint Flaws
Microsoft reveals Chinese state-backed hacker groups, including Linen Typhoon, Violet Typhoon, and Storm-2603, are exploiting SharePoint flaws, breaching over 100 organisations. Discover threat actors, their tactics and Microsoft’s urgent security guidance. First seen on hackread.com Jump to article: hackread.com/microsoft-chinese-state-hackers-exploit-sharepoint-flaws/
-
Threat Actor Mimo Targets Magento and Docker to Deploy Crypto Miners and Proxyware
The threat actor behind the exploitation of vulnerable Craft Content Management System (CMS) instances has shifted its tactics to target Magento CMS and misconfigured Docker instances.The activity has been attributed to a threat actor tracked as Mimo (aka Hezb), which has a long history of leveraging N-day security flaws in various web applications to deploy…
-
Russian Threat Actors Target NGOs with New OAuth Phishing Tactics
A new wave of phishing attacks exploiting Microsoft 365 OAuth tools has been observed impersonating diplomats to steal access codes First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-hackers-target-ngos-oauth/
-
Financial Institutions Under Siege by Greedy Sponge Hackers’ Modified AllaKore RAT
A financially motivated threat actor, now identified as Greedy Sponge, has been relentlessly targeting Mexican organizations with a customized version of the AllaKore Remote Access Trojan (RAT). Named for its monetary focus and a past reference to a popular “SpongeBob” meme on its command-and-control (C2) infrastructure, this group has evolved its tactics over the years.…
-
3,500 Websites Hijacked to Secretly Mine Crypto Using Stealth JavaScript and WebSocket Tactics
A new attack campaign has compromised more than 3,500 websites worldwide with JavaScript cryptocurrency miners, marking the return of browser-based cryptojacking attacks once popularized by the likes of CoinHive. Although the service has since shuttered after browser makers took steps to ban miner-related apps and add-ons, researchers from the c/side said they found evidence of…
-
SquidLoader Malware Campaign Hits Hong Kong Financial Firms
Trellix exposes SquidLoader malware targeting Hong Kong, Singapore, and Australia’s financial service institutions. Learn about its advanced evasion tactics and stealthy attacks. First seen on hackread.com Jump to article: hackread.com/squidloader-malware-hits-hong-kong-financial-firms/
-
EncryptHub Targets Web3 Developers Using Fake AI Platforms to Deploy Fickle Stealer Malware
The financially motivated threat actor known as EncryptHub (aka LARVA-208 and Water Gamayun) has been attributed to a new campaign that’s targeting Web3 developers to infect them with information stealer malware.”LARVA-208 has evolved its tactics, using fake AI platforms (e.g., Norlax AI, mimicking Teampilot) to lure victims with job offers or portfolio review requests,” Swiss…
-
Microsoft Uncovers Scattered Spider Tactics, Techniques, and Procedures in Recent Attacks
Microsoft has shed light on the sophisticated operations of Octo Tempest, a financially motivated cybercriminal group alternatively known as Scattered Spider, Muddled Libra, UNC3944, or 0ktapus. This threat actor has demonstrated a versatile arsenal of tactics, techniques, and procedures (TTPs) in end-to-end attacks targeting organizations across various sectors. Octo Tempest’s methodology typically begins with initial…
-
Emerging Cloaking-as-a-Service Offerings are Changing Phishing Landscape
Threat actors are using anti-box tools, AI, and cloaking-as-a-service tactics to bypass security tools by showing a phishing or other malicious site to targets and harmless ones to detection and blocking tools, techniques that SlashNext researchers say are reshaping how such scams are run. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/emerging-cloaking-as-a-service-offerings-are-changing-phishing-landscape/
-
Microsoft Exposes Scattered Spider’s Latest Tactics
Microsoft has reported Scattered Spider continues to evolve tactics to compromise both on-premises infrastructure and cloud environments First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/microsoft-exposes-scattered/
-
Scattered Spider expands its roster of tactics in recent hacks
Microsoft researchers warn they are seeing changing patterns as the cybercrime group has started trying to hack airlines and other industries after targeting retailers and insurers. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/scattered-spider-expands-tactics-recent-hacks/753220/
-
Experts unpack the biggest cybersecurity surprises of 2025
2025 has been a busy year for cybersecurity. From unexpected attacks to new tactics by threat groups, a lot has caught experts off guard. We asked cybersecurity leaders to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/16/biggest-cybersecurity-surprises-2025/

