Tag: tactics

Massive Android Ad Fraud ‘IconAds’ Uses Google Play to Target and Exploit Users

Jul 4, 2025 11:35 AM

Tags: android, cyber, exploit, fraud, google, intelligence, malicious, tactics, threat

HUMAN’s Satori Threat Intelligence and Research Team has dismantled a sprawling ad fraud operation named IconAds, which infiltrated the Google Play Store with 352 malicious apps. At its peak, this scheme generated a staggering 1.2 billion bid requests daily, flooding users’ screens with out-of-context ads while employing cunning tactics to hide app icons and obscure…
Scattered Spider Tactics Include Data Theft, Extortion: CrowdStrike

Jul 2, 2025 10:34 PM

Tags: attack, crowdstrike, data, extortion, group, ransomware, tactics, theft, threat

Threat researchers from CrowdStrike are pointing to Scattered Spider’s focus on more than just traditional ransomware attacks, as experts have separately linked the threat group to a data theft attack against Australian airline Qantas. First seen on crn.com Jump to article: www.crn.com/news/security/2025/scattered-spider-tactics-include-data-theft-extortion-crowdstrike
FileFix Attack Chain Enables Malicious Script Execution

Jul 2, 2025 3:34 PM

Tags: attack, malicious, social-engineering, tactics, threat

By using social engineering tactics, threat actors are able to manipulate their victims into saving and renaming files that will backfire against them. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/filefix-attack-chain-malicious-script
Scattered Spider shifts focus to airlines as strikes hit Hawaiian, WestJet, and now Qantas

Jul 2, 2025 1:34 PM

Tags: attack, authentication, breach, business, cisa, ciso, corporate, credentials, cybersecurity, data, data-breach, government, group, hacker, identity, india, mfa, microsoft, network, password, phone, ransom, ransomware, social-engineering, supply-chain, tactics, unauthorized, vulnerability

Sophisticated help desk deception campaigns: The group has perfected calling corporate help desks and impersonating employees to trick support staff into resetting passwords and adding unauthorized devices to multi-factor authentication systems.Cybercrime syndicates like Scattered Spider operate as compartmentalized organizations, with distinct teams specializing in different attack phases, said Sunil Varkey, advisor at Beagle Security. “One…
TA829 Hackers Use New TTPs and Enhanced RomCom Backdoor to Evade Detection

Jul 1, 2025 7:34 PM

Tags: backdoor, cyber, cybercrime, detection, espionage, group, hacker, russia, tactics

The cybercriminal group TA829, also tracked under aliases like RomCom, Void Rabisu, and Tropical Scorpius, has been observed deploying sophisticated tactics, techniques, and procedures (TTPs) alongside an updated version of its infamous RomCom backdoor, now dubbed SingleCamper (aka SnipBot). This group, known for blending financially motivated cybercrime with espionage campaigns often aligned with Russian state…
TA829 and UNK_GreenSec Share Tactics and Infrastructure in Ongoing Malware Campaigns

Jul 1, 2025 7:34 PM

Tags: cybersecurity, group, infrastructure, malware, rat, tactics, threat

Cybersecurity researchers have flagged the tactical similarities between the threat actors behind the RomCom RAT and a cluster that has been observed delivering a loader dubbed TransferLoader.Enterprise security firm Proofpoint is tracking the activity associated with TransferLoader to a group dubbed UNK_GreenSec and the RomCom RAT actors under the moniker TA829. The latter is also…
New Report Uncovers Major Overlaps in Cybercrime and State-Sponsored Espionage

Jul 1, 2025 5:34 PM

Tags: cyber, cybercrime, espionage, group, russia, tactics

Proofpoint has identified similarities between the tactics of a pro-Russian cyber espionage group and a cybercriminal gang First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/major-overlaps-cybercrime-espionage/
Stealthy WordPress Malware Uses PHP Backdoor to Deliver Windows Trojan

Jul 1, 2025 1:34 PM

Tags: attack, backdoor, cyber, infection, malicious, malware, tactics, windows, wordpress

A sophisticated malware campaign targeting WordPress websites has recently been uncovered, showcasing an intricate and stealthy approach to delivering a Windows-based trojan. This attack, which operates beneath the surface of seemingly clean websites, employs a layered infection chain involving PHP-based droppers, obfuscated code, and IP-based evasion tactics to distribute a malicious payload named client32.exe. Hidden…
North Korean IT Workers Employ New Tactics to Infiltrate Global Organizations

Jul 1, 2025 11:34 AM

Tags: ai, china, cyber, intelligence, korea, microsoft, north-korea, russia, tactics, technology, threat, tool

Microsoft Threat Intelligence has uncovered a sophisticated operation by North Korean remote IT workers who are leveraging cutting-edge artificial intelligence (AI) tools to infiltrate organizations worldwide. Since at least 2020, these highly skilled individuals, often based in North Korea, China, and Russia, have been targeting technology-related roles across various industries to generate revenue for the…
How analyzing 700,000 security incidents helped our understanding of Living Off the Land tactics

Jul 1, 2025 7:34 AM

Tags: security-incident, tactics

This article shares initial findings from internal Bitdefender Labs research into Living off the Land (LOTL) techniques. Our team at Bitdefender Labs, comprised of hundreds of … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/01/bitdefender-lotl-security-incidents-phasr/
Scattered Spider shifts focus to airlines with strikes on Hawaiian and WestJet

Jun 30, 2025 3:33 PM

Tags: attack, authentication, breach, business, cisa, corporate, credentials, cybersecurity, data, data-breach, government, group, hacker, identity, india, mfa, microsoft, network, password, phone, ransom, ransomware, social-engineering, supply-chain, tactics, unauthorized, vulnerability

Sophisticated help desk deception campaigns: The group has perfected calling corporate help desks and impersonating employees to trick support staff into resetting passwords and adding unauthorized devices to multi-factor authentication systems.Cybercrime syndicates like Scattered Spider operate as compartmentalized organizations, with distinct teams specializing in different attack phases, said Sunil Varkey, advisor at Beagle Security. “One…
Scattered Spider Targets Tech Companies with Phishing Frameworks like Evilginx and Social Engineering Tactics

Jun 30, 2025 12:34 PM

Tags: credentials, cyber, finance, framework, group, hacking, phishing, social-engineering, tactics, technology, threat

The notorious hacking collective Scattered Spider, also known as UNC3944 or Octo Tempest, has emerged as a formidable threat to high-value industries, with a particular focus on technology, finance, and retail sectors. Recent research reveals that 81% of the group’s registered domains impersonate technology vendors, aiming to harvest credentials from high-value targets such as system…
Cybercriminals take malicious AI to the next level

Jun 30, 2025 11:33 AM

Tags: ai, automation, breach, chatgpt, cisco, control, credit-card, cybercrime, cybersecurity, dark-web, data, deep-fake, defense, finance, fraud, group, hacking, intelligence, LLM, malicious, marketplace, monitoring, phishing, service, social-engineering, strategy, tactics, threat, tool, vulnerability

Custom face generation for dating scamsAudio spoofing for voice verification fraudOn-demand video avatars that lip-sync based on customer-submitted scriptsThese services are increasingly offered with add-ons such as pre-loaded backstories,matching fake documents, and automated scheduling for calls. Prompt engineering as a service: Underground communities have also emerged around the art of crafting jailbreak prompts.These “bypass builders”…
Scattered Spider hackers shift focus to aviation, transportation firms

Jun 27, 2025 8:36 PM

Tags: hacker, insurance, tactics

Hackers associated with Scattered Spider tactics have expanded their targeting to the aviation and transportation industries after previously attacking insurance and retail sectors First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/scattered-spider-hackers-shift-focus-to-aviation-transportation-firms/
Cybersecurity Snapshot: U.S. Gov’t Urges Adoption of Memory-Safe Languages and Warns About Iran Cyber Threat

Jun 27, 2025 6:36 PM

Tags: access, advisory, ai, api, attack, authentication, best-practice, cisa, computer, computing, crypto, cryptography, cyber, cybersecurity, data, defense, encryption, exploit, finance, framework, google, governance, government, group, hacker, healthcare, infrastructure, injection, intelligence, Internet, iran, login, mfa, military, mitigation, mitre, network, nist, passkey, password, programming, ransomware, risk, rust, service, software, strategy, tactics, technology, terrorism, threat, tool, training, vulnerability, warfare

Check out the U.S. government’s latest call for developers to use memory-safe programming languages, as well as its warning for cybersecurity teams regarding cyber risk from hackers tied to Iran. Plus, get the latest on ransomware trends, the quantum computing cyber threat and more! Dive into five things that are top of mind for the…
Navigating a Heightened Cyber Threat Landscape: Military Conflict Increases Attack Risks

Jun 27, 2025 2:36 PM

Tags: advisory, ai, attack, authentication, breach, business, cloud, container, control, cyber, cyberattack, cybersecurity, data, data-breach, defense, detection, exploit, finance, firmware, group, hacker, hacking, Hardware, identity, infrastructure, intelligence, Internet, iran, mfa, military, network, password, risk, russia, service, strategy, tactics, technology, terrorism, threat, tool, update, vulnerability, vulnerability-management

The current geopolitical climate demands a proactive, comprehensive approach to cybersecurity. Here’s what you need to know, and how Tenable can help. The cybersecurity landscape is in constant flux, but rarely do we see such a rapid escalation of threats as we are currently experiencing. The U.S. Department of Homeland Security’s (DHS) National Terrorism Advisory…
Frequently Asked Questions About Iranian Cyber Operations

Jun 27, 2025 2:36 PM

Tags: access, advisory, api, apt, attack, authentication, awareness, cisa, cloud, credentials, cve, cyber, cybersecurity, data, data-breach, defense, dos, exploit, finance, framework, government, group, Hardware, identity, infrastructure, injection, Internet, iran, ivanti, malware, mfa, microsoft, middle-east, military, mitre, monitoring, network, password, ransomware, rce, remote-code-execution, risk, service, software, supply-chain, tactics, technology, terrorism, threat, tool, update, vpn, vulnerability, windows

Tenable’s Research Special Operations team focuses on some frequently asked questions about Iranian cyber operations, including the tactics, techniques and procedures employed by Iran-based threat actors. Background Tenable’s Research Special Operations (RSO) team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding Iranian cyber operations in the wake of the recent conflict and…
Don’t trust that email: It could be from a hacker using your printer to scam you

Jun 27, 2025 5:36 AM

Tags: authentication, control, credentials, data, defense, dkim, dmarc, email, endpoint, exploit, framework, hacker, infrastructure, iot, login, mail, microsoft, monitoring, network, phishing, powershell, qr, risk, scam, tactics, tool, vulnerability, zero-day

tenantname.mail.protection.outlook.com, and companies’ internal email address formats can be trivial to figure out or easy to scrape from public sources or social media. Once an attacker has the domain and a valid email address, they are able to send emails that appear to come from inside the organization.In the campaign observed by Varonis’ forensics experts,…
Researchers Demonstrate Windows Registry Manipulation via C++ Program

Jun 26, 2025 10:36 AM

Tags: api, cyber, cyberattack, cybersecurity, defense, exploit, malware, tactics, windows

Cybersecurity researchers have developed a C++ program demonstrating how attackers manipulate the Windows Registry to establish persistence, evade defenses, and alter system behavior. This technique, central to many cyberattacks, exploits the registry’s role as Windows’ configuration database. The program uses Windows API functions to modify registry keys, simulating tactics employed by real-world malware while highlighting…
Dire Wolf Ransomware Comes Out Snarling, Bites Technology, Manufacturing

Jun 25, 2025 7:36 PM

Tags: extortion, group, ransomware, tactics, technology

The emerging group has already gotten its teeth into 16 victims since May with its double extortion tactics, claiming victims in 11 countries, including the US, Thailand, and Taiwan. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/dire-wolf-ransomware-manufacturing-technology
The CISO’s 5-step guide to securing AI operations

Jun 24, 2025 10:35 AM

Tags: ai, api, best-practice, business, cio, ciso, cloud, control, cybersecurity, data, deep-fake, framework, google, governance, guide, infosec, injection, intelligence, law, LLM, mitre, programming, risk, risk-management, software, startup, supply-chain, tactics, technology, threat, tool, training, unauthorized, vulnerability

2. Develop a comprehensive and continuous view of AI risks: Getting a handle on organizational AI risks starts with the basics, such as an AI asset inventory, software bills of material, vulnerability and exposure management best practices, and an AI risk register. Beyond basic hygiene, CISOs and security professionals must understand the fine points of…
Successful Military Attacks are Driving Nation States to Cyber Options

Jun 24, 2025 5:35 AM

Tags: attack, china, communications, computing, cyber, cyberattack, cybersecurity, data, defense, exploit, extortion, finance, fraud, government, healthcare, infrastructure, iran, korea, middle-east, military, north-korea, russia, service, tactics, technology, tool, ukraine, vulnerability, warfare

With daring military attacks, kinetic warfare is shifting the balance of power in regions across the globe, upending the perception of power projection. Powerful nations are reeling from the impacts of bold assaults and seeking additional methods to drive foreign policy”Š”, “Šcyber may look as an appealing asymmetric warfare capability that is worth doubling-down on.…
Qilin ransomware strengthens data extortion tactics

Jun 23, 2025 10:35 PM

Tags: data, extortion, ransomware, tactics

First seen on scworld.com Jump to article: www.scworld.com/brief/qilin-ransomware-strengthens-data-extortion-tactics
Open Directories Exposes Publically Available tools Used by Hackers

Jun 21, 2025 11:35 PM

Tags: cyber, data-breach, exploit, hacker, malicious, tactics, threat, tool

A series of misconfigured web servers have been uncovered, revealing a treasure trove of publicly accessible tools and tactics employed by malicious actors targeting critical infrastructure. These exposed open directories, discovered through Hunt’s advanced scanning capabilities, highlight a significant security lapse that threat actors are exploiting with low-cost, high-reward methods. Unveiling Hidden Threats on the…
Aflac Discloses Cybersecurity Incident, Customer Data Potentially Exposed Amid Industry-Wide Attacks

Jun 21, 2025 12:35 AM

Tags: attack, breach, cyberattack, cybersecurity, data, data-breach, social-engineering, tactics

Aflac confirms a cyberattack exposed sensitive customer data, citing social engineering tactics amid a wave of breaches targeting US insurers. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/aflac-cyber-security-incident-2025/
Cybersecurity Snapshot: Tenable Report Spotlights Cloud Exposures, as Google Catches Pro-Russia Hackers Impersonating Feds

Jun 20, 2025 7:35 PM

Tags: access, advisory, ai, api, apple, attack, authentication, best-practice, business, cisa, cisco, cloud, conference, container, control, credentials, cve, cyber, cybersecurity, data, data-breach, detection, email, encryption, endpoint, exploit, google, governance, government, group, guide, hacker, Hardware, identity, infrastructure, intelligence, Internet, kubernetes, linux, macOS, microsoft, mitigation, mobile, monitoring, network, oracle, password, phishing, ransomware, risk, russia, service, social-engineering, software, sql, strategy, tactics, technology, threat, tool, update, vmware, vulnerability, windows

Check out highlights from Tenable’s “2025 Cloud Security Risk Report,” which delves into the critical risk from insecure cloud configurations. Plus, Google reveals a Russia-sponsored social engineering campaign that targeted prominent academics’ Gmail accounts. And get the latest on AI system security, just-in-time access, CIS Benchmarks and more! Dive into six things that are top…
Chain IQ data theft highlights need to oversee third party suppliers

Jun 20, 2025 1:35 AM

Tags: access, attack, awareness, breach, ceo, ciso, corporate, data, data-breach, detection, extortion, finance, governance, group, intelligence, international, jobs, law, monitoring, phishing, ransomware, risk, risk-management, service, social-engineering, supply-chain, tactics, theft, threat

CSO attempted to contact Chain IQ and UBS for comment, but was unable to reach a spokesperson for either by publication time. What should be of note to CSOs is that this is another example of an attack on a third party supplier that impacts its customers.”Chain IQ’s breach serves as yet another reminder that…
Threat Actor Exploit GitHub and Hosted 60 GitHub Repositories with 100s of Malware

Jun 19, 2025 1:35 PM

Tags: cyber, exploit, github, group, malicious, malware, open-source, supply-chain, tactics, threat

A threat actor group known as Banana Squad has been found exploiting GitHub, a cornerstone platform for developers worldwide, by hosting over 60 malicious repositories containing hundreds of trojanized Python files. Discovered by the ReversingLabs threat research team, this campaign represents a shift toward stealthier and more sophisticated tactics in open-source exploitation. Sophisticated Supply Chain…
Hackers Exploit Cloudflare Tunnels to Infect Windows Systems With Python Malware

Jun 19, 2025 12:36 PM

Tags: cloud, cyber, exploit, hacker, infrastructure, malware, service, tactics, threat, windows

A sophisticated malware campaign dubbed SERPENTINE#CLOUD has emerged, leveraging Cloudflare Tunnel infrastructure to deliver Python-based malware to Windows systems across Western nations, including the United States, United Kingdom, and Germany. This ongoing operation, characterized by its use of obfuscated scripts and memory-injected payloads, demonstrates an alarming evolution in threat actor tactics, exploiting trusted cloud services…
Hackers Use Fake Verification Prompt and Clickfix Technique to Deploy Fileless AsyncRAT

Jun 17, 2025 1:54 PM

Tags: access, cyber, hacker, infrastructure, malicious, tactics, threat

Threat actors are leveraging deceptive tactics to distribute a fileless variant of AsyncRAT, a notorious remote access Trojan. Discovered during routine attacker infrastructure analysis, this operation employs a fake verification prompt themed around the >>Clickfix