Tag: tactics
-
Elephant Group Launches Defense Sector Attacks Using MSBuild-Delivered Python Backdoor
An India-aligned advanced persistent threat group known as Dropping Elephant has launched sophisticated cyberattacks against Pakistan’s defense sector using a newly developed Python-based backdoor delivered through an MSBuild dropper. The campaign demonstrates significant evolution in the threat actor’s tactics, techniques, and procedures, combining living-off-the-land binaries with custom malware to evade detection and establish persistent access…
-
APT35 Data Leak Uncovers the Iranian Hacker Group’s Operations and Tactics
In October 2025, a significant breach exposed internal operational documents from APT35, also known as Charming Kitten, revealing that the Iranian state-sponsored group operates as a bureaucratized, quota-driven cyber-espionage unit with hierarchical command structures, performance metrics, and specialized attack teams. The leaked materials provide an unprecedented window into how this Islamic Revolutionary Guard Corps Intelligence…
-
Chinese APT24 Deploys Custom Malware, New Stealthy Tactics
3-Year Espionage Campaign Targeted Taiwanese Firms. Chinese nation-state group APT24 targeted multiple Taiwanese companies as part of an espionage operation that went undetected for three years. The hacking group continually updated its malware infrastructure and tactics, enabling it to stay under the radar, Google Cloud said. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/chinese-apt24-deploys-custom-malware-new-stealthy-tactics-a-30103
-
Hack the Hackers: 6 Laws for Staying Ahead of the Attackers
A new security framework responds to a shift in attackers’ tactics, one that allows them to infiltrate enterprises silently through their own policies. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/hack-hackers-6-laws-staying-ahead-cyberattackers
-
How to turn threat intel into real security wins
Tags: access, api, attack, automation, awareness, business, ciso, cloud, communications, control, credentials, csf, data, data-breach, detection, dns, edr, email, endpoint, exploit, finance, framework, governance, guide, identity, intelligence, lessons-learned, mail, malware, mitre, nist, phishing, ransomware, resilience, risk, saas, siem, soar, soc, switch, tactics, theft, threat, tool, update, vulnerabilityThe CISO mandate: Risk, efficiency, investment, response: Reduce operational risk and financial loss Intelligence-led detection and response aim to prevent or minimise data loss and business disruption. The downstream effects, smaller blast radii, fewer regulatory headaches and lower recovery bills, are what boards recognise. Maximise staff efficiency Manual validation and correlation drive alert fatigue. Automating…
-
How to turn threat intel into real security wins
Tags: access, api, attack, automation, awareness, business, ciso, cloud, communications, control, credentials, csf, data, data-breach, detection, dns, edr, email, endpoint, exploit, finance, framework, governance, guide, identity, intelligence, lessons-learned, mail, malware, mitre, nist, phishing, ransomware, resilience, risk, saas, siem, soar, soc, switch, tactics, theft, threat, tool, update, vulnerabilityThe CISO mandate: Risk, efficiency, investment, response: Reduce operational risk and financial loss Intelligence-led detection and response aim to prevent or minimise data loss and business disruption. The downstream effects, smaller blast radii, fewer regulatory headaches and lower recovery bills, are what boards recognise. Maximise staff efficiency Manual validation and correlation drive alert fatigue. Automating…
-
Root causes of security breaches remain elusive, jeopardizing resilience
Tags: attack, breach, business, ciso, cyber, cybercrime, cybersecurity, data, detection, framework, governance, incident response, intelligence, lessons-learned, monitoring, resilience, security-incident, service, siem, skills, software, strategy, tactics, technology, threat, tool, training, update, vpn, vulnerabilityTracing an attack path: Preparation is key, so businesses need to have dedicated tools and skills for digital forensics in place before an incident occurs through technologies such as security incident and event management (SIEM).SIEM devices are important because, for example, many gateway and VPN devices have a local storage that overwrites itself within hours.”If…
-
Sneaky2FA phishing tool adds ability to insert legit-looking URLs
A look at Sneaky2FA: Sneaky2FA operates through a full-featured bot on Telegram, says the report. Customers reportedly receive access to a licensed, obfuscated version of the source code and deploy it independently. This means they can customize it to their needs. On the other hand, the report notes, Sneaky2FA implementations can be reliably profiled and…
-
Sneaky2FA phishing tool adds ability to insert legit-looking URLs
A look at Sneaky2FA: Sneaky2FA operates through a full-featured bot on Telegram, says the report. Customers reportedly receive access to a licensed, obfuscated version of the source code and deploy it independently. This means they can customize it to their needs. On the other hand, the report notes, Sneaky2FA implementations can be reliably profiled and…
-
Emerging Ransomware Variants Exploit Amazon S3 Misconfigurations
Tags: cloud, cyber, encryption, exploit, malware, ransomware, service, tactics, threat, vulnerabilityRansomware is shifting from traditional systems to cloud environments, fundamentally redefining its impact on cloud-native data. As organizations increasingly migrate to cloud platforms, threat actors are adapting their tactics moving away from traditional encryption-based malware to exploit the unique architecture and misconfiguration vulnerabilities inherent in cloud storage services. Cloud storage services like Amazon Simple Storage…
-
Emerging Ransomware Variants Exploit Amazon S3 Misconfigurations
Tags: cloud, cyber, encryption, exploit, malware, ransomware, service, tactics, threat, vulnerabilityRansomware is shifting from traditional systems to cloud environments, fundamentally redefining its impact on cloud-native data. As organizations increasingly migrate to cloud platforms, threat actors are adapting their tactics moving away from traditional encryption-based malware to exploit the unique architecture and misconfiguration vulnerabilities inherent in cloud storage services. Cloud storage services like Amazon Simple Storage…
-
3 ways CISOs can win over their boards this budget season
Tip 2: Go beyond compliance standards: It’s no secret that compliance and regulations drive nearly 80% of CISOs’ budget justifications. Industry standards like HIPAA and SOC2 can offer a guiding framework for a program, but with evolving threats from AI, the rise of quantum computing and increasingly complex third-party risk, CISOs need to think of…
-
The Gentlemen<< Ransomware Group Deploys Dual-Extortion Tactics, Encrypting and Exfiltrating Data
Cybereason Threat Intelligence Team has uncovered a sophisticated ransomware operation known as >>The Gentlemen,
-
The Gentlemen<< Ransomware Group Deploys Dual-Extortion Tactics, Encrypting and Exfiltrating Data
Cybereason Threat Intelligence Team has uncovered a sophisticated ransomware operation known as >>The Gentlemen,
-
The nexus of risk and intelligence: How vulnerability-informed hunting uncovers what everything else misses
Tags: access, attack, authentication, business, cisa, compliance, cve, cvss, dark-web, data, defense, detection, dns, edr, endpoint, exploit, framework, intelligence, kev, linux, malicious, mitigation, mitre, monitoring, ntlm, nvd, open-source, password, powershell, remote-code-execution, risk, risk-management, siem, soc, strategy, tactics, technology, threat, update, vulnerability, vulnerability-managementTurning vulnerability data into intelligence: Once vulnerabilities are contextualized, they can be turned into actionable intelligence. Every significant CVE tells a story, known exploit activity, actor interest, proof-of-concept code or links to MITRE ATT&CK techniques. This external intelligence gives us the who and how behind potential exploitation.For example, when a privilege escalation vulnerability in Linux…
-
Updated Response to CISA Advisory (AA24-109A): #StopRansomware: Akira Ransomware
AttackIQ has released an updated attack graph in response to the recently revised CISA Advisory (AA24-109A) which disseminates Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) associated with the Akira ransomware group, identified through FBI investigations as recently as November 2025. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/updated-response-to-cisa-advisory-aa24-109a-stopransomware-akira-ransomware/
-
SpyCloud Unveils Top 10 Cybersecurity Predictions Poised to Disrupt Identity Security in 2026
Austin, TX/USA, November 18th, 2025, CyberNewsWire Forecast report highlights surge in identity-based threats, evolving threat actor tactics, and increased risk from AI and insider threats. SpyCloud, the leader in identity threat protection, today released its report, The Identity Security Reckoning: 2025 Lessons, 2026 Predictions, outlining 10 of the top trends that will shape the cyber…
-
SpyCloud Unveils Top 10 Cybersecurity Predictions Poised to Disrupt Identity Security in 2026
Austin, TX/USA, November 18th, 2025, CyberNewsWire Forecast report highlights surge in identity-based threats, evolving threat actor tactics, and increased risk from AI and insider threats. SpyCloud, the leader in identity threat protection, today released its report, The Identity Security Reckoning: 2025 Lessons, 2026 Predictions, outlining 10 of the top trends that will shape the cyber…
-
Kraken Uses Benchmarking to Enhance Ransomware Attacks
Cisco Talos has observed overlaps between Kraken and the earlier HelloKitty cartel through attack tactics using SMB flaws for big-game hunting and double extortion First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/kraken-benchmarking-enhance/
-
North Korean threat actors use JSON sites to deliver malware via trojanized code
North Korean Contagious Interview actors now host malware on JSON storage sites to deliver trojanized code projects, NVISO reports. North Korea-linked actors behind the Contagious Interview campaign have updated their tactics, using JSON storage services (e.g. JSON Keeper, JSONsilo, and npoint.io) to host and deliver malware through trojanized code projects, according to a new NVISO report. >>NVISO…
-
North Korean threat actors use JSON sites to deliver malware via trojanized code
North Korean Contagious Interview actors now host malware on JSON storage sites to deliver trojanized code projects, NVISO reports. North Korea-linked actors behind the Contagious Interview campaign have updated their tactics, using JSON storage services (e.g. JSON Keeper, JSONsilo, and npoint.io) to host and deliver malware through trojanized code projects, according to a new NVISO report. >>NVISO…
-
Emulating the Destructive Sandworm Adversary
AttackIQ has released a new assessment template designed to emulate the various post-compromise Tactics, Techniques, and Procedures (TTPs) associated with a recent intrusion targeting Ukrainian organizations that aligns with patterns previously associated with Sandworm. While attribution remains unconfirmed, this assessment helps defenders improve their security posture against similarly sophisticated and persistent threats. First seen on…
-
North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels
The North Korean threat actors behind the Contagious Interview campaign have once again tweaked their tactics by using JSON storage services to stage malicious payloads.”The threat actors have recently resorted to utilizing JSON storage services like JSON Keeper, JSONsilo, and npoint.io to host and deliver malware from trojanized code projects, with the lure,” NVISO researchers…
-
Cybersecurity Snapshot: Refresh Your Akira Defenses Now, CISA Says, as OWASP Revamps Its App Sec Top 10 Risks
Tags: access, advisory, ai, antivirus, application-security, attack, authentication, backup, business, chatgpt, cisa, ciso, cloud, compliance, control, corporate, cve, cyber, cybersecurity, data, defense, detection, encryption, endpoint, exploit, finance, firewall, flaw, framework, germany, group, guide, healthcare, infrastructure, injection, Internet, iot, law, malware, mfa, mitigation, phishing, privacy, programming, ransomware, resilience, risk, service, soc, software, supply-chain, tactics, technology, threat, tool, update, vulnerabilityLearn why you should revise your Akira ransomware protection plans. Plus, find out what’s new in OWASP’s revamped Top 10 Web Application Risks list. Also, find out about agentic AI’s cognitive degradation risk. And get the latest on AI security trends and CISO compensation. Key takeaways CISA and other agencies are urging organizations, especially in…
-
Cybersecurity Snapshot: Refresh Your Akira Defenses Now, CISA Says, as OWASP Revamps Its App Sec Top 10 Risks
Tags: access, advisory, ai, antivirus, application-security, attack, authentication, backup, business, chatgpt, cisa, ciso, cloud, compliance, control, corporate, cve, cyber, cybersecurity, data, defense, detection, encryption, endpoint, exploit, finance, firewall, flaw, framework, germany, group, guide, healthcare, infrastructure, injection, Internet, iot, law, malware, mfa, mitigation, phishing, privacy, programming, ransomware, resilience, risk, service, soc, software, supply-chain, tactics, technology, threat, tool, update, vulnerabilityLearn why you should revise your Akira ransomware protection plans. Plus, find out what’s new in OWASP’s revamped Top 10 Web Application Risks list. Also, find out about agentic AI’s cognitive degradation risk. And get the latest on AI security trends and CISO compensation. Key takeaways CISA and other agencies are urging organizations, especially in…