Tag: tactics

Year in Review: The biggest trends in ransomware

Apr 15, 2025 12:28 PM

Tags: ransomware, tactics

This week, our Year in Review spotlight is on ransomware”, where low-profile tactics led to high-impact consequences. Download our 2 page ransomware summary, or watch our 55 second video. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/year-in-review-ransomware/
Hackers Use Microsoft Teams Chats to Deliver Malware to Windows PCs

Apr 15, 2025 9:28 AM

Tags: attack, cyber, cyberattack, cybersecurity, finance, hacker, malware, microsoft, service, tactics, threat, windows

A sophisticated cyberattack campaign has emerged, leveraging Microsoft Teams chats to infiltrate Windows PCs with malware, according to a recent report by cybersecurity firm ReliaQuest. The attack, which began surfacing in March 2025 and primarily targets the finance and professional services sectors, signals a dramatic evolution in tactics used by threat actors linked to the…
Fraud in Your Inbox: Email Is Still the Weakest Link

Apr 14, 2025 11:33 PM

Tags: ai, cyber, email, finance, fraud, insurance, tactics

At-Bay Cyber Insurance Claims Report Finds 83% of Financial Fraud Starts With Email. Financial fraud remains the leading driver of cyberinsurance claims, with 83% of cases traced back to email-based attacks. Common tactics used to deceive employees include wiring funds to fraudulent accounts, generative AI-crafted emails, executive and vendor impersonation and BEC scams. First seen…
Slow Pisces Group Targets Developers Using Coding Challenges Laced with Python Malware

Apr 14, 2025 1:34 PM

Tags: crypto, cyber, cyberattack, data, group, korea, malware, north-korea, tactics, threat

A North Korean state-sponsored threat group known as >>Slow Pisces
Tycoon2FA phishing kit rolled out significant updates

Apr 14, 2025 12:33 PM

Tags: captcha, cybersecurity, phishing, service, tactics, update

The operators of the Phishing-as-a-Service (PhaaS) platform Tycoon2FA have rolled out significant updates to enhance its evasion capabilities. Tycoon2FA, a phishing kit discovered in 2023 by cybersecurity firm Sekoia, was recently updated to improve its evasion capabilities. The phishing kit now uses advanced evasion tactics such as a custom CAPTCHA via HTML5 canvas, invisible Unicode…
GOFFEE APT: New PowerModul Implant and Tactics Target Russian Organizations

Apr 14, 2025 5:33 AM

Tags: apt, cyberattack, group, russia, tactics

The APT group GOFFEE has resurfaced with a revamped arsenal, launching targeted cyberattacks across Russia’s strategic sectors. According First seen on securityonline.info Jump to article: securityonline.info/goffee-apt-new-powermodul-implant-and-tactics-target-russian-organizations/
Houthi Influence Campaign: Deceptive Tactics on Facebook Target Israel and Gulf States

Apr 14, 2025 5:33 AM

Tags: cybersecurity, tactics

In a recent cybersecurity analysis, ClearSky’s team uncovered a persistent influence campaign originating from Yemen/Houthi, targeting Israel and First seen on securityonline.info Jump to article: securityonline.info/houthi-influence-campaign-deceptive-tactics-on-facebook-target-israel-and-gulf-states/
Why security culture is crypto’s strongest asset

Apr 11, 2025 8:05 AM

Tags: ciso, crypto, tactics

In this Help Net Security interview, Norah Beers, CISO at Grayscale, discusses key security challenges in managing crypto assets, adversary tactics, private key management, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/11/norah-beers-grayscale-crypto-asset-management/
Malicious ‘mParivahan’ App Circulates on WhatsApp, Skimming Sensitive Mobile Data

Apr 10, 2025 6:06 PM

Tags: cyber, data, exploit, government, infection, malicious, malware, mobile, software, tactics

A new variant of the fake NextGen mParivahan app has emerged, exploiting the trust users place in official government notifications to distribute malware. This malicious software is distributed through seemingly legitimate traffic violation alerts via WhatsApp, luring victims into installing what they believe is the official app. Infection Vector and Deceptive Tactics The malware spreads…
Tainted drive appears to be source of malware attack on Western military mission in Ukraine

Apr 10, 2025 4:05 PM

Tags: attack, email, group, hacking, malware, military, phishing, russia, tactics, ukraine

Researchers at Symantec said the Russia-linked group known as Gamaredon appears to have departed from its usual email phishing tactics in hacking a Western military mission in Ukraine. First seen on therecord.media Jump to article: therecord.media/gamaredon-removable-drive-malware-western-military-mission-ukraine
Emulating the Misleading CatB Ransomware

Apr 10, 2025 12:06 AM

Tags: attack, detection, ransomware, tactics

AttackIQ has released a new attack graph designed to emulate the Tactics, Techniques, and Procedures (TTPs) associated with CatB ransomware observed in its most recent activities, enabling defenders to test and validate their detection and response capabilities. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/emulating-the-misleading-catb-ransomware/
Scattered Spider Launches Sophisticated Attacks to Steal Login Credentials and MFA Tokens

Apr 9, 2025 7:55 PM

Tags: attack, credentials, cyber, data, group, hacker, identity, login, mfa, strategy, tactics, threat

The cyber threat landscape has witnessed remarkable adaptation from the notorious hacker collective known as Scattered Spider. Active since at least 2022, this group has been consistently refining its strategies for system compromise, data exfiltration, and identity theft. Silent Push analysts have tracked the evolution of Scattered Spider’s tactics, techniques, and procedures (TTPs) through early…
Ransomware Groups Target Organizations to Exfiltrate Data and Blackmail via Leak Site Posts

Apr 9, 2025 5:55 PM

Tags: attack, cyber, data, group, leak, ransomware, tactics

Ransomware attacks have continued their relentless assault on organizations worldwide, with a focus on data exfiltration and subsequent blackmail through leak site posts. Rapid7 Labs’ analysis of internal and public data provides insights into the evolving landscape of ransomware threats. Evolving Tactics in Ransomware Operations The ransomware ecosystem has seen a shift where established and…
Hellcat Ransomware Upgrades Arsenal to Target Government, Education, and Energy Sectors

Apr 9, 2025 5:55 PM

Tags: attack, cyber, cybersecurity, exploit, government, group, phishing, ransomware, service, spear-phishing, tactics, vulnerability, zero-day

The cybersecurity community has raised alarms over the rapid evolution of the Hellcat ransomware group, which has escalated its tactics to target critical sectors. Hellcat, which emerged in mid-2024, now employs a sophisticated blend of psychological manipulation, zero-day vulnerabilities, and Ransomware-as-a-Service (RaaS) to expand its influence. Spear Phishing and Zero-day Exploits Hellcat operators initiate attacks…
“The girl should be calling men.” Leak exposes Black Basta’s influence tactics.

Apr 8, 2025 11:51 PM

Tags: leak, tactics

Disclosure of tactics, techniques, and procedures provides rare glimpse into secretive group. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/04/leaked-messages-expose-trade-secrets-of-prolific-black-basta-ransomware-group/
When Good Tools Go Bad: Dual-Use in Cybersecurity

Apr 8, 2025 8:42 PM

Tags: access, ai, attack, authentication, automation, awareness, breach, cloud, compliance, computing, control, cyber, cyberattack, cybercrime, cybersecurity, data, ddos, detection, dns, exploit, framework, iam, incident response, infrastructure, intelligence, malicious, malware, mfa, network, nvd, penetration-testing, phishing, psychology, reverse-engineering, risk, software, strategy, tactics, threat, tool, training, unauthorized, update, vulnerability
Year in Review: Key vulnerabilities, tools, and shifts in attacker email tactics

Apr 8, 2025 1:42 PM

Tags: email, network, tactics, threat, tool, vulnerability

From Talos’ 2024 Year in Review, here are some findings from the top targeted network device vulnerabilities. We also explore how threat actors are moving away from time sensitive lures in their emails. And finally we reveal the tools that adversaries most heavily utilized last year. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/year-in-review-key-vulnerabilities-tools-and-shifts-in-attacker-email-tactics/
Threat Actors Use VPS Hosting Providers to Deliver Malware and Evade Detection

Apr 7, 2025 10:42 PM

Tags: banking, cyber, cybercrime, detection, email, malware, phishing, tactics, threat

Cybercriminals are intensifying phishing campaigns to spread the Grandoreiro banking trojan, targeting users primarily in Mexico, Argentina, and Spain. A detailed analysis by Forcepoint X-Labs reveals the sophisticated techniques employed by these attackers to evade detection and deliver malware. Phishing Tactics and Infrastucture The campaign begins with phishing emails purportedly from tax agencies, containing high-importance…
Auto-Color Linux Backdoor: TTPs and Internal Architecture Exposed

Apr 7, 2025 10:42 PM

Tags: backdoor, cyber, data-breach, government, linux, malware, tactics, tool, usa

A newly identified Linux backdoor named >>Auto-Color,
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 40

Apr 6, 2025 2:42 PM

Tags: backdoor, cisa, international, ivanti, malicious, malware, tactics

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape CISA Releases Malware Analysis Report on RESURGE Malware Associated with Ivanti Connect Secure Unboxing Anubis: Exploring the Stealthy Tactics of FIN7’s Latest Backdoor Advancements in delivery: Scripting with Nietzsche Analyzing New HijackLoader Evasion Tactics Malicious Python…
Cyber agencies urge organizations to collaborate to stop fast flux DNS attacks

Apr 4, 2025 10:42 PM

Tags: advisory, attack, awareness, cyber, cybersecurity, defense, detection, dns, email, intelligence, malicious, monitoring, phishing, risk, service, tactics, threat

How to mitigate DNS attacks: Fast flux is one of many types of DNS attack. But there are tactics organizations can use to mitigate them.In the case of fast flux, the report recommends that:defenders should use cybersecurity and PDNS services that detect and block fast flux. “By leveraging providers that detect fast flux and implement…
Attackers Abuse Remote Desktop Protocol, Microsoft Binaries

Apr 4, 2025 9:42 PM

Tags: cyber, microsoft, tactics, tool

Investigators See Ongoing Use of Living-Off-the-Land Binaries, Frequent RDP Abuse. Incident responders studying last year’s top attacker tools, tactics and procedures have urged cyber defenders to monitor for the unusual use of legitimate administrator tools, suspicious use of Remote Desktop Protocol, as well as attempts by attackers to hide their tracks by wiping logs. First…
PoisonSeed Targets CRM and Bulk Email Providers in New Supply Chain Phishing Attack

Apr 4, 2025 8:42 PM

Tags: attack, credentials, crypto, cyber, email, phishing, supply-chain, tactics, threat

A sophisticated phishing campaign, dubbed >>PoisonSeed,
New Android Spyware Tricks Users by Demanding Passwords for Uninstallation

Apr 4, 2025 2:42 PM

Tags: android, cyber, password, spyware, tactics

A newly identified Android spyware app is elevating its tactics to remain hidden and unremovable by leveraging a password prompt for uninstallation. This unsettling feature effectively blocks users from removing the app unless the correct password”, set by the person who installed the spyware”, is entered. How the Spyware Works The spyware, which TechCrunch decided…
Hunters International shifting tactics amid growing risks

Apr 3, 2025 11:42 PM

Tags: international, risk, tactics

First seen on scworld.com Jump to article: www.scworld.com/brief/hunters-international-shifting-tactics-amid-growing-risks
Cryptohack Roundup: Q1 Sees Record Hacks

Apr 3, 2025 7:42 PM

Tags: crypto, lazarus, malware, tactics

Also: SEC Drops Kraken, Consensys and Cumberland DRW Lawsuits. This week, hack stats, Hamas crypto funds seizure, conclusion of Kraken, Consensys and Cumberland DRW lawsuits, Kentucky dropped its Coinbase suit, Trump pardoned BitMex co-founders, Lazarus’s new tactics, and Crocodilus malware’s crypto targets. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/cryptohack-roundup-q1-sees-record-hacks-a-27916
DarkCloud Stealer Uses Weaponized .TAR Archives to Target Organizations and Steal Passwords

Apr 3, 2025 3:42 PM

Tags: cyber, cyberattack, email, international, malicious, office, password, social-engineering, tactics

A recent cyberattack campaign leveraging the DarkCloud stealer has been identified, targeting Spanish companies and local offices of international organizations across various industries. The attackers are spoofing a legitimate Spanish company specializing in mountain and skiing equipment to deliver malicious payloads via email. The emails, which use billing-themed social engineering tactics, feature subjects such as…
AI Threats Are Evolving Fast, Learn Practical Defense Tactics in this Expert Webinar

Apr 3, 2025 2:42 PM

Tags: ai, cybercrime, defense, intelligence, strategy, tactics, threat, tool

The rules have changed. Again. Artificial intelligence is bringing powerful new tools to businesses. But it’s also giving cybercriminals smarter ways to attack. They’re moving quicker, targeting more precisely, and slipping past old defenses without being noticed.And here’s the harsh truth: If your security strategy hasn’t evolved with AI in mind, you’re already behind.But you’re…
AI disinformation didn’t upend 2024 elections, but the threat is very real

Apr 3, 2025 12:42 PM

Tags: ai, attack, authentication, business, ceo, ciso, control, corporate, credentials, cyber, cyberattack, cybercrime, cybersecurity, data, deep-fake, detection, disinformation, election, email, endpoint, finance, fraud, group, hacking, identity, incident, incident response, intelligence, international, jobs, login, malware, network, phishing, ransomware, RedTeam, risk, scam, soc, social-engineering, tactics, threat, tool, training

Attackers are using AI to distort and undermine threat intelligence: AI-powered disinformation has moved beyond external influence, it is now reshaping adversary tactics inside compromised networks. Attackers can generate false system logs, fabricate network traffic, and manipulate forensic evidence, forcing incident response teams to chase misleading anomalies while real intrusions progress undetected. AI-assisted malware is also…
Crimelords at Hunters International tell lackeys ransomware too ‘risky’

Apr 2, 2025 10:47 PM

Tags: international, ransomware, tactics, theft

Bosses say theft now the name of the game with a shift in tactics, apparent branding First seen on theregister.com Jump to article: www.theregister.com/2025/04/02/hunters_international_rebrand/