Tag: tactics
-
DPRK IT Workers Impersonate Polish and US Nationals to Secure Full-Stack Developer Positions
A alarming cybersecurity report by Nisos has uncovered a sophisticated employment scam network potentially affiliated with the Democratic People’s Republic of Korea (DPRK). This network targets remote engineering and full-stack blockchain developer roles by impersonating Polish and US nationals. The threat actors behind this operation employ a range of deceptive tactics, including the use of…
-
Chinese Hackers Deploy MarsSnake Backdoor in Multi-Year Attack on Saudi Organization
Tags: attack, backdoor, china, data-breach, email, group, hacker, hacking, international, phishing, spear-phishing, tactics, threatThreat hunters have exposed the tactics of a China-aligned threat actor called UnsolicitedBooker that targeted an unnamed international organization in Saudi Arabia with a previously undocumented backdoor dubbed MarsSnake.ESET, which first discovered the hacking group’s intrusions targeting the entity in March 2023 and again a year later, said the activity leverages spear-phishing emails using First…
-
Google Reveals Hackers Targeting US Following UK Retailer Attacks
The Google Threat Intelligence Group (GTIG) recently revealed that the well-known hacker collective UNC3944, which also overlaps with the widely publicized Scattered Spider, is a persistent and dynamic cyberthreat. Initially focused on telecommunications for SIM swap operations, UNC3944 has since pivoted to ransomware and data theft extortion tactics since early 2023, casting a wider net…
-
Researchers Replicate Advanced Tactics and Tools of VanHelsing Ransomware
Cybersecurity researchers at AttackIQ have meticulously emulated the intricate tactics, techniques, and procedures (TTPs) of the VanHelsing ransomware, a potent ransomware-as-a-service (RaaS) operation that surfaced in March 2025. This cyber threat has rapidly gained notoriety within the cybercriminal underworld for its advanced cross-platform capabilities and aggressive double extortion model. VanHelsing targets a wide array of…
-
BSidesLV24 GroundFloor Tactics of a Trash Panda
Author/Presenter: Angel Gamboa Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/bsideslv24-groundfloor-tactics-of-a-trash-panda/
-
Inside Turla’s Uroboros Infrastructure and Tactics Revealed
In a nation-state cyber espionage, a recent static analysis of the Uroboros rootkit, attributed to the infamous APT group Turla, uncovers a chilling display of sophistication and mastery over Windows kernel internals. With the sample identified by the MD5 hash ed785bbd156b61553aaf78b6f71fb37b, this malware-first linked to Turla around 2014-2015-stands as a testament to the group’s elite…
-
Stealth RAT uses a PowerShell loader for fileless attacks
Threat actors have been spotted using a PowerShell-based shellcode loader to stealthily deploy Remcos RAT, a popular espionage-ready tool in line with a broader shift toward fileless techniques.As discovered by Qualys, the campaign executes a number of steps to phish an obfuscated .HTA (HTML Application) file that runs layered PowerShell scripts entirely in memory.”The attackers…
-
DarkCloud Stealer Employs AutoIt to Evade Detection and Steal Login Credentials
Unit 42 researchers from Palo Alto Networks have uncovered a series of attacks in January 2025 involving the DarkCloud Stealer malware. This infostealer, first observed in 2022, has evolved with new tactics to bypass traditional detection mechanisms. By leveraging AutoIt scripting and multi-stage payloads, the latest variants of DarkCloud demonstrate a high level of sophistication,…
-
Focused Phishing: Attack Targets Victims With Trusted Sites and Live Validation
New phishing tactics are abusing trusted domains, real CAPTCHAs, and server-side email validation to selectively target victims with customized fake login pages. Keep Aware’s latest research breaks down the full attack chain and how these zero-day phish operate. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/focused-phishing-attack-targets-victims-with-trusted-sites-and-live-validation/
-
Ransomware Attacks Surge by 123% Amid Evolving Tactics and Strategies
The 2025 Third-Party Breach Report from Black Kite highlights a staggering 123% surge in ransomware attacks during 2024, driven largely by sophisticated exploitation of third-party vendor ecosystems. As cybercriminals refine their tactics, third-party vendors have emerged as the predominant entry point for some of the most catastrophic breaches in recent history. The report underscores how…
-
China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures
Tags: access, api, apt, attack, authentication, backdoor, backup, breach, business, china, cloud, control, cve, cyber, data, data-breach, detection, dns, encryption, endpoint, espionage, exploit, finance, firewall, fortinet, google, government, group, infection, infrastructure, intelligence, Internet, ivanti, linux, malicious, malware, mandiant, military, network, open-source, programming, rat, remote-code-execution, reverse-engineering, risk, rust, sap, service, strategy, tactics, threat, tool, update, vmware, vpn, vulnerability, windows, zero-dayExecutive Summary EclecticIQ analysts assess with high confidence that, in April 2025, China-nexus nation-state APTs (advanced persistent threat) launched high-temp exploitation campaigns against critical infrastructure networks by targeting SAP NetWeaver Visual Composer. Actors leveraged CVE-2025-31324 [1], an unauthenticated file upload vulnerability that enables remote code execution (RCE). This assessment is based on a publicly…
-
Hackers Abuse PyInstaller to Deploy Stealthy macOS Infostealer
Jamf Threat Labs has identified a novel macOS infostealer that exploits PyInstaller, a legitimate open-source tool used to bundle Python scripts into standalone Mach-O executables. This marks the first documented instance of PyInstaller being weaponized to deploy infostealers on macOS, highlighting a sophisticated evolution in the tactics of cybercriminals targeting Apple’s ecosystem. Discovered in April…
-
Redefining IABs: Impacts of compartmentalization on threat tracking and modeling
Threat actors are teaming up, splitting attacks into stages and making defense harder than ever. In Part 1, Cisco Talos examines their tactics and defines their motivations. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/redefining-initial-access-brokers/
-
Deepfake attacks are inevitable. CISOs can’t prepare soon enough.
Tags: advisory, ai, attack, authentication, awareness, blockchain, business, ciso, compliance, control, cybersecurity, data, deep-fake, defense, detection, espionage, finance, fraud, governance, grc, identity, incident response, jobs, law, mfa, north-korea, password, privacy, resilience, risk, scam, software, strategy, tactics, technology, threat, tool, training, updateReal-world fabrications: Even security vendors have been victimized. Last year, the governance risk and compliance (GRC) lead at cybersecurity company Exabeam was hiring for an analyst, and human resources (HR) qualified a candidate that looked very good on paper with a few minor concerns, says Kevin Kirkwood, CISO.”There were gaps in how the education represented…
-
Hackers Target IT Admins by Poisoning SEO to Push Malware to Top Search Results
Cybercriminals are increasingly targeting IT administrators through sophisticated Search Engine Optimization (SEO) poisoning techniques. By leveraging SEO tactics typically used for legitimate online marketing, attackers manipulate search engine rankings to push malicious websites to the top of results on platforms like Google. Disguised as trusted tools, these malicious payloads trick even seasoned admins into downloading…
-
New Mamona Ransomware Targets Windows Systems Using Abused Ping Command
Cybersecurity researchers are raising the alarm about a newly discovered commodity ransomware strain dubbedMamona, which is rapidly spreading across Windows systems. Unlike traditional ransomware, Mamona employs a unique set of tactics, notably exploiting the humble Windows “ping” command as a timing mechanism, and operates entirely offline, making detection and response more difficult. Emerging on the…
-
Double-extortion tactics used in PowerSchool ransomware attack
First seen on scworld.com Jump to article: www.scworld.com/news/double-extortion-tactics-used-in-powerschool-ransomware-attack
-
ESET Reveals How to Spot Fake Calls Demanding Payment for ‘Missed Jury Duty’
ESET, a leading cybersecurity firm, has shed light on one particularly insidious scheme: fake calls purportedly from government officials demanding payment for ‘missed jury duty’. Here’s how to identify and protect against these scams. Scammers employing these tactics often impersonate law enforcement officers or court officials, using a blend of urgency and authority to intimidate…
-
OpenCTI: Free Cyber Threat Intelligence Platform for Security Experts
OpenCTI (Open Cyber Threat Intelligence) stands out as a free, open source platform specifically designed to address this need-delivering robust capabilities for cyber threat intelligence (CTI) management and analysis. Created by Filigran, OpenCTI allows organizations to structure, store, and visualize both technical details (like Tactics, Techniques, and Procedures-TTPs-and observables) and non-technical information (such as attribution…
-
Smishing Triad Upgrades Tools and Tactics for Global Attacks
Global smishing campaigns linked to Chinese cybercriminals escalate with Smishing Triad’s new tools and techniques First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/smishing-triad-upgrades-tools/
-
Smishing on a Massive Scale: ‘Panda Shop’ Chinese Carding Syndicate
Resecurity found a new smishing kit called ‘Panda Shop,’ mimicking Smishing Triad tactics with improved features and new templates. Resecurity (USA) was the first company to identify the Smishing Triad, a group of Chinese cybercriminals targeting consumers across the globe. In August 2023, our team was able to identify their activity and locate the smishing…
-
Are IoT Devices the New Attack Vector for Ransomware Groups?
Tags: attack, cybersecurity, exploit, group, iot, password, ransomware, tactics, threat, vulnerabilityPhosphorus Cybersecurity’s Phillip Wylie on Asset Inventory, Password Hygiene. Organizations inadvertently create cybersecurity gaps by trusting connected devices. Threat actors are shifting tactics to exploit IoT vulnerabilities when traditional attack vectors strengthen, said Phillip Wylie, xIoT security evangelist at Phosphorous Cybersecurity. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/are-iot-devices-new-attack-vector-for-ransomware-groups-a-28280
-
âš¡ Weekly Recap: Nation-State Hacks, Spyware Alerts, Deepfake Malware, Supply Chain Backdoors
What if attackers aren’t breaking in”, they’re already inside, watching, and adapting?This week showed a sharp rise in stealth tactics built for long-term access and silent control. AI is being used to shape opinions. Malware is hiding inside software we trust. And old threats are returning under new names. The real danger isn’t just the…