Tag: tactics
-
Server-Side Phishing Attacks Target Employee and Member Portals to Steal Login Credentials
Attackers have been deploying server-side phishing schemes to compromise employee and member login portals across various enterprises. This strategic shift to server-side operations is designed to evade detection and complicate analysis. Evolving Phishing Techniques Recent investigations have highlighted a marked evolution in the tactics employed by phishing campaigns. Traditional methods relied on client-side redirects to…
-
Hacktivist Group Becomes More Sophisticated, Targets Critical Infrastructure to Deploy Ransomware
A recent report by Cyble has shed light on the evolving tactics of hacktivist groups, moving beyond traditional cyber disruptions like DDoS attacks and website defacements to engage in more advanced critical infrastructure attacks and ransomware operations. Advanced Attack Strategies Hacktivism is transforming into a complex tool of hybrid warfare, with groups adopting tactics traditionally…
-
The TraderTraitor Crypto Heist: Nation-State Tactics Meet Financial Cybercrime
The cryptocurrency sector has always been a magnet for cybercriminals, but the TraderTraitor campaign marks a different kind of threat”, one backed by state-sponsored actors with long-term goals and surgical precision. Allegedly linked to North Korea’s Lazarus Group, this campaign wasn’t just about breaking into wallets. It was about exploiting trust, manipulating human behavior, and…
-
ResolverRAT Malware Targets Healthcare, Pharma with Phishing Tactics
First seen on scworld.com Jump to article: www.scworld.com/brief/resolverrat-malware-targets-healthcare-pharma-with-phishing-tactics
-
European Companies Infected With New Chinese-Nexus Backdoor
Threat Actors Deploy Obfuscation Tactics to Targets Windows Machines. Likely Chinese nation-state hackers are targeting European companies using previously unseen malware backdoor variants with advanced network tunneling and evasion capabilities for data theft. Brussels-based security firm Nviso links the campaign to a threat actor tracked as UNC5221. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/european-companies-infected-new-chinese-nexus-backdoor-a-28009
-
Renewed APT29 Phishing Campaign Against European Diplomats
ighlights Introduction Starting in January 2025, Check Point Research (CPR) has been tracking a wave of targeted phishing attacks aimed at European governments and diplomats. The Techniques, Tactics and Procedures (TTPs) observed in this campaign align with the WINELOADER campaigns, which were attributed toAPT29, a Russialinkedthreat group. APT29, also commonly referred to as Midnight Blizzard…
-
Year in Review: The biggest trends in ransomware
This week, our Year in Review spotlight is on ransomware”, where low-profile tactics led to high-impact consequences. Download our 2 page ransomware summary, or watch our 55 second video. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/year-in-review-ransomware/
-
Hackers Use Microsoft Teams Chats to Deliver Malware to Windows PCs
A sophisticated cyberattack campaign has emerged, leveraging Microsoft Teams chats to infiltrate Windows PCs with malware, according to a recent report by cybersecurity firm ReliaQuest. The attack, which began surfacing in March 2025 and primarily targets the finance and professional services sectors, signals a dramatic evolution in tactics used by threat actors linked to the…
-
Fraud in Your Inbox: Email Is Still the Weakest Link
At-Bay Cyber Insurance Claims Report Finds 83% of Financial Fraud Starts With Email. Financial fraud remains the leading driver of cyberinsurance claims, with 83% of cases traced back to email-based attacks. Common tactics used to deceive employees include wiring funds to fraudulent accounts, generative AI-crafted emails, executive and vendor impersonation and BEC scams. First seen…
-
Slow Pisces Group Targets Developers Using Coding Challenges Laced with Python Malware
A North Korean state-sponsored threat group known as >>Slow Pisces
-
Tycoon2FA phishing kit rolled out significant updates
The operators of the Phishing-as-a-Service (PhaaS) platform Tycoon2FA have rolled out significant updates to enhance its evasion capabilities. Tycoon2FA, a phishing kit discovered in 2023 by cybersecurity firm Sekoia, was recently updated to improve its evasion capabilities. The phishing kit now uses advanced evasion tactics such as a custom CAPTCHA via HTML5 canvas, invisible Unicode…
-
GOFFEE APT: New PowerModul Implant and Tactics Target Russian Organizations
The APT group GOFFEE has resurfaced with a revamped arsenal, launching targeted cyberattacks across Russia’s strategic sectors. According First seen on securityonline.info Jump to article: securityonline.info/goffee-apt-new-powermodul-implant-and-tactics-target-russian-organizations/
-
Houthi Influence Campaign: Deceptive Tactics on Facebook Target Israel and Gulf States
In a recent cybersecurity analysis, ClearSky’s team uncovered a persistent influence campaign originating from Yemen/Houthi, targeting Israel and First seen on securityonline.info Jump to article: securityonline.info/houthi-influence-campaign-deceptive-tactics-on-facebook-target-israel-and-gulf-states/
-
Why security culture is crypto’s strongest asset
In this Help Net Security interview, Norah Beers, CISO at Grayscale, discusses key security challenges in managing crypto assets, adversary tactics, private key management, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/11/norah-beers-grayscale-crypto-asset-management/
-
Malicious ‘mParivahan’ App Circulates on WhatsApp, Skimming Sensitive Mobile Data
A new variant of the fake NextGen mParivahan app has emerged, exploiting the trust users place in official government notifications to distribute malware. This malicious software is distributed through seemingly legitimate traffic violation alerts via WhatsApp, luring victims into installing what they believe is the official app. Infection Vector and Deceptive Tactics The malware spreads…
-
Tainted drive appears to be source of malware attack on Western military mission in Ukraine
Researchers at Symantec said the Russia-linked group known as Gamaredon appears to have departed from its usual email phishing tactics in hacking a Western military mission in Ukraine. First seen on therecord.media Jump to article: therecord.media/gamaredon-removable-drive-malware-western-military-mission-ukraine
-
Emulating the Misleading CatB Ransomware
AttackIQ has released a new attack graph designed to emulate the Tactics, Techniques, and Procedures (TTPs) associated with CatB ransomware observed in its most recent activities, enabling defenders to test and validate their detection and response capabilities. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/emulating-the-misleading-catb-ransomware/
-
Scattered Spider Launches Sophisticated Attacks to Steal Login Credentials and MFA Tokens
The cyber threat landscape has witnessed remarkable adaptation from the notorious hacker collective known as Scattered Spider. Active since at least 2022, this group has been consistently refining its strategies for system compromise, data exfiltration, and identity theft. Silent Push analysts have tracked the evolution of Scattered Spider’s tactics, techniques, and procedures (TTPs) through early…
-
Ransomware Groups Target Organizations to Exfiltrate Data and Blackmail via Leak Site Posts
Ransomware attacks have continued their relentless assault on organizations worldwide, with a focus on data exfiltration and subsequent blackmail through leak site posts. Rapid7 Labs’ analysis of internal and public data provides insights into the evolving landscape of ransomware threats. Evolving Tactics in Ransomware Operations The ransomware ecosystem has seen a shift where established and…
-
Hellcat Ransomware Upgrades Arsenal to Target Government, Education, and Energy Sectors
Tags: attack, cyber, cybersecurity, exploit, government, group, phishing, ransomware, service, spear-phishing, tactics, vulnerability, zero-dayThe cybersecurity community has raised alarms over the rapid evolution of the Hellcat ransomware group, which has escalated its tactics to target critical sectors. Hellcat, which emerged in mid-2024, now employs a sophisticated blend of psychological manipulation, zero-day vulnerabilities, and Ransomware-as-a-Service (RaaS) to expand its influence. Spear Phishing and Zero-day Exploits Hellcat operators initiate attacks…
-
“The girl should be calling men.” Leak exposes Black Basta’s influence tactics.
Disclosure of tactics, techniques, and procedures provides rare glimpse into secretive group. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/04/leaked-messages-expose-trade-secrets-of-prolific-black-basta-ransomware-group/
-
Year in Review: Key vulnerabilities, tools, and shifts in attacker email tactics
From Talos’ 2024 Year in Review, here are some findings from the top targeted network device vulnerabilities. We also explore how threat actors are moving away from time sensitive lures in their emails. And finally we reveal the tools that adversaries most heavily utilized last year. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/year-in-review-key-vulnerabilities-tools-and-shifts-in-attacker-email-tactics/
-
Threat Actors Use VPS Hosting Providers to Deliver Malware and Evade Detection
Cybercriminals are intensifying phishing campaigns to spread the Grandoreiro banking trojan, targeting users primarily in Mexico, Argentina, and Spain. A detailed analysis by Forcepoint X-Labs reveals the sophisticated techniques employed by these attackers to evade detection and deliver malware. Phishing Tactics and Infrastucture The campaign begins with phishing emails purportedly from tax agencies, containing high-importance…
-
Auto-Color Linux Backdoor: TTPs and Internal Architecture Exposed
A newly identified Linux backdoor named >>Auto-Color,
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 40
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape CISA Releases Malware Analysis Report on RESURGE Malware Associated with Ivanti Connect Secure Unboxing Anubis: Exploring the Stealthy Tactics of FIN7’s Latest Backdoor Advancements in delivery: Scripting with Nietzsche Analyzing New HijackLoader Evasion Tactics Malicious Python…
-
Cyber agencies urge organizations to collaborate to stop fast flux DNS attacks
How to mitigate DNS attacks: Fast flux is one of many types of DNS attack. But there are tactics organizations can use to mitigate them.In the case of fast flux, the report recommends that:defenders should use cybersecurity and PDNS services that detect and block fast flux. “By leveraging providers that detect fast flux and implement…
-
Attackers Abuse Remote Desktop Protocol, Microsoft Binaries
Investigators See Ongoing Use of Living-Off-the-Land Binaries, Frequent RDP Abuse. Incident responders studying last year’s top attacker tools, tactics and procedures have urged cyber defenders to monitor for the unusual use of legitimate administrator tools, suspicious use of Remote Desktop Protocol, as well as attempts by attackers to hide their tracks by wiping logs. First…
-
PoisonSeed Targets CRM and Bulk Email Providers in New Supply Chain Phishing Attack
A sophisticated phishing campaign, dubbed >>PoisonSeed,
-
New Android Spyware Tricks Users by Demanding Passwords for Uninstallation
A newly identified Android spyware app is elevating its tactics to remain hidden and unremovable by leveraging a password prompt for uninstallation. This unsettling feature effectively blocks users from removing the app unless the correct password”, set by the person who installed the spyware”, is entered. How the Spyware Works The spyware, which TechCrunch decided…