Tag: tactics
-
Blind Eagle’s Rapid Adaptation: New Tactics Deployed Days After Patch
A new wave of cyberattacks linked to the Blind Eagle (APT-C-36) group has been uncovered by Check Point First seen on securityonline.info Jump to article: securityonline.info/blind-eagles-rapid-adaptation-new-tactics-deployed-days-after-patch/
-
How AI fuels identity theft tactics
First seen on scworld.com Jump to article: www.scworld.com/perspective/how-ai-fuels-identity-theft-tactics
-
The state of ransomware: Fragmented but still potent despite takedowns
Tags: ai, alphv, antivirus, attack, backup, cloud, control, cyber, cybercrime, cybersecurity, data, ddos, detection, endpoint, extortion, firewall, group, incident response, intelligence, law, leak, LLM, lockbit, malware, network, ransom, ransomware, service, software, tactics, threat, tool, usa, zero-trustRunners and riders on the rise: Smaller, more agile ransomware groups like Lynx (INC rebrand), RansomHub (a LockBit sub-group), and Akira filled the void after major takedowns, collectively accounting for 54% of observed attacks, according to a study by managed detection and response firm Huntress.RansomHub RaaS has quickly risen in prominence by absorbing displaced operators…
-
AI-Generated Fake GitHub Repositories Steal Login Credentials
Tags: ai, credentials, cyber, cybercrime, cybersecurity, exploit, github, login, malicious, malware, tactics, threatA concerning cybersecurity threat has emerged with the discovery of AI-generated fake GitHub repositories designed to distribute malware, including the notorious SmartLoader and Lumma Stealer. These malicious repositories, crafted to appear legitimate, exploit GitHub’s trusted reputation to deceive users into downloading ZIP files containing malicious code. The campaign highlights the evolving tactics cybercriminals employ to…
-
Your Risk Scores Are Lying: Adversarial Exposure Validation Exposes Real Threats
In cybersecurity, confidence is a double-edged sword. Organizations often operate under a false sense of security, believing that patched vulnerabilities, up-to-date tools, polished dashboards, and glowing risk scores guarantee safety. The reality is a bit of a different story. In the real world, checking the right boxes doesn’t equal being secure. As Sun Tzu warned,…
-
Hackers Compromise Windows Systems Using 5000+ Malicious Packages
A recent analysis by FortiGuard Labs has revealed a significant increase in malicious software packages, with over 5,000 identified since November 2024. These packages employ sophisticated techniques to evade detection and exploit system vulnerabilities, posing a substantial threat to Windows systems and other software environments. The tactics used by attackers include low-file-count packages, suspicious install…
-
North Korean Hackers Use ZIP Files to Deploy Malicious PowerShell Scripts
North Korean state-sponsored hackers, known as APT37 or ScarCruft, have been employing sophisticated tactics to breach systems, leveraging malicious ZIP files containing LNK files to initiate attacks. These LNK files, often disguised as documents related to North Korean affairs or trade agreements, are distributed via phishing emails. Once opened, they trigger a multi-stage attack involving…
-
Threat Actors Exploit EncryptHub for Multi-Stage Malware Attacks
EncryptHub, a rising cybercriminal entity, has been under scrutiny by multiple threat intelligence teams, including Outpost24’s KrakenLabs. Recent investigations have uncovered previously unseen aspects of EncryptHub’s infrastructure and tactics, revealing a sophisticated multi-stage malware campaign. The threat actor’s operational security (OPSEC) lapses have provided valuable insights into their attack chain and methodologies. EncryptHub’s campaigns utilize…
-
Ragnar Loader Used by Multiple Ransomware Groups to Bypass Detection
Ragnar Loader, a sophisticated toolkit associated with the Ragnar Locker ransomware group, has been instrumental in facilitating targeted cyberattacks on organizations since its emergence in 2020. This malware is part of the Monstrous Mantis ransomware ecosystem and is designed to maintain persistent access to compromised systems, enabling sustained malicious operations. Ragnar Loader employs advanced tactics…
-
Sidewinder goes nuclear, charts course for maritime mayhem in tactics shift
Phishing and ancient vulns still do the trick for one of the most prolific groups around First seen on theregister.com Jump to article: www.theregister.com/2025/03/10/sidewinder_tactics_shift/
-
EncryptHub’s OPSEC Failures Expose Its Malware Operation
Outpost24’s KrakenLabs reveals EncryptHub’s multi-stage malware campaign, exposing their infrastructure and tactics through critical OPSEC failures. Learn how… First seen on hackread.com Jump to article: hackread.com/encrypthub-opsec-failures-expose-malware-operation/
-
Akira Ransomware Targets Windows Servers via RDP and Evades EDR with Webcam Trick
In a recent cybersecurity incident, the Akira ransomware group demonstrated its evolving tactics by exploiting an unsecured webcam to bypass Endpoint Detection and Response (EDR) tools. This novel approach highlights the group’s ability to adapt and evade traditional security measures, making it a formidable threat in the cybersecurity landscape. Background and Modus Operandi Akira, a…
-
North Korean Moonstone Sleet Uses Creative Tactics to Deploy Custom Ransomware
In a recent development, Microsoft has identified a new North Korean threat actor known as Moonstone Sleet, which has been employing a combination of traditional and innovative tactics to achieve its financial and cyberespionage objectives. Moonstone Sleet, formerly tracked as Storm-1789, has demonstrated a sophisticated approach by using fake companies, trojanized software, and even a…
-
Linux, macOS users infected with malware posing as legitimate Go packages
Campaign is tailor-made for persistence : The repeated use of identical filenames, array-based string obfuscation, and delayed execution tactics strongly suggests a coordinated adversary who plans to persist and adapt, the researchers added.The presence of multiple malicious Hypert and Layout packages along with several fallback domains also suggests a resilient infrastructure. This setup will allow threat…
-
Medusa Ransomware Attacks Surge 42% with Advanced Tools Tactics
Medusa ransomware attacks have seen a significant increase, rising by 42% between 2023 and 2024, with a further escalation in early 2025. This surge is attributed to the group Spearwing, which operates Medusa as a ransomware-as-a-service (RaaS) model. Spearwing and its affiliates are known for conducting double extortion attacks, where they steal data before encrypting…
-
Zero-Day Attacks Stolen Keys: Silk Typhoon Breaches Networks
Microsoft Threat Intelligence has uncovered a strategic shift in the tactics of Silk Typhoon, a Chinese state-backed cyber-espionage First seen on securityonline.info Jump to article: securityonline.info/zero-day-attacks-stolen-keys-silk-typhoon-breaches-networks/
-
Hackers Exploit ‘Any/Any’ Communication Configurations in Cloud Services to Host Malware
Recent research by Veriti has uncovered a disturbing trend in cybersecurity: malicious actors are increasingly leveraging cloud infrastructure to distribute malware and operate command-and-control (C2) servers. This shift in tactics presents significant challenges for detection and exposes organizations to heightened security risks. Cloud Misconfigurations Open Doors for Attackers The study reveals that over 40% of…
-
Microsoft Warns of Silk Typhoon Hackers Exploiting Cloud Services to Attack IT Supply Chain
Microsoft Threat Intelligence has identified a significant shift in tactics by Silk Typhoon, a Chinese espionage group, now targeting common IT solutions such as remote management tools and cloud applications for initial access. This well-resourced and technically proficient threat actor has demonstrated a large targeting footprint among Chinese threat actors, exploiting vulnerabilities in edge devices…
-
Silk Typhoon hackers now target IT supply chains to breach networks
Microsoft warns that Chinese cyber-espionage threat group ‘Silk Typhoon’ has shifted its tactics, now targeting remote management tools and cloud services in supply chain attacks that give them access to downstream customers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/silk-typhoon-hackers-now-target-it-supply-chains-to-breach-networks/
-
Silk Typhoon Shifts Tactics to Exploit Common IT Solutions
Chinese espionage group Silk Typhoon is increasingly exploiting common IT solutions to infiltrate networks and exfiltrate data First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/silk-typhoon-exploits-common/
-
China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access
Tags: access, attack, china, corporate, cyber, exploit, flaw, hacking, intelligence, microsoft, supply-chain, tactics, technology, threat, zero-dayThe China-lined threat actor behind the zero-day exploitation of security flaws in Microsoft Exchange servers in January 2021 has shifted its tactics to target the information technology (IT) supply chain as a means to obtain initial access to corporate networks.That’s according to new findings from the Microsoft Threat Intelligence team, which said the Silk Typhoon…
-
Cybercriminals Impersonate Electronic Frontier Foundation to Target Gaming Community
A sophisticated phishing campaign targeting the Albion Online gaming community has been uncovered, revealing a complex operation involving impersonation of the Electronic Frontier Foundation (EFF) and deployment of advanced malware. The campaign, discovered on March 4, 2025, showcases the evolving tactics of cybercriminals in exploiting trust in reputable organizations and leveraging the immersive nature of…
-
Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates
Threat actors deploying the Black Basta and CACTUS ransomware families have been found to rely on the same BackConnect (BC) module for maintaining persistent control over infected hosts, a sign that affiliates previously associated with Black Basta may have transitioned to CACTUS.”Once infiltrated, it grants attackers a wide range of remote control capabilities, allowing them…