Tag: tactics

Researchers Unveil APT28’s Advanced HTA Trojan Obfuscation Tactics

Mar 4, 2025 5:34 PM

Tags: cyber, espionage, group, russia, tactics, threat

Security researchers have uncovered sophisticated obfuscation techniques employed by APT28, a Russian-linked advanced persistent threat (APT) group, in their HTA (HTML Application) Trojan. The analysis, part of an ongoing investigation into APT28’s cyber espionage campaigns targeting Central Asia and Kazakhstan, highlights the group’s use of multi-layered obfuscation and the VBE (VBScript Encoded) technique to evade…
CISOs should address identity management ‘as fast as they can’ says CrowdStrike exec

Mar 4, 2025 12:34 AM

Tags: access, ai, attack, authentication, business, china, ciso, crowdstrike, cvss, cyberattack, disinformation, email, exploit, finance, government, identity, iran, jobs, malicious, malware, mfa, microsoft, network, north-korea, password, phishing, phone, powershell, russia, service, social-engineering, spam, switch, tactics, threat, tool, update, vulnerability

Breakout time, how long it takes for an adversary to start moving laterally across at IT network, reached an all-time low last year. The average fell to 48 minutes, while the fastest breakout time dropped to a mere 51 seconds;Voice phishing (vishing) attacks, where adversaries call victims to amplify their activities with persuasive social engineering…
Fighting Back: 4 Essential Ransomware Defense Strategies for CISOs in 2025

Mar 3, 2025 10:34 PM

Tags: breach, ciso, cyber, defense, extortion, ransomware, strategy, tactics, tool

Focus on Cyber Hygiene, Advanced Tools and Rapid Response to Outsmart Attackers Modern cyberthreats require modern defense tactics. Ransomware now employs multilayered extortion tactics that target operations and reputations. With 68% of breaches involving human error, CISOs and leaders must focus on cyber hygiene, advanced security tools and rapid response strategies. First seen on govinfosecurity.com…
Hacktivist Groups Emerge With Powerful Tools for Large-Scale Cyber Operations

Feb 28, 2025 6:34 PM

Tags: attack, cyber, government, group, service, tactics, tool, warfare

Hacktivism, once synonymous with symbolic website defacements and distributed denial-of-service (DDoS) attacks, has evolved into a sophisticated tool for cyber warfare and influence operations. Recent research highlights how state-sponsored actors are increasingly leveraging hacktivist tactics to conduct large-scale cyber campaigns, blurring the lines between grassroots activism and government-directed operations. These groups, often cloaked in anonymity…
New GitHub Scam Uses Fake “Mods” and “Cracks” to Steal User Data

Feb 28, 2025 9:34 AM

Tags: credentials, crypto, cyber, data, github, malicious, malware, scam, social-engineering, software, tactics

A sophisticated malware campaign leveraging GitHub repositories disguised as game modifications and cracked software has been uncovered, exposing a dangerous convergence of social engineering tactics and automated credential harvesting. Security researchers identified over 1,100 malicious repositories distributing variants of the Redox stealer, a Python-based malware designed to exfiltrate sensitive data including cryptocurrency wallet keys, browser cookies,…
Angry Likho APT Group Resurfaces with New Attacks and Advanced Malware Tactics

Feb 26, 2025 5:23 AM

Tags: apt, attack, group, kaspersky, malware, tactics, threat

Kaspersky Labs has uncovered new activity from Angry Likho, an advanced persistent threat (APT) group that has been First seen on securityonline.info Jump to article: securityonline.info/angry-likho-apt-group-resurfaces-with-new-attacks-and-advanced-malware-tactics/
Black Basta ransomware leak sheds light on targets, tactics

Feb 25, 2025 10:23 PM

Tags: cisco, citrix, cve, fortinet, leak, microsoft, network, ransomware, tactics

VulnCheck found the ransomware gang targeted CVEs in popular enterprise products from Microsoft, Citrix, Cisco, Fortinet, Palo Alto Networks, Confluence Atlassian and more. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366619641/Black-Basta-ransomware-leak-sheds-light-on-targets-tactics
Poseidon Stealer Targets Mac Users via Fake DeepSeek Website

Feb 25, 2025 12:23 PM

Tags: apple, attack, cyber, cybersecurity, infection, macOS, malware, social-engineering, tactics

Cybersecurity researchers uncovered a sophisticated malware campaign targeting macOS users through a fraudulent DeepSeek.ai interface. Dubbed >>Poseidon Stealer,
UAC-0212: Hackers Unleash Devastating Cyber Attack on Critical Infrastructure

Feb 25, 2025 5:22 AM

Tags: attack, automation, control, cyber, hacker, infrastructure, network, tactics, threat

In a recent escalation of cyber threats, hackers have launched a targeted campaign, identified as UAC-0212, aimed at compromising critical infrastructure facilities in Ukraine. This campaign, which began in the second half of 2024, involves sophisticated tactics to infiltrate the networks of developers and suppliers of automation and process control solutions. The attackers’ ultimate goal…
Black Basta Leaks Reveal Targeting, Planning, Escalation

Feb 24, 2025 10:23 PM

Tags: group, intelligence, leak, open-source, ransomware, tactics

Group Cross-Referenced Open-Source Victim Intelligence With Infostealer Hauls The leak of 200,000 internal chat messages for the Black Basta operation provides an overview of how a modern ransomware group organizes itself to take down victims in the most efficient, profit-maximizing manner possible, using a variety of tactics that should be, in theory, easy to repel.…
UAC-0212: Hackers Unleash Devastating Cyber Assault on Critical Infrastructure

Feb 24, 2025 7:22 PM

Tags: automation, control, cyber, hacker, infrastructure, network, tactics, threat

In a recent escalation of cyber threats, hackers have launched a targeted campaign, identified as UAC-0212, aimed at compromising critical infrastructure facilities in Ukraine. This campaign, which began in the second half of 2024, involves sophisticated tactics to infiltrate the networks of developers and suppliers of automation and process control solutions. The attackers’ ultimate goal…
New Zhong Stealer Malware Exploit Zendesk to Attack Fintech and Cryptocurrency

Feb 23, 2025 7:23 AM

Tags: attack, crypto, cyber, exploit, fintech, malware, phishing, social-engineering, tactics, threat

A newly identified malware, dubbed Zhong Stealer, has emerged as a significant threat to the fintech and cryptocurrency sectors. Any.run researchers discovered zhong malware during a phishing campaign between December 20 and 24, 2024, the malware exploits customer support platforms like Zendesk to infiltrate organizations. The attackers masquerade as customers, leveraging social engineering tactics to…
Bloody Wolf Cybercrime Group Evolves Tactics, Expands Targets

Feb 22, 2025 5:24 AM

Tags: cybercrime, group, intelligence, tactics, threat

The BI.ZONE Threat Intelligence team has released a new report detailing the evolution of the Bloody Wolf cybercrime First seen on securityonline.info Jump to article: securityonline.info/bloody-wolf-cybercrime-group-evolves-tactics-expands-targets/
Notorious crooks broke into a company network in 48 minutes. Here’s how.

Feb 21, 2025 8:23 PM

Tags: network, tactics

Report sheds new light on the tactics allowing attackers to move at breakneck speed. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/02/notorious-crooks-broke-into-a-company-network-in-48-minutes-heres-how/
Cisco Details ‘Salt Typhoon’ Network Hopping, Credential Theft Tactics

Feb 21, 2025 4:23 PM

Tags: china, cisco, credentials, hacker, network, tactics, theft

Cisco Talos observed Chinese hackers pivoting from a compromised device operated by one telecom to target a device in another telecom. The post Cisco Details ‘Salt Typhoon’ Network Hopping, Credential Theft Tactics appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cisco-details-salt-typhoon-network-hopping-credential-theft-tactics/
CL0P Ransomware Launches Large-Scale Attacks on Telecom and Healthcare Sectors

Feb 21, 2025 11:38 AM

Tags: attack, cyber, data, exploit, extortion, group, healthcare, ransomware, tactics, vulnerability, zero-day

The notorious CL0P ransomware group has intensified its operations in early 2025, targeting critical sectors such as telecommunications and healthcare. Known for its sophisticated tactics, the group has exploited zero-day vulnerabilities to infiltrate systems, steal sensitive data, and extort victims. This resurgence follows a relatively quieter 2024, during which CL0P listed only 27 victims compared…
Russia-linked APTs target Signal messenger

Feb 19, 2025 11:46 PM

Tags: apt, exploit, google, group, intelligence, russia, tactics, threat

Russia-linked threat actors exploit Signal ‘s >>linked devices
Russian cyberespionage groups target Signal users with fake group invites

Feb 19, 2025 7:46 PM

Tags: access, android, api, attack, communications, computer, cyber, cyberespionage, data, espionage, google, group, intelligence, linux, macOS, malicious, malware, military, mobile, password, phishing, phone, powershell, qr, russia, service, spyware, tactics, threat, ukraine, update, windows

QR codes provide a means of phishing Signal users: These features now work by scanning QR codes that contain the cryptographic information needed to exchange keys between different devices in a group or to authorize a new device to an account. The QR codes are actually representations of special links that the Signal application knows…
Next Wave of ‘Scam-Yourself’ Attacks Leverages AI-Generated Deepfake Videos

Feb 19, 2025 5:46 PM

Tags: ai, attack, cyber, cybercrime, cybersecurity, deep-fake, exploit, malicious, malware, scam, tactics

Cybersecurity experts have uncovered a new wave of >>Scam-Yourself
Malware-Infected Signal, Line, and Gmail Apps Alter System Defenses

Feb 19, 2025 5:46 PM

Tags: china, cyber, cybersecurity, defense, exploit, malicious, malware, tactics

A recent cybersecurity analysis has uncovered a campaign targeting Chinese-speaking users through malicious installers of popular applications such as Signal, Line, and Gmail. These backdoored executables exploit manipulated search engine results to lure unsuspecting users into downloading malware-laden files. The attackers employ deceptive tactics, including fake download pages hosted on unrelated domains, to distribute these…
How Hackers Manipulate Agentic AI with Prompt Engineering

Feb 19, 2025 4:46 PM

Tags: ai, hacker, tactics, threat

Organizations adopting the transformative nature of agentic AI are urged to take heed of prompt engineering tactics being practiced by threat actors. The post How Hackers Manipulate Agentic AI with Prompt Engineering appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/how-hackers-manipulate-agentic-ai-with-prompt-engineering/
Ukrainian Signal Users Fall to Russian Social Engineering

Feb 19, 2025 1:46 PM

Tags: attack, encryption, google, hacker, malicious, phishing, russia, service, social-engineering, tactics, ukraine

Google Expects Tactics to Spread; Global Targets and Other Services at Risk. Russian nation-state hackers are using phishing attacks to target Ukrainian users of the chat app Signal, say security researchers. Rather than circumventing Signal’s end-to-end encryption via a cryptographic attack, attackers use malicious prompting to prod victims into exposing messages. First seen on govinfosecurity.com…
GRIT’s 2025 Report: Ransomware Group Dynamics and Case Studies

Feb 18, 2025 3:46 PM

Tags: group, ransomware, tactics, threat

Ransomware threats continue evolving, with the most successful groups refining their tactics to maximize impact over the last year. Understanding… First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/grits-2025-report-ransomware-group-dynamics-and-case-studies/
Debunking the AI Hype: Inside Real Hacker Tactics

Feb 18, 2025 1:46 PM

Tags: ai, cyber, hacker, malware, tactics, threat

Is AI really reshaping the cyber threat landscape, or is the constant drumbeat of hype drowning out actual, more tangible, real-world dangers? According to Picus Labs’ Red Report 2025 which analyzed over one million malware samples, there’s been no significant surge, so far, in AI-driven attacks. Yes, adversaries are definitely continuing to innovate, and while…
XCSSET macOS malware reappears with new attack strategies, Microsoft sounds alarm

Feb 18, 2025 12:46 PM

Tags: access, advisory, apple, attack, browser, chrome, control, credentials, cybercrime, data, detection, endpoint, exploit, infection, macOS, malicious, malware, microsoft, risk, service, software, strategy, supply-chain, tactics, threat, update, vulnerability

Xcode developers targeted through infected projects: Microsoft reported that XCSSET continues to spread via compromised Xcode projects, a technique that has been in use since the malware’s discovery in 2020. Once an infected project is cloned or downloaded, the malware can embed itself within the developer’s system and further propagate when the infected code is…
Password managers under increasing threat as infostealers triple and adapt

Feb 18, 2025 8:46 AM

Tags: access, attack, authentication, automation, breach, ceo, cloud, credentials, crypto, cyber, cybercrime, cybersecurity, dark-web, data, data-breach, defense, email, encryption, exploit, finance, hacker, identity, intelligence, least-privilege, login, malicious, malware, mfa, password, phishing, ransomware, risk, service, switch, tactics, theft, threat, tool, vulnerability, zero-trust

Malware-as-a-service infostealers: For example, RedLine Stealer is specifically designed to target and steal sensitive information, including credentials stored in web browsers and other applications. It is often distributed through phishing emails or by tricking prospective marks into visiting booby-trapped websites laced with malicious downloaders.Another threat comes from Lumma stealer, offered for sale as a malware-as-a-service,…
New family of data-stealing malware leverages Microsoft Outlook

Feb 17, 2025 11:46 PM

Tags: access, api, apt, attack, backdoor, breach, ciso, cloud, computer, control, credentials, data, email, github, group, linux, login, mail, malicious, malware, microsoft, network, ntlm, sans, service, tactics, threat, tool, windows

certutil application which handles certificates, to download files.Espionage seems to be the motive, says the report, and there are Windows and Linux versions of the malware. But fortunately the gang “exhibited poor campaign management and inconsistent evasion tactics,” it notes. Nevertheless, CISOs should be watching for signs of attack using this group’s techniques, because their…
Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics

Feb 17, 2025 6:46 PM

Tags: apple, attack, infection, intelligence, macOS, malware, microsoft, strategy, tactics, threat

Microsoft said it has discovered a new variant of a known Apple macOS malware called XCSSET as part of limited attacks in the wild.”Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies,” the Microsoft Threat Intelligence team said in a post shared on…
Ransomware Gangs Encrypt Systems 17 Hours After Initial Infection

Feb 17, 2025 3:46 PM

Tags: cyber, cybersecurity, encryption, infection, network, ransom, ransomware, tactics

Ransomware gangs are accelerating their operations, with the average time-to-ransom (TTR), the period between initial system compromise and the deployment of encryption, now standing at just 17 hours, according to recent cybersecurity analyses. This marks a significant shift from earlier tactics, where attackers often lurked in networks for days or weeks to maximize reconnaissance and…
Ransomware gangs extort victims 17 hours after intrusion on average

Feb 17, 2025 9:46 AM

Tags: access, business, credentials, data, encryption, espionage, exploit, extortion, government, group, healthcare, Intruder, malicious, malware, metric, monitoring, network, ransom, ransomware, service, tactics, technology, theft, threat, tool, vulnerability, zero-day

The initial point of access for the attackers and the privileges it provided themHow easy it is to reach other network segments and systems from the initially compromised assetWhether access into the environment was resold to a ransomware operator by an initial access brokerWhether the attackers decided to operate only outside the victim’s regular business…