Tag: tactics

CISA, FBI Warn of Medusa Ransomware Impacting Critical Infrastructure

Mar 13, 2025 5:52 PM

Tags: cisa, extortion, infrastructure, ransomware, tactics

CISA and FBI warn of Medusa ransomware impacting over 300 victims across critical infrastructure sectors with double extortion tactics First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-fbi-warn-medusa-ransomware/
Red Report 2025: Unmasking a 3X Spike in Credential Theft and Debunking the AI Hype

Mar 13, 2025 3:52 PM

Tags: ai, automation, credentials, malware, tactics, theft

Credential theft surged 3Ã— in a year”, but AI-powered malware? More hype than reality. The Red Report 2025 by Picus Labs reveals attackers still rely on proven tactics like stealth & automation to execute the “perfect heist.” First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/red-report-2025-unmasking-a-3x-spike-in-credential-theft-and-debunking-the-ai-hype/
Medusa ransomware hit over 300 critical infrastructure organizations until February 2025

Mar 13, 2025 10:52 AM

Tags: advisory, cisa, infrastructure, ransomware, tactics

The Medusa ransomware operation hit over 300 organizations in critical infrastructure sectors in the United States until February 2025. The FBI, CISA, and MS-ISAC have issued a joint advisory detailing Medusa ransomware tactics, techniques, and indicators of compromise (IOCs) based on FBI investigations as recent as February 2025. This advisory is part of the #StopRansomware…
New OBSCURE#BAT Exploit Windows Alters System Processes Registry for Evasion

Mar 13, 2025 9:52 AM

Tags: cyber, cybersecurity, exploit, malicious, malware, social-engineering, tactics, windows

Cybersecurity researchers at Securonix have identified an advanced malware campaign that employs social engineering tactics and heavily obfuscated code to deploy rootkits capable of cloaking malicious activities on compromised systems. Dubbed OBSCURE#BAT, the campaign targets English-speaking users through various deception techniques, ultimately installing a user-mode rootkit that can hide files, registry entries, and processes from…
Chinese Hacked Exploit Juniper Networks Routers to Implant Backdoor

Mar 13, 2025 6:52 AM

Tags: backdoor, china, cyber, cybersecurity, espionage, exploit, group, infrastructure, mandiant, network, router, tactics

Cybersecurity researchers have uncovered a sophisticated cyber espionage campaign targeting critical network infrastructure, marking a significant evolution in tactics by Chinese state-sponsored hackers. Mandiant, a leading cybersecurity firm, has discovered multiple custom backdoors deployed on Juniper Networks’ routers, attributing the activity to a Chinese espionage group known as UNC3886. The backdoors provided attackers with persistent…
Blind Eagle’s Rapid Adaptation: New Tactics Deployed Days After Patch

Mar 13, 2025 5:52 AM

Tags: cyberattack, group, tactics, update

A new wave of cyberattacks linked to the Blind Eagle (APT-C-36) group has been uncovered by Check Point First seen on securityonline.info Jump to article: securityonline.info/blind-eagles-rapid-adaptation-new-tactics-deployed-days-after-patch/
How AI fuels identity theft tactics

Mar 12, 2025 9:55 PM

Tags: ai, identity, tactics, theft

First seen on scworld.com Jump to article: www.scworld.com/perspective/how-ai-fuels-identity-theft-tactics
Chinese cyberespionage group deploys custom backdoors on Juniper routers

Mar 12, 2025 4:52 PM

Tags: access, attack, authentication, backdoor, backup, botnet, china, control, credentials, cyberespionage, ddos, detection, encryption, endpoint, espionage, exploit, google, group, identity, infrastructure, injection, intelligence, malicious, malware, mandiant, mitigation, monitoring, network, risk, router, software, switch, tactics, threat, tool, unauthorized, update, vulnerability, zero-day

File integrity protections were bypassed: Attackers’ initial access to the Juniper MX routers analyzed by Mandiant seems to have been achieved with legitimate credentials. While UNC3886 has developed and used zero-day exploits to compromise network-edge devices in the past, the group actively performs credential collection on compromised networks for lateral movement to support its goal…
The state of ransomware: Fragmented but still potent despite takedowns

Mar 12, 2025 4:52 PM

Tags: ai, alphv, antivirus, attack, backup, cloud, control, cyber, cybercrime, cybersecurity, data, ddos, detection, endpoint, extortion, firewall, group, incident response, intelligence, law, leak, LLM, lockbit, malware, network, ransom, ransomware, service, software, tactics, threat, tool, usa, zero-trust

Runners and riders on the rise: Smaller, more agile ransomware groups like Lynx (INC rebrand), RansomHub (a LockBit sub-group), and Akira filled the void after major takedowns, collectively accounting for 54% of observed attacks, according to a study by managed detection and response firm Huntress.RansomHub RaaS has quickly risen in prominence by absorbing displaced operators…
AI-Generated Fake GitHub Repositories Steal Login Credentials

Mar 11, 2025 3:54 PM

Tags: ai, credentials, cyber, cybercrime, cybersecurity, exploit, github, login, malicious, malware, tactics, threat

A concerning cybersecurity threat has emerged with the discovery of AI-generated fake GitHub repositories designed to distribute malware, including the notorious SmartLoader and Lumma Stealer. These malicious repositories, crafted to appear legitimate, exploit GitHub’s trusted reputation to deceive users into downloading ZIP files containing malicious code. The campaign highlights the evolving tactics cybercriminals employ to…
Your Risk Scores Are Lying: Adversarial Exposure Validation Exposes Real Threats

Mar 11, 2025 1:54 PM

Tags: cybersecurity, risk, tactics, threat, tool, vulnerability

In cybersecurity, confidence is a double-edged sword. Organizations often operate under a false sense of security, believing that patched vulnerabilities, up-to-date tools, polished dashboards, and glowing risk scores guarantee safety. The reality is a bit of a different story. In the real world, checking the right boxes doesn’t equal being secure. As Sun Tzu warned,…
Hackers Compromise Windows Systems Using 5000+ Malicious Packages

Mar 11, 2025 12:54 PM

Tags: cyber, detection, exploit, hacker, malicious, software, tactics, threat, vulnerability, windows

A recent analysis by FortiGuard Labs has revealed a significant increase in malicious software packages, with over 5,000 identified since November 2024. These packages employ sophisticated techniques to evade detection and exploit system vulnerabilities, posing a substantial threat to Windows systems and other software environments. The tactics used by attackers include low-file-count packages, suspicious install…
North Korean Hackers Use ZIP Files to Deploy Malicious PowerShell Scripts

Mar 10, 2025 8:54 PM

Tags: attack, breach, cyber, hacker, malicious, north-korea, phishing, powershell, tactics

North Korean state-sponsored hackers, known as APT37 or ScarCruft, have been employing sophisticated tactics to breach systems, leveraging malicious ZIP files containing LNK files to initiate attacks. These LNK files, often disguised as documents related to North Korean affairs or trade agreements, are distributed via phishing emails. Once opened, they trigger a multi-stage attack involving…
Threat Actors Exploit EncryptHub for Multi-Stage Malware Attacks

Mar 10, 2025 7:54 PM

Tags: attack, cyber, cybercrime, exploit, infrastructure, intelligence, malware, tactics, threat

EncryptHub, a rising cybercriminal entity, has been under scrutiny by multiple threat intelligence teams, including Outpost24’s KrakenLabs. Recent investigations have uncovered previously unseen aspects of EncryptHub’s infrastructure and tactics, revealing a sophisticated multi-stage malware campaign. The threat actor’s operational security (OPSEC) lapses have provided valuable insights into their attack chain and methodologies. EncryptHub’s campaigns utilize…
Ragnar Loader Used by Multiple Ransomware Groups to Bypass Detection

Mar 10, 2025 7:54 PM

Tags: access, cyber, cyberattack, detection, group, malicious, malware, ransomware, tactics

Ragnar Loader, a sophisticated toolkit associated with the Ragnar Locker ransomware group, has been instrumental in facilitating targeted cyberattacks on organizations since its emergence in 2020. This malware is part of the Monstrous Mantis ransomware ecosystem and is designed to maintain persistent access to compromised systems, enabling sustained malicious operations. Ragnar Loader employs advanced tactics…
Sidewinder goes nuclear, charts course for maritime mayhem in tactics shift

Mar 10, 2025 5:53 PM

Tags: group, phishing, tactics

Phishing and ancient vulns still do the trick for one of the most prolific groups around First seen on theregister.com Jump to article: www.theregister.com/2025/03/10/sidewinder_tactics_shift/
Lumma Stealer Using Fake Google Meet Windows Update Sites to Launch “Click Fix” Style Attack

Mar 8, 2025 6:53 AM

Tags: attack, cyber, cybersecurity, google, malicious, malware, powershell, social-engineering, tactics, update, windows

Cybersecurity researchers continue to track sophisticated >>Click Fix
EncryptHub’s OPSEC Failures Expose Its Malware Operation

Mar 7, 2025 10:53 PM

Tags: infrastructure, malware, tactics

Outpost24’s KrakenLabs reveals EncryptHub’s multi-stage malware campaign, exposing their infrastructure and tactics through critical OPSEC failures. Learn how… First seen on hackread.com Jump to article: hackread.com/encrypthub-opsec-failures-expose-malware-operation/
Akira Ransomware Targets Windows Servers via RDP and Evades EDR with Webcam Trick

Mar 7, 2025 5:53 PM

Tags: cyber, cybersecurity, detection, edr, endpoint, exploit, group, ransomware, tactics, threat, windows

In a recent cybersecurity incident, the Akira ransomware group demonstrated its evolving tactics by exploiting an unsecured webcam to bypass Endpoint Detection and Response (EDR) tools. This novel approach highlights the group’s ability to adapt and evade traditional security measures, making it a formidable threat in the cybersecurity landscape. Background and Modus Operandi Akira, a…
North Korean Moonstone Sleet Uses Creative Tactics to Deploy Custom Ransomware

Mar 7, 2025 5:53 PM

Tags: cyber, cyberespionage, finance, microsoft, north-korea, ransomware, software, tactics, threat

In a recent development, Microsoft has identified a new North Korean threat actor known as Moonstone Sleet, which has been employing a combination of traditional and innovative tactics to achieve its financial and cyberespionage objectives. Moonstone Sleet, formerly tracked as Storm-1789, has demonstrated a sophisticated approach by using fake companies, trojanized software, and even a…
YouTube Alerts Creators About Phishing Emails Targeting Login Credentials

Mar 7, 2025 2:53 PM

Tags: advisory, ai, attack, ceo, credentials, cyber, deep-fake, email, exploit, login, malicious, phishing, social-engineering, tactics, tool

YouTube has issued a critical security advisory following a widespread phishing campaign exploiting private video sharing to distribute AI-generated deepfakes of CEO Neal Mohan. The fraudulent videos falsely claim changes to the platform’s monetization policies, urging creators to click malicious links. This sophisticated attack vector combines social engineering tactics with advanced generative AI tools, targeting…
Linux, macOS users infected with malware posing as legitimate Go packages

Mar 7, 2025 1:53 PM

Tags: linux, macOS, malicious, malware, tactics, threat, tool

Campaign is tailor-made for persistence : The repeated use of identical filenames, array-based string obfuscation, and delayed execution tactics strongly suggests a coordinated adversary who plans to persist and adapt, the researchers added.The presence of multiple malicious Hypert and Layout packages along with several fallback domains also suggests a resilient infrastructure. This setup will allow threat…
Phantom Goblin Uses Social Engineering Tactics to Deploy Stealer Malware

Mar 7, 2025 12:54 PM

Tags: access, cyber, cybersecurity, data, malicious, malware, social-engineering, tactics, unauthorized

A sophisticated malware operation, dubbed >>Phantom Goblin,
Medusa Ransomware Attacks Surge 42% with Advanced Tools Tactics

Mar 7, 2025 11:53 AM

Tags: attack, cyber, data, extortion, group, ransomware, service, tactics, tool

Medusa ransomware attacks have seen a significant increase, rising by 42% between 2023 and 2024, with a further escalation in early 2025. This surge is attributed to the group Spearwing, which operates Medusa as a ransomware-as-a-service (RaaS) model. Spearwing and its affiliates are known for conducting double extortion attacks, where they steal data before encrypting…
Zero-Day Attacks Stolen Keys: Silk Typhoon Breaches Networks

Mar 7, 2025 5:53 AM

Tags: attack, breach, china, cyber, espionage, intelligence, microsoft, network, tactics, threat, zero-day

Microsoft Threat Intelligence has uncovered a strategic shift in the tactics of Silk Typhoon, a Chinese state-backed cyber-espionage First seen on securityonline.info Jump to article: securityonline.info/zero-day-attacks-stolen-keys-silk-typhoon-breaches-networks/
Hackers Deploy Advanced Social Engineering Tactics in Phishing Attacks

Mar 6, 2025 7:54 PM

Tags: apt, attack, cyber, cybercrime, hacker, malicious, phishing, social-engineering, strategy, tactics, threat

Cybercriminals are evolving their phishing methods, employing more sophisticated social engineering tactics to deceive their targets. Recent findings from ESET’s APT Activity Report highlight a concerning trend where threat actors are establishing relationships with potential victims before deploying malicious content. This shift in strategy makes it increasingly challenging for employees to identify and avoid phishing…
Hackers Exploit ‘Any/Any’ Communication Configurations in Cloud Services to Host Malware

Mar 6, 2025 7:54 PM

Tags: cloud, control, cyber, cybersecurity, detection, exploit, hacker, infrastructure, malicious, malware, service, tactics

Recent research by Veriti has uncovered a disturbing trend in cybersecurity: malicious actors are increasingly leveraging cloud infrastructure to distribute malware and operate command-and-control (C2) servers. This shift in tactics presents significant challenges for detection and exposes organizations to heightened security risks. Cloud Misconfigurations Open Doors for Attackers The study reveals that over 40% of…
Microsoft Warns of Silk Typhoon Hackers Exploiting Cloud Services to Attack IT Supply Chain

Mar 6, 2025 7:54 PM

Tags: attack, china, cloud, cyber, espionage, exploit, group, hacker, intelligence, microsoft, service, supply-chain, tactics, threat, tool, vulnerability

Microsoft Threat Intelligence has identified a significant shift in tactics by Silk Typhoon, a Chinese espionage group, now targeting common IT solutions such as remote management tools and cloud applications for initial access. This well-resourced and technically proficient threat actor has demonstrated a large targeting footprint among Chinese threat actors, exploiting vulnerabilities in edge devices…
Silk Typhoon hackers now target IT supply chains to breach networks

Mar 5, 2025 7:34 PM

Tags: access, attack, breach, china, cloud, cyber, espionage, group, hacker, microsoft, network, service, supply-chain, tactics, threat, tool

Microsoft warns that Chinese cyber-espionage threat group ‘Silk Typhoon’ has shifted its tactics, now targeting remote management tools and cloud services in supply chain attacks that give them access to downstream customers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/silk-typhoon-hackers-now-target-it-supply-chains-to-breach-networks/
Silk Typhoon Shifts Tactics to Exploit Common IT Solutions

Mar 5, 2025 6:34 PM

Tags: china, data, espionage, exploit, group, network, tactics

Chinese espionage group Silk Typhoon is increasingly exploiting common IT solutions to infiltrate networks and exfiltrate data First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/silk-typhoon-exploits-common/