Tag: tactics

China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access

Mar 5, 2025 5:34 PM

Tags: access, attack, china, corporate, cyber, exploit, flaw, hacking, intelligence, microsoft, supply-chain, tactics, technology, threat, zero-day

The China-lined threat actor behind the zero-day exploitation of security flaws in Microsoft Exchange servers in January 2021 has shifted its tactics to target the information technology (IT) supply chain as a means to obtain initial access to corporate networks.That’s according to new findings from the Microsoft Threat Intelligence team, which said the Silk Typhoon…
Cybercriminals Impersonate Electronic Frontier Foundation to Target Gaming Community

Mar 5, 2025 1:34 PM

Tags: cyber, cybercrime, exploit, phishing, tactics

A sophisticated phishing campaign targeting the Albion Online gaming community has been uncovered, revealing a complex operation involving impersonation of the Electronic Frontier Foundation (EFF) and deployment of advanced malware. The campaign, discovered on March 4, 2025, showcases the evolving tactics of cybercriminals in exploiting trust in reputable organizations and leveraging the immersive nature of…
Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware

Mar 5, 2025 12:34 AM

Tags: access, attack, corporate, exploit, group, malware, microsoft, ransomware, social-engineering, tactics

New research has uncovered further links between the Black Basta and Cactus ransomware gangs, with members of both groups utilizing the same social engineering attacks and the BackConnect proxy malware for post-exploitation access to corporate networks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-teams-tactics-malware-connect-black-basta-cactus-ransomware/
Getting the Most Value Out of the OSCP: The PEN-200 Course

Mar 4, 2025 6:34 PM

Tags: access, antivirus, attack, awareness, backdoor, cloud, compliance, conference, control, credentials, cve, cybersecurity, data, defense, detection, dos, edr, endpoint, exploit, github, gitlab, guide, hacker, hacking, jobs, kali, linkedin, linux, login, malicious, malware, mandiant, microsoft, network, ntlm, open-source, password, penetration-testing, powershell, programming, rce, remote-code-execution, risk, service, skills, software, tactics, theft, threat, tool, unauthorized, update, vmware, vulnerability, windows

In this second post of a five-part series, I provide advice on how to best utilize the PEN-200 course material for a successful career in ethical hacking. Disclaimer: All opinions expressed in this article are solely my own. I have reviewed the content to ensure compliance with OffSec’s copyright policies and agreements. I have not been…
Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates

Mar 4, 2025 6:34 PM

Tags: control, ransomware, tactics, threat

Threat actors deploying the Black Basta and CACTUS ransomware families have been found to rely on the same BackConnect (BC) module for maintaining persistent control over infected hosts, a sign that affiliates previously associated with Black Basta may have transitioned to CACTUS.”Once infiltrated, it grants attackers a wide range of remote control capabilities, allowing them…
Researchers Unveil APT28’s Advanced HTA Trojan Obfuscation Tactics

Mar 4, 2025 5:34 PM

Tags: cyber, espionage, group, russia, tactics, threat

Security researchers have uncovered sophisticated obfuscation techniques employed by APT28, a Russian-linked advanced persistent threat (APT) group, in their HTA (HTML Application) Trojan. The analysis, part of an ongoing investigation into APT28’s cyber espionage campaigns targeting Central Asia and Kazakhstan, highlights the group’s use of multi-layered obfuscation and the VBE (VBScript Encoded) technique to evade…
CISOs should address identity management ‘as fast as they can’ says CrowdStrike exec

Mar 4, 2025 12:34 AM

Tags: access, ai, attack, authentication, business, china, ciso, crowdstrike, cvss, cyberattack, disinformation, email, exploit, finance, government, identity, iran, jobs, malicious, malware, mfa, microsoft, network, north-korea, password, phishing, phone, powershell, russia, service, social-engineering, spam, switch, tactics, threat, tool, update, vulnerability

Breakout time, how long it takes for an adversary to start moving laterally across at IT network, reached an all-time low last year. The average fell to 48 minutes, while the fastest breakout time dropped to a mere 51 seconds;Voice phishing (vishing) attacks, where adversaries call victims to amplify their activities with persuasive social engineering…
Fighting Back: 4 Essential Ransomware Defense Strategies for CISOs in 2025

Mar 3, 2025 10:34 PM

Tags: breach, ciso, cyber, defense, extortion, ransomware, strategy, tactics, tool

Focus on Cyber Hygiene, Advanced Tools and Rapid Response to Outsmart Attackers Modern cyberthreats require modern defense tactics. Ransomware now employs multilayered extortion tactics that target operations and reputations. With 68% of breaches involving human error, CISOs and leaders must focus on cyber hygiene, advanced security tools and rapid response strategies. First seen on govinfosecurity.com…
Hacktivist Groups Emerge With Powerful Tools for Large-Scale Cyber Operations

Feb 28, 2025 6:34 PM

Tags: attack, cyber, government, group, service, tactics, tool, warfare

Hacktivism, once synonymous with symbolic website defacements and distributed denial-of-service (DDoS) attacks, has evolved into a sophisticated tool for cyber warfare and influence operations. Recent research highlights how state-sponsored actors are increasingly leveraging hacktivist tactics to conduct large-scale cyber campaigns, blurring the lines between grassroots activism and government-directed operations. These groups, often cloaked in anonymity…
New GitHub Scam Uses Fake “Mods” and “Cracks” to Steal User Data

Feb 28, 2025 9:34 AM

Tags: credentials, crypto, cyber, data, github, malicious, malware, scam, social-engineering, software, tactics

A sophisticated malware campaign leveraging GitHub repositories disguised as game modifications and cracked software has been uncovered, exposing a dangerous convergence of social engineering tactics and automated credential harvesting. Security researchers identified over 1,100 malicious repositories distributing variants of the Redox stealer, a Python-based malware designed to exfiltrate sensitive data including cryptocurrency wallet keys, browser cookies,…
Angry Likho APT Group Resurfaces with New Attacks and Advanced Malware Tactics

Feb 26, 2025 5:23 AM

Tags: apt, attack, group, kaspersky, malware, tactics, threat

Kaspersky Labs has uncovered new activity from Angry Likho, an advanced persistent threat (APT) group that has been First seen on securityonline.info Jump to article: securityonline.info/angry-likho-apt-group-resurfaces-with-new-attacks-and-advanced-malware-tactics/
Black Basta ransomware leak sheds light on targets, tactics

Feb 25, 2025 10:23 PM

Tags: cisco, citrix, cve, fortinet, leak, microsoft, network, ransomware, tactics

VulnCheck found the ransomware gang targeted CVEs in popular enterprise products from Microsoft, Citrix, Cisco, Fortinet, Palo Alto Networks, Confluence Atlassian and more. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366619641/Black-Basta-ransomware-leak-sheds-light-on-targets-tactics
Poseidon Stealer Targets Mac Users via Fake DeepSeek Website

Feb 25, 2025 12:23 PM

Tags: apple, attack, cyber, cybersecurity, infection, macOS, malware, social-engineering, tactics

Cybersecurity researchers uncovered a sophisticated malware campaign targeting macOS users through a fraudulent DeepSeek.ai interface. Dubbed >>Poseidon Stealer,
UAC-0212: Hackers Unleash Devastating Cyber Attack on Critical Infrastructure

Feb 25, 2025 5:22 AM

Tags: attack, automation, control, cyber, hacker, infrastructure, network, tactics, threat

In a recent escalation of cyber threats, hackers have launched a targeted campaign, identified as UAC-0212, aimed at compromising critical infrastructure facilities in Ukraine. This campaign, which began in the second half of 2024, involves sophisticated tactics to infiltrate the networks of developers and suppliers of automation and process control solutions. The attackers’ ultimate goal…
Black Basta Leaks Reveal Targeting, Planning, Escalation

Feb 24, 2025 10:23 PM

Tags: group, intelligence, leak, open-source, ransomware, tactics

Group Cross-Referenced Open-Source Victim Intelligence With Infostealer Hauls The leak of 200,000 internal chat messages for the Black Basta operation provides an overview of how a modern ransomware group organizes itself to take down victims in the most efficient, profit-maximizing manner possible, using a variety of tactics that should be, in theory, easy to repel.…
UAC-0212: Hackers Unleash Devastating Cyber Assault on Critical Infrastructure

Feb 24, 2025 7:22 PM

Tags: automation, control, cyber, hacker, infrastructure, network, tactics, threat

In a recent escalation of cyber threats, hackers have launched a targeted campaign, identified as UAC-0212, aimed at compromising critical infrastructure facilities in Ukraine. This campaign, which began in the second half of 2024, involves sophisticated tactics to infiltrate the networks of developers and suppliers of automation and process control solutions. The attackers’ ultimate goal…
New Zhong Stealer Malware Exploit Zendesk to Attack Fintech and Cryptocurrency

Feb 23, 2025 7:23 AM

Tags: attack, crypto, cyber, exploit, fintech, malware, phishing, social-engineering, tactics, threat

A newly identified malware, dubbed Zhong Stealer, has emerged as a significant threat to the fintech and cryptocurrency sectors. Any.run researchers discovered zhong malware during a phishing campaign between December 20 and 24, 2024, the malware exploits customer support platforms like Zendesk to infiltrate organizations. The attackers masquerade as customers, leveraging social engineering tactics to…
Bloody Wolf Cybercrime Group Evolves Tactics, Expands Targets

Feb 22, 2025 5:24 AM

Tags: cybercrime, group, intelligence, tactics, threat

The BI.ZONE Threat Intelligence team has released a new report detailing the evolution of the Bloody Wolf cybercrime First seen on securityonline.info Jump to article: securityonline.info/bloody-wolf-cybercrime-group-evolves-tactics-expands-targets/
Notorious crooks broke into a company network in 48 minutes. Here’s how.

Feb 21, 2025 8:23 PM

Tags: network, tactics

Report sheds new light on the tactics allowing attackers to move at breakneck speed. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/02/notorious-crooks-broke-into-a-company-network-in-48-minutes-heres-how/
Cisco Details ‘Salt Typhoon’ Network Hopping, Credential Theft Tactics

Feb 21, 2025 4:23 PM

Tags: china, cisco, credentials, hacker, network, tactics, theft

Cisco Talos observed Chinese hackers pivoting from a compromised device operated by one telecom to target a device in another telecom. The post Cisco Details ‘Salt Typhoon’ Network Hopping, Credential Theft Tactics appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cisco-details-salt-typhoon-network-hopping-credential-theft-tactics/
CL0P Ransomware Launches Large-Scale Attacks on Telecom and Healthcare Sectors

Feb 21, 2025 11:38 AM

Tags: attack, cyber, data, exploit, extortion, group, healthcare, ransomware, tactics, vulnerability, zero-day

The notorious CL0P ransomware group has intensified its operations in early 2025, targeting critical sectors such as telecommunications and healthcare. Known for its sophisticated tactics, the group has exploited zero-day vulnerabilities to infiltrate systems, steal sensitive data, and extort victims. This resurgence follows a relatively quieter 2024, during which CL0P listed only 27 victims compared…
Russia-linked APTs target Signal messenger

Feb 19, 2025 11:46 PM

Tags: apt, exploit, google, group, intelligence, russia, tactics, threat

Russia-linked threat actors exploit Signal ‘s >>linked devices
Russian cyberespionage groups target Signal users with fake group invites

Feb 19, 2025 7:46 PM

Tags: access, android, api, attack, communications, computer, cyber, cyberespionage, data, espionage, google, group, intelligence, linux, macOS, malicious, malware, military, mobile, password, phishing, phone, powershell, qr, russia, service, spyware, tactics, threat, ukraine, update, windows

QR codes provide a means of phishing Signal users: These features now work by scanning QR codes that contain the cryptographic information needed to exchange keys between different devices in a group or to authorize a new device to an account. The QR codes are actually representations of special links that the Signal application knows…
Next Wave of ‘Scam-Yourself’ Attacks Leverages AI-Generated Deepfake Videos

Feb 19, 2025 5:46 PM

Tags: ai, attack, cyber, cybercrime, cybersecurity, deep-fake, exploit, malicious, malware, scam, tactics

Cybersecurity experts have uncovered a new wave of >>Scam-Yourself
Malware-Infected Signal, Line, and Gmail Apps Alter System Defenses

Feb 19, 2025 5:46 PM

Tags: china, cyber, cybersecurity, defense, exploit, malicious, malware, tactics

A recent cybersecurity analysis has uncovered a campaign targeting Chinese-speaking users through malicious installers of popular applications such as Signal, Line, and Gmail. These backdoored executables exploit manipulated search engine results to lure unsuspecting users into downloading malware-laden files. The attackers employ deceptive tactics, including fake download pages hosted on unrelated domains, to distribute these…
How Hackers Manipulate Agentic AI with Prompt Engineering

Feb 19, 2025 4:46 PM

Tags: ai, hacker, tactics, threat

Organizations adopting the transformative nature of agentic AI are urged to take heed of prompt engineering tactics being practiced by threat actors. The post How Hackers Manipulate Agentic AI with Prompt Engineering appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/how-hackers-manipulate-agentic-ai-with-prompt-engineering/
Ukrainian Signal Users Fall to Russian Social Engineering

Feb 19, 2025 1:46 PM

Tags: attack, encryption, google, hacker, malicious, phishing, russia, service, social-engineering, tactics, ukraine

Google Expects Tactics to Spread; Global Targets and Other Services at Risk. Russian nation-state hackers are using phishing attacks to target Ukrainian users of the chat app Signal, say security researchers. Rather than circumventing Signal’s end-to-end encryption via a cryptographic attack, attackers use malicious prompting to prod victims into exposing messages. First seen on govinfosecurity.com…
GRIT’s 2025 Report: Ransomware Group Dynamics and Case Studies

Feb 18, 2025 3:46 PM

Tags: group, ransomware, tactics, threat

Ransomware threats continue evolving, with the most successful groups refining their tactics to maximize impact over the last year. Understanding… First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/grits-2025-report-ransomware-group-dynamics-and-case-studies/
Debunking the AI Hype: Inside Real Hacker Tactics

Feb 18, 2025 1:46 PM

Tags: ai, cyber, hacker, malware, tactics, threat

Is AI really reshaping the cyber threat landscape, or is the constant drumbeat of hype drowning out actual, more tangible, real-world dangers? According to Picus Labs’ Red Report 2025 which analyzed over one million malware samples, there’s been no significant surge, so far, in AI-driven attacks. Yes, adversaries are definitely continuing to innovate, and while…
XCSSET macOS malware reappears with new attack strategies, Microsoft sounds alarm

Feb 18, 2025 12:46 PM

Tags: access, advisory, apple, attack, browser, chrome, control, credentials, cybercrime, data, detection, endpoint, exploit, infection, macOS, malicious, malware, microsoft, risk, service, software, strategy, supply-chain, tactics, threat, update, vulnerability

Xcode developers targeted through infected projects: Microsoft reported that XCSSET continues to spread via compromised Xcode projects, a technique that has been in use since the malware’s discovery in 2020. Once an infected project is cloned or downloaded, the malware can embed itself within the developer’s system and further propagate when the infected code is…