Tag: tactics

Formbook Malware Campaign Uses Malicious ZIP Files and Layered Scripting Techniques

Nov 14, 2025 1:49 PM

Tags: cyber, infection, malicious, malware, reverse-engineering, sans, tactics

A new campaign leveraging Formbook malware has emerged, showcasing sophisticated multi-stage infection tactics that underscore the importance of analyzing more than just executable files during malware investigations. When teaching malware reverse-engineering in courses like SANS FOR610, it’s critical to addressed that reverse engineering applies to every component in the infection chain, not just PE or…
The 2025 GigaOm Anti-Phishing Radar: Key Takeaways for Navigating the Evolving Email Threat Landscape

Nov 13, 2025 8:50 PM

Tags: cyberattack, defense, email, phishing, tactics, threat, tool
SmartApeSG Uses ClickFix to Deploy NetSupport RAT

Nov 13, 2025 3:49 PM

Tags: access, attack, captcha, cyber, infection, malicious, rat, tactics

The SmartApeSG campaign, also known as ZPHP and HANEYMANEY, continues to evolve its infection tactics, pivoting to ClickFix-style attack vectors. Security researchers have documented the campaign’s latest methodology, which uses deceptive fake CAPTCHA pages to trick users into executing malicious commands that ultimately deploy NetSupport RAT a Remote Access Trojan capable of giving attackers complete…
Zero-day exploits hit Cisco ISE and Citrix systems in an advanced campaign

Nov 13, 2025 1:49 PM

Tags: access, attack, authentication, cisco, citrix, credentials, defense, encryption, endpoint, exploit, identity, infrastructure, monitoring, network, risk, service, tactics, threat, update, zero-day

patch-gap exploitation technique is a hallmark of sophisticated threat actors who closely monitor security updates and quickly weaponize vulnerabilities.”Amazon did not immediately respond to CSO’s queries on why it’s sharing information about the zero-day exploits months after.After gaining access, the actor deployed a tailor-made web shell disguised as the “IdentityAuditAction” component of Cisco ISE. It…
Ferocious Kitten APT Uses MarkiRAT for Keystroke and Clipboard Surveillance

Nov 11, 2025 1:20 PM

Tags: apt, credentials, cyber, espionage, group, tactics, theft, threat

Ferocious Kitten, a covert cyber-espionage group active since at least 2015, has emerged as a persistent threat to Persian-speaking dissidents and activists within Iran. The group, known for its careful targeting and evolving tactics, deploys its custom implant >>MarkiRAT
Ferocious Kitten APT Uses MarkiRAT for Keystroke and Clipboard Surveillance

Nov 11, 2025 1:20 PM

Tags: apt, credentials, cyber, espionage, group, tactics, theft, threat

Ferocious Kitten, a covert cyber-espionage group active since at least 2015, has emerged as a persistent threat to Persian-speaking dissidents and activists within Iran. The group, known for its careful targeting and evolving tactics, deploys its custom implant >>MarkiRAT
China-Aligned UTA0388 Uses AI Tools in Global Phishing Campaigns

Nov 10, 2025 5:20 PM

Tags: ai, china, LLM, phishing, spear-phishing, tactics, tool

Volexity has linked spear phishing operations to China-aligned UTA0388 in new campaigns using advanced tactics and LLMs First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/china-aligned-uta0388-ai-tools/
Saturday Security: Three Breaches, Three Lessons and How Attackers Keep Adapting

Nov 8, 2025 8:19 PM

Tags: backup, breach, cloud, data, data-breach, espionage, service, social-engineering, tactics, theft

This week, three very different data breaches proved one thing: no sector is safe. From nation-state espionage to data theft to social engineering, the tactics vary, but the results are the same: exposed data, shaken trust, and hard lessons. Here’s what happened: ðŸ, ’ SonicWall, A nation-state actor breached its cloud backup service, stealing… First…
Cybersecurity Snapshot: AI Will Take Center Stage in Cyber in 2026, Google Says, as MITRE Revamps ATTCK Framework

Nov 7, 2025 8:20 PM

Tags: access, ai, android, antivirus, api, apple, attack, authentication, business, cio, cisa, ciso, cloud, communications, container, control, credentials, cryptography, cve, cyber, cybercrime, cybersecurity, data, defense, detection, docker, endpoint, exploit, firewall, flaw, framework, google, governance, group, guide, hacker, identity, infrastructure, injection, Internet, kubernetes, leak, least-privilege, linux, malicious, malware, mfa, microsoft, mitigation, mitre, mobile, network, offense, oracle, programming, resilience, risk, risk-management, service, skills, soc, social-engineering, software, sophos, spam, strategy, supply-chain, switch, tactics, technology, threat, tool, unauthorized, update, vulnerability, windows, zero-day

Learn why Google expects AI to transform cyber defense and offense next year, and explore MITRE’s major update to the ATT&CK knowledge base. We also cover a new McKinsey playbook for agentic AI security, along with the latest on Microsoft Exchange protection and the CIS Benchmarks. Key takeaways Google is forecasting that AI will kick…
Cybersecurity Snapshot: AI Will Take Center Stage in Cyber in 2026, Google Says, as MITRE Revamps ATTCK Framework

Nov 7, 2025 8:20 PM

Tags: access, ai, android, antivirus, api, apple, attack, authentication, business, cio, cisa, ciso, cloud, communications, container, control, credentials, cryptography, cve, cyber, cybercrime, cybersecurity, data, defense, detection, docker, endpoint, exploit, firewall, flaw, framework, google, governance, group, guide, hacker, identity, infrastructure, injection, Internet, kubernetes, leak, least-privilege, linux, malicious, malware, mfa, microsoft, mitigation, mitre, mobile, network, offense, oracle, programming, resilience, risk, risk-management, service, skills, soc, social-engineering, software, sophos, spam, strategy, supply-chain, switch, tactics, technology, threat, tool, unauthorized, update, vulnerability, windows, zero-day

Learn why Google expects AI to transform cyber defense and offense next year, and explore MITRE’s major update to the ATT&CK knowledge base. We also cover a new McKinsey playbook for agentic AI security, along with the latest on Microsoft Exchange protection and the CIS Benchmarks. Key takeaways Google is forecasting that AI will kick…
Business continuity and cybersecurity: Two sides of the same coin

Nov 7, 2025 2:20 PM

Tags: access, ai, attack, backup, breach, business, cloud, control, corporate, credentials, cyber, cybercrime, cybersecurity, data, data-breach, detection, email, finance, framework, google, incident response, infrastructure, intelligence, Internet, network, nist, ransomware, RedTeam, resilience, risk, sans, service, strategy, tactics, threat, tool, training, veeam, vulnerability, zero-trust

Why traditional business continuity plans fail against modern threats: I’ve implemented change management processes in environments requiring 99.99% uptime and I can tell you that most business continuity plans were designed for a different era. They assume that your backup systems, communication channels and recovery procedures will be available when you need them. Today’s threat…
Business continuity and cybersecurity: Two sides of the same coin

Nov 7, 2025 2:20 PM

Tags: access, ai, attack, backup, breach, business, cloud, control, corporate, credentials, cyber, cybercrime, cybersecurity, data, data-breach, detection, email, finance, framework, google, incident response, infrastructure, intelligence, Internet, network, nist, ransomware, RedTeam, resilience, risk, sans, service, strategy, tactics, threat, tool, training, veeam, vulnerability, zero-trust

Why traditional business continuity plans fail against modern threats: I’ve implemented change management processes in environments requiring 99.99% uptime and I can tell you that most business continuity plans were designed for a different era. They assume that your backup systems, communication channels and recovery procedures will be available when you need them. Today’s threat…
ClickFix Attack Evolves: Weaponized Videos Trigger Self-Infection Tactics

Nov 7, 2025 2:20 PM

Tags: attack, awareness, cyber, defense, infection, malicious, phishing, social-engineering, tactics, threat, tool

ClickFix attacks have surged dramatically over the past year, cementing their position as pivotal tools in the modern attacker’s arsenal. These sophisticated social engineering campaigns coerce users into executing malicious code on their own devices, bypassing traditional awareness defenses that focus on preventing suspicious clicks, dodgy downloads, and phishing websites. During a recent threat briefing…
ClickFix Attack Evolves: Weaponized Videos Trigger Self-Infection Tactics

Nov 7, 2025 2:20 PM

Tags: attack, awareness, cyber, defense, infection, malicious, phishing, social-engineering, tactics, threat, tool

ClickFix attacks have surged dramatically over the past year, cementing their position as pivotal tools in the modern attacker’s arsenal. These sophisticated social engineering campaigns coerce users into executing malicious code on their own devices, bypassing traditional awareness defenses that focus on preventing suspicious clicks, dodgy downloads, and phishing websites. During a recent threat briefing…
ClickFix Attack Evolves: Weaponized Videos Trigger Self-Infection Tactics

Nov 7, 2025 2:20 PM

Tags: attack, awareness, cyber, defense, infection, malicious, phishing, social-engineering, tactics, threat, tool

ClickFix attacks have surged dramatically over the past year, cementing their position as pivotal tools in the modern attacker’s arsenal. These sophisticated social engineering campaigns coerce users into executing malicious code on their own devices, bypassing traditional awareness defenses that focus on preventing suspicious clicks, dodgy downloads, and phishing websites. During a recent threat briefing…
New Android Malware ‘Fantasy Hub’ Spies on Users’ Calls, Contacts, and Messages

Nov 7, 2025 1:19 PM

Tags: access, android, cyber, malware, mobile, russia, service, social-engineering, spyware, tactics, threat

Russian-based threat actors are actively distributing a sophisticated Android Remote Access Trojan called >>Fantasy Hub
New Android Malware ‘Fantasy Hub’ Spies on Users’ Calls, Contacts, and Messages

Nov 7, 2025 1:19 PM

Tags: access, android, cyber, malware, mobile, russia, service, social-engineering, spyware, tactics, threat

Russian-based threat actors are actively distributing a sophisticated Android Remote Access Trojan called >>Fantasy Hub
Ransom Tales: Volume V, Throwback Edition! Emulating REvil, DarkSide, and BlackMatter Ransomware

Nov 6, 2025 11:19 PM

Tags: attack, control, ransom, ransomware, resilience, tactics

AttackIQ presents the fifth volume of Ransom Tales, an initiative focused on emulating the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ revisits historical ransomware operations with…
Critical Bug in Midnight Ransomware Tool Unlocks File Recovery

Nov 6, 2025 3:19 PM

Tags: cyber, ransomware, tactics, threat, tool

In the ever-evolving landscape of cyber threats, a new ransomware strain, Midnight, has emerged, echoing the notorious tactics of its predecessor, Babuk. First detected by Gen researchers, Midnight blends familiar ransomware mechanics with novel cryptographic modifications”, some of which unintentionally open the door to file recovery. This represents a rare opportunity for victims to reclaim…
Iranian Hackers Exploit RMM Tools to Target Academics and Foreign-Policy Experts

Nov 6, 2025 3:19 PM

Tags: credentials, cyber, exploit, group, hacker, iran, phishing, social-engineering, tactics, threat, tool

Proofpoint Threat Research has identified a previously unknown Iranian threat actor, dubbed UNK_SmudgedSerpent, that conducted sophisticated phishing campaigns against academics and foreign policy experts between June and August 2025. The group employed credential harvesting techniques, sophisticated social engineering, and remote management tools to infiltrate targets, revealing a complex web of overlapping tactics reminiscent of established…
Critical Bug in Midnight Ransomware Tool Unlocks File Recovery

Nov 6, 2025 3:19 PM

Tags: cyber, ransomware, tactics, threat, tool

In the ever-evolving landscape of cyber threats, a new ransomware strain, Midnight, has emerged, echoing the notorious tactics of its predecessor, Babuk. First detected by Gen researchers, Midnight blends familiar ransomware mechanics with novel cryptographic modifications”, some of which unintentionally open the door to file recovery. This represents a rare opportunity for victims to reclaim…
Iranian Hackers Exploit RMM Tools to Target Academics and Foreign-Policy Experts

Nov 6, 2025 3:19 PM

Tags: credentials, cyber, exploit, group, hacker, iran, phishing, social-engineering, tactics, threat, tool

Proofpoint Threat Research has identified a previously unknown Iranian threat actor, dubbed UNK_SmudgedSerpent, that conducted sophisticated phishing campaigns against academics and foreign policy experts between June and August 2025. The group employed credential harvesting techniques, sophisticated social engineering, and remote management tools to infiltrate targets, revealing a complex web of overlapping tactics reminiscent of established…
Hackers Exploit AI Tools to Intensify Ransomware Attacks on European Organizations

Nov 5, 2025 11:19 AM

Tags: ai, attack, breach, crowdstrike, cyber, cybercrime, defense, exploit, hacker, intelligence, leak, ransomware, social-engineering, tactics, threat, tool

European organizations are facing an unprecedented surge in ransomware attacks as cybercriminals increasingly adopt artificial intelligence and sophisticated social engineering tactics to breach defenses and accelerate their operations. According to the latest CrowdStrike 2025 European Threat Landscape Report, big game hunting ransomware adversaries have named approximately 2,100 European-based victims on more than 100 dedicated leak…
Hackers Exploit AI Tools to Intensify Ransomware Attacks on European Organizations

Nov 5, 2025 11:19 AM

Tags: ai, attack, breach, crowdstrike, cyber, cybercrime, defense, exploit, hacker, intelligence, leak, ransomware, social-engineering, tactics, threat, tool

European organizations are facing an unprecedented surge in ransomware attacks as cybercriminals increasingly adopt artificial intelligence and sophisticated social engineering tactics to breach defenses and accelerate their operations. According to the latest CrowdStrike 2025 European Threat Landscape Report, big game hunting ransomware adversaries have named approximately 2,100 European-based victims on more than 100 dedicated leak…
Anatomy of Tycoon 2FA Phishing: Tactics Targeting M365 and Gmail

Nov 4, 2025 12:19 PM

Tags: 2fa, authentication, cyber, malware, mfa, phishing, service, strategy, tactics, threat

The Tycoon 2FA phishing kit represents one of the most sophisticated threats targeting enterprise environments today. This Phishing-as-a-Service (PhaaS) platform, which emerged in August 2023, has become a formidable adversary against organizational security, employing advanced evasion techniques and adversary-in-the-middle (AiTM) strategies to bypass multi-factor authentication protections. According to the Any.run malware trends tracker, Tycoon 2FA…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
SesameOp: Using the OpenAI Assistants API for Covert C2 Communication

Nov 4, 2025 8:19 AM

Tags: api, backdoor, cloud, control, cyber, data-breach, detection, exploit, malicious, malware, microsoft, openai, service, tactics, threat

Microsoft’s Detection and Response Team has exposed a sophisticated backdoor malware that exploits the OpenAI Assistants API as an unconventional command-and-control communication channel. Named SesameOp, this threat demonstrates how adversaries are rapidly adapting to leverage legitimate cloud services for malicious purposes, making detection significantly more challenging for security teams. The discovery highlights the evolving tactics…
OAuth Device Code Phishing: Azure vs. Google Compared

Nov 3, 2025 5:20 PM

Tags: attack, google, identity, phishing, tactics

Device code phishing abuses the OAuth device flow, and Google and Azure produce strikingly different attack surfaces. Register for Huntress Labs’ Live Hack to learn about attack techniques, defensive tactics, and get an Identity Security Assessment. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/oauth-device-code-phishing-azure-vs-google-compared/