Tag: tactics

Russian Hackers Target Government with Stealthy “Livingthe-Land” Tactics

Oct 29, 2025 3:26 PM

Tags: cyber, detection, government, hacker, malware, russia, tactics, threat, tool, ukraine, windows

Russian-linked attackers have intensified their targeting of Ukrainian organizations through sophisticated intrusions that rely heavily on legitimate Windows tools rather than malware. The attackers demonstrated remarkable restraint in their malware deployment, instead leveraging living-off-the-land tactics and dual-use tools to evade detection while accomplishing their objectives. A recent investigation by our Threat Hunter Team revealed two…
Russian Hackers Target Government with Stealthy “Livingthe-Land” Tactics

Oct 29, 2025 3:26 PM

Tags: cyber, detection, government, hacker, malware, russia, tactics, threat, tool, ukraine, windows

Russian-linked attackers have intensified their targeting of Ukrainian organizations through sophisticated intrusions that rely heavily on legitimate Windows tools rather than malware. The attackers demonstrated remarkable restraint in their malware deployment, instead leveraging living-off-the-land tactics and dual-use tools to evade detection while accomplishing their objectives. A recent investigation by our Threat Hunter Team revealed two…
Russian Hackers Target Ukrainian Organizations Using Stealthy Livingthe-Land Tactics

Oct 29, 2025 2:26 PM

Tags: access, attack, business, country, data, government, hacker, russia, service, tactics, threat, ukraine

Organizations in Ukraine have been targeted by threat actors of Russian origin with an aim to siphon sensitive data and maintain persistent access to compromised networks.The activity, according to a new report from the Symantec and Carbon Black Threat Hunter Team, targeted a large business services organization for two months and a local government entity…
Russian Hackers Target Ukrainian Organizations Using Stealthy Livingthe-Land Tactics

Oct 29, 2025 2:26 PM

Tags: access, attack, business, country, data, government, hacker, russia, service, tactics, threat, ukraine

Organizations in Ukraine have been targeted by threat actors of Russian origin with an aim to siphon sensitive data and maintain persistent access to compromised networks.The activity, according to a new report from the Symantec and Carbon Black Threat Hunter Team, targeted a large business services organization for two months and a local government entity…
Cybercriminals Launch Flood of Fake Forex Platforms to Harvest Logins

Oct 29, 2025 2:26 PM

Tags: crime, crypto, cyber, cybercrime, finance, group, login, organized, scam, social-engineering, tactics, threat

Fraudulent investment platforms impersonating legitimate cryptocurrency and forex exchanges have emerged as the primary financial threat across Asia, with organized crime groups operating at unprecedented scale. These sophisticated scams leverage social engineering tactics to deceive victims into transferring funds to attacker-controlled systems, blurring the lines between legitimate trading and criminal enterprise. The threat extends far…
Discover Practical AI Tactics for GRC, Join the Free Expert Webinar

Oct 29, 2025 12:26 PM

Tags: ai, compliance, governance, grc, intelligence, risk, tactics

Artificial Intelligence (AI) is rapidly transforming Governance, Risk, and Compliance (GRC). It’s no longer a future concept”, it’s here, and it’s already reshaping how teams operate.AI’s capabilities are profound: it’s speeding up audits, flagging critical risks faster, and drastically cutting down on time-consuming manual work. This leads to greater efficiency, higher accuracy, and a more…
Is your perimeter having an identity crisis?

Oct 29, 2025 10:31 AM

Tags: access, ai, attack, authentication, breach, business, cloud, communications, credentials, data, data-breach, defense, detection, email, endpoint, identity, infrastructure, intelligence, malicious, mfa, mobile, network, phishing, phone, RedTeam, resilience, smishing, social-engineering, strategy, tactics, threat

Craft phishing, smishing and vishing. Creating hyper-personalized emails that can be grammatically perfect, contextually aware and emotionally resonant. These messages no longer demonstrate the telltale signs of traditional phishing like broken English or generic greetings.Synthesize trust. Using voice-cloning AI to leave a quick, urgent voicemail from a trusted executive, bypassing the skepticism you’ve trained into…
10 NPM Packages That Automatically Run on Install and Steal Credentials

Oct 29, 2025 10:31 AM

Tags: attack, authentication, credentials, cyber, data, linux, macOS, malicious, malware, social-engineering, supply-chain, tactics, theft, threat, windows

A sophisticated supply chain attack involving ten malicious npm packages that execute automatically upon installation and deploy a comprehensive credential theft operation. The malware uses advanced obfuscation techniques, social engineering tactics, and cross-platform functionality to harvest sensitive authentication data from developers’ systems across Windows, Linux, and macOS environments. Socket’s Threat Research Team has uncovered a…
Beast Ransomware Targets Active SMB Connections to Infect Entire Networks

Oct 29, 2025 9:26 AM

Tags: cyber, cybersecurity, group, network, ransomware, tactics, threat

A sophisticated ransomware operation known as Beast has emerged as a significant cybersecurity threat, employing aggressive network propagation tactics that leverage Server Message Block (SMB) port scanning to infiltrate and encrypt systems across enterprise environments. The threat group, which evolved from the Monster ransomware strain, has been actively targeting organizations worldwide since its official launch…
YouTube Ghost Network Utilizes Spooky Tactics to Target Users

Oct 28, 2025 10:26 PM

Tags: malware, network, tactics

The malware operation uses compromised accounts and bot networks to distribute infostealers and has tripled its output in 2025. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/youtube-ghost-network-target-users
Ransomware Hackers Look for New Tactics Amid Falling Profits

Oct 28, 2025 9:26 PM

Tags: attack, cybersecurity, defense, email, extortion, group, hacker, incident response, ransomware, service, social-engineering, strategy, supply-chain, tactics

Digital Extortionists Try Recruiting Insiders, Email Barrages. Collective efforts to bolster cybersecurity defenses have been taking a big bite out of ransomware groups’ earnings, leading groups to reach for new strategies, including social engineering, supply chain attacks, extortion services and bribing insiders, warn incident response experts. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ransomware-hackers-look-for-new-tactics-amid-falling-profits-a-29867
RedTiger Malware Steals Data, Discord Tokens and Even Webcam Images

Oct 28, 2025 3:26 PM

Tags: authentication, data, malware, password, tactics

A new Python-based infostealer called RedTiger is targeting Discord gamers to steal authentication tokens, passwords, and payment information. Learn how the malware works, its evasion tactics, and essential security steps like enabling MFA. First seen on hackread.com Jump to article: hackread.com/redtiger-malware-discord-tokens-webcam-images/
BlueNoroff Shifts Tactics: Targets C-Suite and Managers with New Infiltration Methods

Oct 28, 2025 10:26 AM

Tags: attack, blockchain, cyber, finance, group, north-korea, strategy, tactics, threat

The North Korean-linked threat group BlueNoroff, also known by aliases including Sapphire Sleet, APT38, and Alluring Pisces, continues to evolve its attack tactics while maintaining its primary focus on financial gain. The group has shifted its strategy to employ sophisticated new infiltration methods targeting high-value victims including C-level executives, managers, and blockchain developers within the…
Qilin Ransomware Group Publishes Over 40 Cases Monthly

Oct 27, 2025 6:26 PM

Tags: data, extortion, group, leak, ransomware, tactics

Qilin ransomware activity has surged in late 2025, threatening data leaks via double extortion tactics First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/qilin-ransomware-40-cases-monthly/
Insider Threats Loom while Ransom Payment Rates Plummet

Oct 25, 2025 6:26 AM

Tags: ransom, tactics, threat

The percentage of companies choosing to pay ransoms dropped significantly, while threat actors shift their tactics in response to decreasing profits. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/insider-threats-loom-while-ransom-payment-rates-plummet/
Keeping Up with Cloud Security: Updates to Our AWS Assessments

Oct 24, 2025 1:26 AM

Tags: attack, cloud, tactics, threat, update

AttackIQ has enhanced and expanded two AWS security assessments, by introducing nine new scenarios that emulate real-world techniques and tactics that could be used by threat actors to compromise AWS cloud environments. These updates are designed to provide a more comprehensive evaluation of your AWS cloud security posture by covering a broader range of attack…
Smarter Threats Need Smarter Defenses: AI, APIs, and the Reality for Critical Infrastructure Security

Oct 23, 2025 2:26 PM

Tags: access, ai, api, application-security, attack, authentication, awareness, breach, business, cloud, compliance, container, control, cyber, cybersecurity, data, defense, detection, encryption, endpoint, exploit, finance, firewall, flaw, framework, identity, infrastructure, intelligence, malicious, risk, saas, service, software, strategy, tactics, technology, threat, tool, update, vulnerability, waf

Smarter Threats Need Smarter Defenses: AI, APIs, and the Reality for Critical Infrastructure Security madhav Thu, 10/23/2025 – 05:36 Critical infrastructure (CI) organizations are, as the name suggests, some of the most important in the global economy. They’re also some of the most technologically complex and, crucially, vulnerable. Their security must reflect that. Data Security…
Smarter Threats Need Smarter Defenses: AI, APIs, and the Reality for Critical Infrastructure Security

Oct 23, 2025 2:26 PM

Tags: access, ai, api, application-security, attack, authentication, awareness, breach, business, cloud, compliance, container, control, cyber, cybersecurity, data, defense, detection, encryption, endpoint, exploit, finance, firewall, flaw, framework, identity, infrastructure, intelligence, malicious, risk, saas, service, software, strategy, tactics, technology, threat, tool, update, vulnerability, waf

Smarter Threats Need Smarter Defenses: AI, APIs, and the Reality for Critical Infrastructure Security madhav Thu, 10/23/2025 – 05:36 Critical infrastructure (CI) organizations are, as the name suggests, some of the most important in the global economy. They’re also some of the most technologically complex and, crucially, vulnerable. Their security must reflect that. Data Security…
IR Trends Q3 2025: ToolShell attacks dominate, highlighting criticality of segmentation and rapid response

Oct 23, 2025 12:26 PM

Tags: access, attack, cisco, exploit, incident response, phishing, ransomware, tactics

Cisco Talos Incident Response observed a surge in attacks exploiting public-facing applications, mainly via ToolShell targeting SharePoint, for initial access, with post-exploitation phishing and evolving ransomware tactics also persisting this quarter. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/ir-trends-q3-2025/
IR Trends Q3 2025: ToolShell attacks dominate, highlighting criticality of segmentation and rapid response

Oct 23, 2025 12:26 PM

Tags: access, attack, cisco, exploit, incident response, phishing, ransomware, tactics

Cisco Talos Incident Response observed a surge in attacks exploiting public-facing applications, mainly via ToolShell targeting SharePoint, for initial access, with post-exploitation phishing and evolving ransomware tactics also persisting this quarter. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/ir-trends-q3-2025/
SideWinder Leverages ClickOnce Installer to Deliver StealerBot Malware

Oct 23, 2025 10:26 AM

Tags: attack, cyber, espionage, group, malware, phishing, tactics, technology, threat

The notorious SideWinder advanced persistent threat (APT) group has evolved its cyber espionage tactics with a sophisticated new attack method, combining PDF lures with ClickOnce technology to deploy StealerBot malware against diplomatic targets across South Asia. SideWinder orchestrated a carefully planned phishing operation throughout 2025, deploying customized lures designed for specific diplomatic institutions. The campaign’s…
SideWinder Leverages ClickOnce Installer to Deliver StealerBot Malware

Oct 23, 2025 10:26 AM

Tags: attack, cyber, espionage, group, malware, phishing, tactics, technology, threat

The notorious SideWinder advanced persistent threat (APT) group has evolved its cyber espionage tactics with a sophisticated new attack method, combining PDF lures with ClickOnce technology to deploy StealerBot malware against diplomatic targets across South Asia. SideWinder orchestrated a carefully planned phishing operation throughout 2025, deploying customized lures designed for specific diplomatic institutions. The campaign’s…
New Malware Toolkit from MuddyWater Delivers Phoenix Backdoor to Global Targets

Oct 23, 2025 9:26 AM

Tags: backdoor, cyber, exploit, group, intelligence, international, iran, malware, phishing, tactics, threat

Group-IB Threat Intelligence has uncovered a sophisticated phishing campaign orchestrated by the Iran-linked Advanced Persistent Threat group MuddyWater, targeting international organizations worldwide to gather foreign intelligence. The campaign demonstrates the threat actor’s evolving tactics and enhanced operational maturity in exploiting trusted communication channels to infiltrate high-value targets. MuddyWater launched the operation by accessing a compromised…
Click, Call, Compromise: Hackers Continue to Evolve Tactics

Oct 23, 2025 1:26 AM

Tags: attack, breach, credentials, data, email, hacker, identity, microsoft, password, tactics

Microsoft Says Hackers Pivoting to Identity Compromise. Hackers are as likely to log in as break in, warns Microsoft in an annual assessment of cyberthreats. During the first half of 2025, identity-based attacks rose by 32% due to credentials stolen by infostealers or password and email combinations plucked from bulk data breaches. First seen on…
Smart Tactics for Effective Secrets Rotation

Oct 23, 2025 12:36 AM

Tags: cloud, tactics

Are Your Secrets Safe? A Closer Look at Non-Human Identities and Secrets Security Management The management of Non-Human Identities (NHIs) is emerging as a pivotal component. With organizations increasingly moving operations to the cloud, the secure management of machine identities has taken on heightened significance. But what exactly are NHIs, and why do they matter?……
Threat Actors Advancing Email Phishing Attacks to Bypass Security Filters

Oct 22, 2025 4:26 PM

Tags: api, attack, cyber, cybercrime, email, password, phishing, qr, tactics, threat

Cybercriminals continue to evolve their email phishing arsenals, reviving legacy tactics while layering on advanced evasions to slip past automated filters and human scrutiny. In 2025, attackers are noted tried-and-true approaches”, like password-protected attachments and calendar invites”, with new twists such as QR codes, multi-stage verification chains, and live API integrations. These refinements not only…
Phishing Scams Weaponize Common Apps to Fool Users

Oct 22, 2025 2:26 PM

Tags: ai, attack, defense, fraud, identity, phishing, scam, tactics, theft

From fake PDFs to AI voice scams, phishing attacks are evolving fast. Learn key tactics and defenses to protect against fraud, identity theft, and account loss. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/phishing-scams-weaponize-common-apps-to-fool-users/
‘I am not a robot’: Russian hackers use fake CAPTCHA lures to deploy espionage tools

Oct 22, 2025 2:26 PM

Tags: access, attack, authentication, awareness, captcha, ceo, communications, control, credentials, cyber, cybersecurity, data, defense, detection, edr, email, endpoint, espionage, exploit, group, hacker, incident response, least-privilege, login, malicious, malware, mfa, monitoring, network, phishing, powershell, russia, strategy, tactics, theft, threat, tool, training, update, vulnerability, vulnerability-management, zero-trust

Evolving tactics and strategies: Analysts said ColdRiver, which for years focused on credential theft and email account compromise, is shifting toward multi-stage intrusions that rely on users to execute malicious code.By using ClickFix pages that mimic CAPTCHA verification screens, the group can bypass email security filters and deliver malware directly to victims’ devices, increasing the…
Bitter APT Exploits WinRAR Zero-Day Through Malicious Word Files to Steal Sensitive Data

Oct 22, 2025 12:26 PM

Tags: apt, attack, backdoor, cyber, data, exploit, group, intelligence, malicious, office, tactics, threat, vulnerability, zero-day

In a newly uncovered campaign, the threat group known as Bitter”, also tracked as APT-Q-37″, has leveraged both malicious Office macros and a previously undocumented WinRAR path traversal vulnerability to deliver a C# backdoor and siphon sensitive information. Researchers at Qi’anxin Threat Intelligence Center warn that this dual-pronged attack illustrates the group’s evolving tactics and…
Scattered Lapsus$ Hunters Signal Shift in Tactics

Oct 22, 2025 11:26 AM

Tags: extortion, network, service, tactics

Scattered Lapsus$ Hunters may be preparing to launch an extortion-as-a-service model, according to Palo Alto Networks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/scattered-lapsus-hunters-shift/