Gmail phishing delivered by APT28
APT28 (Fancy Bear) Gmail phishing operation: lookalike domains, OAuth abuse, credential harvesting and target profiles consistent with Russian GRU TTPs.
Blog · research & analysis
APT28 (Fancy Bear) Gmail phishing operation: lookalike domains, OAuth abuse, credential harvesting and target profiles consistent with Russian GRU TTPs.
Cybercriminal abuse of Windows 10 features for callback-based malware delivery: phone-based social engineering, lure templates and detection considerations.
HTML Smuggling: payload assembly client-side from JavaScript-encoded blobs, perimeter-bypass mechanics and detection considerations for email and web gateways.
Extortion-only intrusions skipping the encryption stage: rapid data theft, leak-site coercion, response time pressure and detection priorities for security teams.
TrickBot operations update: infrastructure rebuilds, module evolution, partnership with ransomware affiliates and detection signals across recent campaigns.
Conti ransomware operations: initial access patterns, Cobalt Strike pivoting, domain-controller compromise, exfiltration tooling and double-extortion mechanics.
FIN12 financially-motivated actor targeting healthcare: short dwell time, ransomware deployment patterns and operational priorities for hospital security teams.
Jupyter (SolarMarker) malware new variant: PowerShell-driven loader, infostealer modules, persistence techniques and IOC indicators.
Backdoor discovered inside the REvil ransomware affiliate build: developer access to victim payments, affiliate-trust implications and underground reactions.