All articles tagged with #credential harvesting
The Qilin ransomware group has been actively targeting organizations since 2022, using sophisticated hybrid attacks that combine Linux ransomware with BYOVD exploits, credential theft, and legitimate IT tools to bypass security measures and compromise both Windows and Linux systems, primarily affecting the manufacturing and professional services sectors.
The Russian GRU-backed APT28 group, also known as BlueDelta, has been targeting European networks, particularly in Ukraine, with the HeadLace malware and credential-harvesting web pages. The campaigns, running from April to December 2023, utilized spear-phishing emails and sophisticated multi-stage infection sequences. BlueDelta's operations aimed to gather intelligence on military-related entities, employing various techniques including geofencing, legitimate internet services, and compromised Ubiquiti routers. The group's activities reflect a broader strategy to influence military tactics and regional policies amidst ongoing aggression against Ukraine.