TTPs – WindowsTechs.com

Head Mare and Twelve join forces to attack Russian entities

Posted on March 13, 2025 by Kaspersky

We analyze the activities of the Head Mare hacktivist group, which has been attacking Russian companies jointly with Twelve. Continue reading Head Mare and Twelve join forces to attack Russian entities→

From 12 to 21: how we discovered connections between the Twelve and BlackJack groups

Posted on September 25, 2024 by Kaspersky

An investigation of BlackJack’s software, TTPs, and motivations led Kaspersky experts to identify a possible connection with the Twelve group. Continue reading From 12 to 21: how we discovered connections between the Twelve and BlackJack groups→

-=TWELVE=- is back

Posted on September 20, 2024 by Kaspersky

Analysis of Twelve’s activities using the Unified Kill Chain method: from initial access to deployment of LockBit- and Chaos-based ransomware and wipers. Continue reading -=TWELVE=- is back→

Head Mare: adventures of a unicorn in Russia and Belarus

Posted on September 2, 2024 by Kaspersky

Analysis of the hacktivist group Head Mare targeting companies in Russia and Belarus: exploitation of WinRAR vulnerability, custom tools PhantomDL and PhantomCore. Continue reading Head Mare: adventures of a unicorn in Russia and Belarus→

BlindEagle flying high in Latin America

Posted on August 19, 2024 by GReAT

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries. Continue reading BlindEagle flying high in Latin America→

Trusted relationship attacks: trust, but verify

Posted on May 28, 2024 by Dmitry Kachan, Alina Sukhanova

We analyze the tactics and techniques of attackers targeting organizations through trusted relationships – that is, through contractors and external IT service providers. Continue reading Trusted relationship attacks: trust, but verify→

Modern Asian APT groups’ tactics, techniques and procedures (TTPs)

Posted on November 9, 2023 by

Asian APT groups target various organizations from a multitude of regions and industries. We created this report to provide the cybersecurity community with the best-prepared intelligence data to effectively counteract Asian APT groups. Continue reading Modern Asian APT groups’ tactics, techniques and procedures (TTPs)→

ToddyCat: Keep calm and check logs

Posted on October 12, 2023 by Giampaolo Dedola, Domenico Caldarella, Alexander Fedotov, Andrey Gunkin

In this article, we’ll describe ToddyCat new toolset, the malware used to steal and exfiltrate data, and the techniques used by this group to move laterally and conduct espionage operations. Continue reading ToddyCat: Keep calm and check logs→

Common TTPs of attacks against industrial organizations

Posted on August 10, 2023 by Kirill Kruglov, Vyacheslav Kopeytsev, Artem Snegirev

In 2022 we investigated a series of attacks against industrial organizations in Eastern Europe. In the campaigns, the attackers aimed to establish a permanent channel for data exfiltration, including data stored on air-gapped systems. Continue reading Common TTPs of attacks against industrial organizations→

Feds warn about right Royal ransomware rampage that runs the gamut of TTPs

Posted on March 3, 2023 by Paul Ducklin

Wondering which cybercrime tools, techniques and procedures to focus on? How about any and all of them? Continue reading Feds warn about right Royal ransomware rampage that runs the gamut of TTPs→