Skip to main content
Threat Radar animated logo
DashboardThreatsMapFeedsPricingView Plans & Pricing
reconnecting
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.

Threats Tagged 't1020'

View all threats tagged with 't1020'. Filter and sort to focus on specific types of threats.

Pro Console Lifetime

Stop chasing alerts. Route them.

Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.

Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)

View Plans & Pricing

API access activates after upgrading in Console -> Billing.

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

Filter Threats

Narrow down the results by type, severity, or affected countries

Search threats by title, CVE ID, or description. Maximum 100 characters.
Active filters (1):Tag: t1020

Threats Tagged 't1020'

Click on any threat for detailed analysis and mitigation recommendations

Detecting the Klue supply chain attack in Salesforce instances
0

On June 11, 2026, the Icarus threat group compromised Klue's backend systems, a market intelligence platform used by hundreds of enterprises to sync competitive battlecard data with CRM environments. The attackers exploited a dormant credential from an abandoned prototype integration to harvest OAuth tokens for Salesforce and Gong. Through automated API calls using Python scripts, the group exfiltrated CRM data including business contacts, price quotes, and sales communications from multiple customer Salesforce organizations. Klue detected the anomalous activity on June 12 and revoked OAuth credentials on June 13. The attackers subsequently launched an extortion campaign starting June 16, demanding victims contact them via Session Messenger within 48 hours.

MediumCampaign#klue compromise#extortion campaign#crm data theft
Join the discussion
Affidavit in Support of Application for Criminal Complaint
0

An FBI investigation identified Denis Nikolayevich Obrezko, a Russian national, as facilitating cyber intrusions conducted by the Russia-aligned threat group Void Blizzard. Between June and July 2024, multiple U.S. companies across various sectors were targeted in a large-scale cyber espionage campaign involving mass email harvesting and unauthorized access. The threat actors utilized stolen session tokens, proxy services, and VPNs to authenticate to victim Office 365 environments and exfiltrate data. Obrezko allegedly obtained critical infrastructure including a virtual private server and domain registration used in these attacks. FBI investigation linked Obrezko through cryptocurrency transactions, email accounts, phone numbers, and IP addresses to domains and infrastructure used in the intrusion campaign. Eleven U.S. companies have confirmed unauthorized access, representing only a fraction of suspected victims nationwide.

MediumCampaignUnited StatesUnited States#void blizzard#cryptocurrency#denis obrezko
Join the discussion

Showing 1 to 2 of 2 results

Filters:Tag: t1020
Page 1 of 1
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses