Threats Tagged 't1554'
View all threats tagged with 't1554'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 't1554'
Click on any threat for detailed analysis and mitigation recommendations
Chromium extension uses AI‑related branding to redirect browser search 0 Microsoft Threat Intelligence identified a malicious Chromium extension spoofing Perplexity AI to deceive users into installation. The extension's primary objective involves search traffic interception and data collection through Manifest Version 3 capabilities and declarativeNetRequest rules. It routes both full search queries and real-time keystrokes through attacker-controlled infrastructure hosted on a typosquatted domain before redirecting to legitimate search providers. The extension overrides browser default search settings, captures user input at keystroke-level, and uses suspicious permissions inconsistent with legitimate AI assistants. The threat demonstrates how actors operationalize AI branding as social engineering vectors. Google removed the extension following responsible disclosure. Organizations should strengthen user awareness training and implement layered security strategies to detect similar threats. Join the discussion | AlienVault OTX General | 06/29/2026, 20:08:24 UTC Added: 06/30/2026, 11:21:46 UTC |
Public and Private Medical Community Targeted by Threat Actor Pursuing Artificial Intelligence, Cyber, Medical, and National Defense Research 0 A sophisticated espionage campaign attributed to UNC6508, a China-nexus threat actor, targeted North American academic, medical, and military research institutions for over a year. The adversary exploited REDCap servers, deployed custom INFINITERED malware to harvest credentials, and maintained persistent access through trojanized legitimate files that survived software upgrades. After remaining undetected for more than a year, the threat actor pivoted to administrative accounts and created malicious content compliance rules to silently exfiltrate emails containing defense intelligence, Indo-Pacific command operations, artificial intelligence research, uncrewed vehicle systems, cyber programs, and medical research data. The operation employed sophisticated techniques including obfuscation networks routing through US-based infrastructure, compromised routers, and dedicated exfiltration accounts, demonstrating advanced operational security aligned with strategic intelligence collection requirements. Join the discussion | AlienVault OTX General | 06/15/2026, 19:33:11 UTC Added: 06/16/2026, 11:30:21 UTC |
Showing 1 to 2 of 2 results