Threats Tagged 't1568'
View all threats tagged with 't1568'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 't1568'
Click on any threat for detailed analysis and mitigation recommendations
Operation DragonReturn: China-Nexus Cyber Espionage Campaign Targeting Govt. of India/MoF Tax Infrastructure via Multi-Stage DcRAT Deployment 0 A sophisticated China-aligned cyber espionage campaign targeting India's tax infrastructure was identified between May and June 2026. The operation impersonates the Income Tax Department, Ministry of Finance, exploiting the AY2026-27 ITR filing season to target corporate entities, tax professionals, chartered accountants, and taxpayers. The attack employs spear-phishing emails with malicious attachments mimicking legitimate government utilities. The multi-stage infection chain deploys DcRAT through steganographic payload concealment, fileless .NET execution, AMSI bypass, and Windows service persistence. The threat actor demonstrates operational maturity through active payload rotation achieving 0/66 detection rates, encrypted TLS-based C2 communications, and infrastructure hosted across multiple ASNs linked to China. The campaign shows overlaps with the China-nexus threat actor Silver Fox, featuring screen capture capabilities, data exfiltration, and systematic intelligence collection from high-value India... MediumMalware Join the discussion British Indian Ocean Territory India#china-nexus#income tax impersonation#spear-phishing | AlienVault OTX General | 06/26/2026, 12:50:31 UTC Added: 06/26/2026, 17:57:21 UTC |
How 23 Browser Extensions Silently Monetize ~758,000 Users' Searches 0 SearchJack represents a coordinated campaign comprising 23 deceptive Chrome browser extensions that silently hijack users' default search engines, redirecting queries through monetization middleware before delivering results. These extensions masquerade as various productivity tools, satellite imagery viewers, maps, and news readers while their actual purpose is generating search affiliate revenue. The campaign affects approximately 758,000 users across 22 unique publishers and leverages at least 8 distinct monetization brokers, primarily routing traffic through Yahoo Hosted Search affiliate programs. The extensions employ manifest-only wrappers using chrome_settings_overrides to hijack search settings, with some implementing runtime obfuscation to evade static analysis. Several extensions feature false privacy claims, anomalous review patterns, and anonymous publishers with fictional corporate identities, enabling operators to monetize user search behavior while maintaining zero accountability. Join the discussion | AlienVault OTX General | 06/15/2026, 14:58:18 UTC Added: 06/15/2026, 17:30:16 UTC |
Showing 1 to 2 of 2 results