Threats Tagged 't1608'
View all threats tagged with 't1608'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 't1608'
Click on any threat for detailed analysis and mitigation recommendations
Phishing Campaign PasasteSinTAG - New domain rotation identified associated with the campaign impersonating the PasasteSinTAG portal 0 A phishing campaign targeting Chile continues to evolve with significant infrastructure expansion. Security researchers identified 99 new domains impersonating the legitimate PasasteSinTAG portal, with 22 domains confirmed active and 77 registered but not yet activated. The active domains utilize various top-level domains including .click, .cfd, .cyou, .mom, .best, .rest, .top, .help, .sbs, .icu, .life, .xyz, .buzz, .casa, and .pics. The infrastructure is hosted across seven IP addresses. This campaign represents an ongoing threat to Chilean users through brand impersonation tactics, with threat actors maintaining a large reserve of dormant domains for future rotation. Join the discussion | AlienVault OTX General | 06/29/2026, 06:35:54 UTC Added: 06/29/2026, 10:21:38 UTC |
Gamers beware: malicious wallpapers on Steam found stealing accounts 0 Since late 2025, cybercriminals have been exploiting Wallpaper Engine, a popular live wallpaper application on Steam, to distribute malware through Steam Workshop. Attackers target primarily Chinese and Russian gamers by embedding malicious code within application wallpapers shared on the platform. These compromised wallpapers deliver various malware types including infostealers, backdoors, crypto miners, and ransomware. One analyzed sample dropped DarkKomet backdoor while hijacking Steam sessions to steal account credentials. The malware modifies system libraries to locate Steam installations and exfiltrate data to attacker-controlled servers. Compromised accounts are then used to upload additional malicious wallpapers. The diverse malware families suggest multiple independent hacking groups are exploiting this distribution method. Infected wallpapers received thousands of downloads before removal, with 89% of infections occurring in China. Join the discussion | AlienVault OTX General | 06/16/2026, 09:50:13 UTC Added: 06/16/2026, 11:30:21 UTC |
AI brands as bait: How threat actors are using the AI hype in social engineering 0 Threat actors are increasingly leveraging the global interest in artificial intelligence by impersonating popular AI platforms such as ChatGPT, Copilot, DeepSeek, and Claude in social engineering campaigns. These operations span phishing attacks, malvertising, and search engine optimization-driven tactics that ultimately lead to credential theft, financial fraud, or malware infections. Observed campaigns include ChatGPT-themed phishing collecting credit card data targeting South Africa, Claude-themed adversary-in-the-middle attacks harvesting credentials and access tokens, malvertising campaigns distributing Vidar stealer through fake AI plugin downloads, and fraudulent DeepSeek V4 installers on GitHub. The initial access broker Storm-3075 has been identified employing AI-themed malvertising, while the financially motivated actor Fox Tempest provides malware-signing-as-a-service to enhance payload legitimacy. These campaigns combine traditional social engineering tactics with AI branding to improve success... Join the discussion | AlienVault OTX General | 06/08/2026, 19:36:04 UTC Added: 06/09/2026, 08:55:44 UTC |
Showing 1 to 3 of 3 results