Beyond the kill chain: What cybercriminals do with their money (Part 5)
In the last of our five-part series, Sophos X-Ops explores the implications and opportunities arising from threat actors’ involvement in real-world industries and crimes
Similar Posts
Patchwork Targets Turkish Defense Firms with Spear-Phishing Using Malicious LNK Files
Bys sThe threat actor known as Patchwork has been attributed to a new spear-phishing campaign targeting Turkish defense contractors with the goal of gathering strategic intelligence. “The campaign employs a five-stage execution chain delivered via malicious LNK files disguised as conference invitations sent to targets interested in learning more about unmanned vehicle systems,” Arctic Wolf Labs…
Salesloft OAuth Breach via Drift AI Chat Agent Exposes Salesforce Customer Data
Bys sA widespread data theft campaign has allowed hackers to breach sales automation platform Salesloft to steal OAuth and refresh tokens associated with the Drift artificial intelligence (AI) chat agent. The activity, assessed to be opportunistic in nature, has been attributed to a threat actor tracked by Google Threat Intelligence Group and Mandiant, tracked as UNC6395….
New “DoubleClickjacking” Exploit Bypasses Clickjacking Protections on Major Websites
Threat hunters have disclosed a new “widespread timing-based vulnerability class” that leverages a double-click sequence to facilitate clickjacking attacks and account takeovers in almost all major websites. The technique has been codenamed DoubleClickjacking by security researcher Paulos Yibelo. “Instead of relying on a single click, it takes advantage of a double-click sequence,” Yibelo said.
Crash Tests for Security: Why BAS Is Proof of Defense, Not Assumptions
Bys sCar makers don’t trust blueprints. They smash prototypes into walls. Again and again. In controlled conditions. Because design specs don’t prove survival. Crash tests do. They separate theory from reality. Cybersecurity is no different. Dashboards overflow with “critical” exposure alerts. Compliance reports tick every box. But none of that proves what matters most to a…
Over 70 Organizations Across Multiple Sectors Targeted by China-Linked Cyber Espionage Group
Bys sThe reconnaissance activity targeting American cybersecurity company SentinelOne was part of a broader set of partially-related intrusions into several targets between July 2024 and March 2025. “The victimology includes a South Asian government entity, a European media organization, and more than 70 organizations across a wide range of sectors,” security researchers Aleksandar Milenkoski and Tom
Microsoft Detects “SesameOp” Backdoor Using OpenAI’s API as a Stealth Command Channel
Bys sMicrosoft has disclosed details of a novel backdoor dubbed SesameOp that uses OpenAI Assistants Application Programming Interface (API) for command-and-control (C2) communications. “Instead of relying on more traditional methods, the threat actor behind this backdoor abuses OpenAI as a C2 channel as a way to stealthily communicate and orchestrate malicious activities within the compromised