The Conti leaks show how threat groups have refined the process of building out their resources, talent and infrastructure.
The Lapsus$ group, which most recently claimed breaches of Microsoft and Okta, relies on several tactics used less frequently by other threat groups.
Researchers detailed a threat actor that has launched campaigns targeting the transportation and manufacturing sector for five years.
The Ghostwriter influence campaign has expanded its targeting and TTPs, with researchers linking parts of it to the UNC1151 threat group.
The Lazarus threat group is hiding its payloads in bitmap image (BMP) files, as seen in spear-phishing attacks targeting victims in South Korea.