ThreatCluster

Cyber Adversaries Exploit File Enumeration and Data Collection Techniques

First seen 22 Apr 2026, 00:30 UTC attack.mitre.org 75% similarity 52

Article Content

Browse articles
ThreatCluster

Recent reports detail the tactics employed by various cyber adversaries to enumerate files and directories on compromised systems. Adversaries utilize command shell utilities and custom tools to gather sensitive information, which aids in follow-on attacks. Notable malware such as Action RAT, Amadey, and APT28 have been identified as capable of collecting local data from infected machines. Specific commands like 'dir' and 'Forfiles' are frequently used to identify files of interest, including documents and configuration files. The scope of impact includes organizations with compromised systems, leading to potential data exfiltration and further exploitation. Adversaries like APT38 and APT41 have been particularly active in gathering sensitive data. The current status indicates ongoing threats, with multiple actors leveraging similar techniques to achieve their objectives.

Key Points: • Adversaries use file enumeration techniques to gather sensitive data from compromised systems. • Malware such as Action RAT and APT28 are actively involved in local data collection. • Commands like 'dir' and 'Forfiles' are commonly used for file discovery and exfiltration.

ThreatCluster AI

Timeline

2026-04-22
T1083 and T1005 techniques reported for file enumeration and data collection
Recent
Ongoing threats from various malware exploiting file systems

Community

Browse all →