T1056 - Input Capture is a mitre_attack tracked across 50 threat clusters and 156 intelligence report mentions on ThreatCluster. First observed November 12, 2025; most recent activity July 15, 2026.
T1056 - Input Capture covers techniques that capture user input, including keystrokes and clipboard data, to steal credentials or sensitive information. Recent reports show Android-based FvncBot capturing keystrokes and dropping payloads, and the Ferocious Kitten APT deploying MarkiRAT to perform keystroke and clipboard logging, underscoring the technique's cross-platform relevance. This remains a significant attack vector for credential theft and data exfiltration across actors and environments.
The FBI and partners disrupted a covert network of compromised TP-Link and MikroTik routers exploited by the Russian GRU (APT28) to steal Outlook credentials. This operation, known as Operation Masquerade, revealed that…
Operation Highland, attributed to the Velvet Ant cyberespionage group, involved a sophisticated attack that began in 2016 and persisted undetected for a decade. The attackers hijacked the authentication stack of a major…
On June 18, 2026, international law enforcement agencies launched Operation Endgame, disrupting the SocGholish malware infrastructure linked to the Russian cybercrime group Evil Corp. The operation resulted in the…
A critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS is being actively exploited in a large-scale cyberattack affecting over 700 websites, including those of Harvard University, Oxford University, Auburn…
A newly identified APT group, Armored Likho, is conducting a phishing campaign targeting government agencies and electric power sectors in Russia, Brazil, and Kazakhstan. The group employs a sophisticated infostealer…
A China-linked threat actor known as Red Menshen has been conducting a long-term espionage campaign targeting global telecommunications networks using a stealthy Linux kernel backdoor called BPFdoor. This malware…
On May 29, 2026, Yury Hubarevich, a prominent Belarusian politician, was targeted in a phishing attack linked to the Belarusian espionage group UNC1151. The attack involved an email disguised as a Google notification,…
ESET researchers reported a supply-chain attack by the North Korean APT group ScarCruft, targeting a gaming platform in the Yanbian region of China. The attack, ongoing since late 2024, involved trojanizing both Windows…
A new cyberespionage campaign has been identified, targeting Ukrainian organizations with a backdoor named DRILLAPP, attributed to Russian threat actors, specifically the Laundry Bear group. The campaign employs…
A new malware named NarwhalRAT has been discovered targeting Korean users through phishing emails impersonating the Microsoft security team. The malware, linked to the North Korean hacking group APT37, can perform over…