T1056.001 - Keylogging - MITRE ATT&CK

Threat entity extracted from intelligence sources

Frequency
50
occurrences
First Seen
November 21, 2025
Last Seen
July 17, 2026

T1056.001 - Keylogging is a mitre_attack tracked across 44 threat clusters and 50 intelligence report mentions on ThreatCluster. First observed November 21, 2025; most recent activity July 17, 2026.

Overview

T1056.001 Keylogging is a MITRE ATT&CK technique where attackers capture user keystrokes to harvest credentials and other sensitive data. It can be implemented via OS-level keyloggers, browser-based scripts, or malware components, enabling credential theft and data exfiltration across platforms. This technique remains a foundational risk in cybersecurity due to its direct access to user inputs and login information.

Related Threat Clusters

Recent Intelligence Reports

  • Fake TTF files deliver stealthy malware in global phishing campaign — Csoonline · July 17, 2026
  • New TELEPUZ malware spreads via ClickFix lures — Feeds.Feedburner · July 16, 2026
  • Russian hackers trojanize WebEx, Zoom apps to push Starland malware — Bleepingcomputer · July 16, 2026
  • Morocco's frenzy for purchasing surveillance tools revealed by whistleblower — Lemonde.Fr · July 16, 2026
  • OkoBot Malware Uses ClickFix and SeedHunter to Steal Ledger and Trezor Seed Phrases — Gbhackers · July 15, 2026
  • Kaspersky reveals a new malicious framework targeting cryptocurrency users with the use of ... — Kaspersky · July 15, 2026
  • warns in a report. — www.threatlocker.com · July 10, 2026
  • Millenium RAT Uses Base64 and XOR Configuration to Hide Telegram C2 Settings — Gbhackers · June 29, 2026

CVSS v3.1 Breakdown