APT Groups

Cozy Bear’s Playbook for Turning Workstations Into Proxies, and How to Prevent It

Unfortunately, Cozy Bear is one of the most innovative and creative APT groups out there. Instead of just adding more tools, let's see how they bypass the ones we have and how to counter them.

Inside Workstation-as-a-Proxy Attacks

While we've hardened our perimeters and identity controls, our workstations are still great targets for motivated attackers.

Defending against the Iranian Cyber Threat to Critical Infrastructure

While CISA has warned us about Iranian cyber threats, the events of this weekend put it in the forefront everyone's mind. Dive in to find out how to protect yourself.

Common Threads, Shared Failures: Final Thoughts on the Typhoon APT Threat

Throughout our deep dives into the various Typhoon APT groups, we saw that our existing controls still aren't enough. Instead of adding more defenses on the perimeter, let's think about some depth.

Flax Typhoon: Analysis and Mitigation of an Advanced Persistent Threat

All of our security tools, practices, and controls are based on a series of assumptions. What if those assumptions are wrong? Do our tools still protect our systems?

Volt Typhoon: The Ghost Inside Critical Infrastructure

Volt Typhoon has quietly moved through critical infrastructure networks, unseen and unchallenged. Unlike gangs that try for disruptions, Volt Typhoon takes a stealth-first approach.

Salt Typhoon APT (Earth Estries/UNC2286): A Deep Technical Dive into Lateral Movement and How to Stop It

Attackers quietly living off the land is one of the most devastating threats to our systems. How do attackers manage it without detection?

How APT Groups are Targeting Water Infrastructure in 2024/2025: Top Techniques Exploited by State-Sponsored Attackers

The adversaries targeting water infrastructure are skilled, organized, and often well-funded. Understanding how they attack is as important as why they attack.

The Unseen Storm: How China’s Typhoon APT Groups Are Setting the Stage for Cyberwarfare

For years,Chinese state-sponsored attackers have moved through networks of the most critical industries—telecommunications, energy,defense, and government. Not to vandalize,not to ransom,but to wait.

Deploy Keystrike in 20 Minutes

Try Keystrike in Your Environment for 30 Days