Show in Graph
Common Information
Type Value
Value 
Keylogging - T1056.001
Category Attack-Pattern
Type Mitre-Attack-Pattern
Misp Type Cluster
Description Adversaries may log user keystrokes to intercept credentials as the user types them. Keylogging is likely to be used to acquire credentials for new access opportunities when [OS Credential Dumping](https://attack.mitre.org/techniques/T1003) efforts are not effective, and may require an adversary to intercept keystrokes on a system for a substantial period of time before credentials can be successfully captured. In order to increase the likelihood of capturing credentials quickly, an adversary may also perform actions such as clearing browser cookies to force users to reauthenticate to systems.(Citation: Talos Kimsuky Nov 2021) Keylogging is the most prevalent type of input capture, with many different ways of intercepting keystrokes.(Citation: Adventures of a Keystroke) Some methods include: * Hooking API callbacks used for processing keystrokes. Unlike [Credential API Hooking](https://attack.mitre.org/techniques/T1056/004), this focuses solely on API functions intended for processing keystroke data. * Reading raw keystroke data from the hardware buffer. * Windows Registry modifications. * Custom drivers. * [Modify System Image](https://attack.mitre.org/techniques/T1601) may provide adversaries with hooks into the operating system of network devices to read raw keystrokes for login sessions.(Citation: Cisco Blog Legacy Device Attacks)
Details Published Attributes CTI Title
Details Website 2024-11-04 38 Monthly Threat Actor Group Intelligence Report, September 2024 (KOR)
Details Website 2024-11-04 38 Monthly Threat Actor Group Intelligence Report, September 2024 (KOR) – Red Alert
Details Website 2024-11-04 24 From Pyongyang to Your Payroll: The Rise of North Korean Remote Workers in the West
Details Website 2024-11-04 4 Recent Keylogger Attributed to North Korean Group Andariel Analyzed Through A Hybrid Analysis Perspective
Details Website 2024-11-03 0 Hardware Security —  Protecting Against Side-Channel and Fault Injection Attacks
Details Website 2024-11-03 1 October 2024 Threat Trend Report on APT Attacks (South Korea) - ASEC
Details Website 2024-11-01 62 Weekly Intelligence Report - 01 Nov 2024 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
Details Website 2024-10-30 154 Крысиный король: как Android-троян CraxsRAT ворует данные пользователей | Блог F.A.C.C.T.
Details Website 2024-10-30 1 New PySilon RAT Abusing Discord Platform to Maintain Persistence
Details Website 2024-10-29 28 Monthly Threat Actor Group Intelligence Report, August 2024 (ENG) – Red Alert
Details Website 2024-10-28 2 Russian Espionage Group Targets Ukrainian Military with Malware via Telegram
Details Website 2024-10-28 2 Russian Espionage Group Targets Ukrainian Military with Malware via Telegram - RedPacket Security
Details Website 2024-10-28 0 LoyLap Database Leak, New Jason RAT, and Supercell Exploit for Sale on Dark Web - SOCRadar® Cyber Intelligence Inc.
Details Website 2024-10-28 2 LoyLap Database Leak, New Jason RAT, and Supercell Exploit for Sale on Dark Web
Details Website 2024-10-24 1 Cerberus Malware: Understanding the Evolving Android Banking Trojan and the ErrorFather Campaign
Details Website 2024-10-24 4 Intelligence Insights: October 2024
Details Website 2024-10-22 0 RAT Malware Operating via Discord Bot - ASEC
Details Website 2024-10-22 1 I “Has” Cybersecurity: Secure Boot vs Full Disk Encryption
Details Website 2024-10-21 902 RST TI Report Digest: 21 Oct 2024
Details Website 2024-10-20 0 AI Conversations Exposed: The Token Length Vulnerability in ChatGPT, Copilot, and More
Details Website 2024-10-19 1 Firejail: Your First Line of Defense for Linux Application Security
Details Website 2024-10-19 0 10 Smallest Hacker Gadgets and Their Ethical Uses in Penetration Testing
Details Website 2024-10-19 0 Multi-Factor Authentication: Your Digital Security Superhero
Details Website 2024-10-18 44 Weekly Intelligence Report - 18 Oct 2024 | #ransomware | #cybercrime | National Cyber Security Consulting
Details Website 2024-10-16 5 Cyber Briefing: 2024.10.16