Common Information
| Type | Value |
|---|---|
| Value |
Keylogging - T1056.001 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may log user keystrokes to intercept credentials as the user types them. Keylogging is likely to be used to acquire credentials for new access opportunities when [OS Credential Dumping](https://attack.mitre.org/techniques/T1003) efforts are not effective, and may require an adversary to intercept keystrokes on a system for a substantial period of time before credentials can be successfully captured. In order to increase the likelihood of capturing credentials quickly, an adversary may also perform actions such as clearing browser cookies to force users to reauthenticate to systems.(Citation: Talos Kimsuky Nov 2021) Keylogging is the most prevalent type of input capture, with many different ways of intercepting keystrokes.(Citation: Adventures of a Keystroke) Some methods include: * Hooking API callbacks used for processing keystrokes. Unlike [Credential API Hooking](https://attack.mitre.org/techniques/T1056/004), this focuses solely on API functions intended for processing keystroke data. * Reading raw keystroke data from the hardware buffer. * Windows Registry modifications. * Custom drivers. * [Modify System Image](https://attack.mitre.org/techniques/T1601) may provide adversaries with hooks into the operating system of network devices to read raw keystrokes for login sessions.(Citation: Cisco Blog Legacy Device Attacks) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-10-09 | 1 | North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and… | ||
| Details | Website | 2024-10-09 | 0 | New BeaverTail Malware Targets Job Seekers via Fake Recruiters | ||
| Details | Website | 2024-10-09 | 5 | Threat Trend Report on APT Attacks (South Korea) - September 2024 Major Issues on APT Attacks in South Korea - ASEC | ||
| Details | Website | 2024-10-09 | 36 | Contagious Interview: DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware | ||
| Details | Website | 2024-10-05 | 0 | Security Update: IBM X-Force Shows Hackers Using BEC to Steal Cloud Creds | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting | ||
| Details | Website | 2024-10-04 | 0 | Part-1 MITRE ATT&CK Tactic & Techniques & framework | ||
| Details | Website | 2024-10-03 | 4 | Cross-Site Scripting (XSS) vulnerabilities | ||
| Details | Website | 2024-10-03 | 38 | Decoy Manuals and Malicious Browser Extensions: A Closer Look at a Multi-Layered Threat | ||
| Details | Website | 2024-10-03 | 29 | Legacy Threat: PlugX Builder/Controller Discovered in Open Directory | ||
| Details | Website | 2024-10-02 | 0 | Admin Rights in Action: How Hackers Target Privileged Accounts | ||
| Details | Website | 2024-10-02 | 0 | AI-Driven Cyber Heist: How Rhadamanthys Stealer is Targeting Your Crypto Wallets — No One is Safe | ||
| Details | Website | 2024-10-02 | 2 | LetsDefend SOC Walkthrough | SOC166 — Javascript Code Detected in Requested URL | ||
| Details | Website | 2024-10-01 | 79 | Key Group uses leaked builders of ransomware and wipers | ||
| Details | Website | 2024-09-28 | 2 | Crypto Scam App Disguised as WalletConnect Steals $70K in Five-Month Campaign | ||
| Details | Website | 2024-09-28 | 0 | TryHackMe | Unified Kill Chain | ||
| Details | Website | 2024-09-26 | 1 | N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks | ||
| Details | Website | 2024-09-26 | 1 | N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks - RedPacket Security | ||
| Details | Website | 2024-09-26 | 1 | Supply Chain Attacks Targeting Korean Game Companies Using Valid Certificates - ASEC | ||
| Details | Website | 2024-09-26 | 5 | China-linked APT group Salt Typhoon compromised some US ISPs | ||
| Details | Website | 2024-09-26 | 34 | WalletConnect Scam: A Case Study in Crypto Drainer Tactics | ||
| Details | Website | 2024-09-26 | 34 | WalletConnect Scam: A Case Study in Crypto Drainer Tactics - Check Point Research | ||
| Details | Website | 2024-09-26 | 2 | Top 5 Essential Penetration Testing Tools: A Detailed Guide | ||
| Details | Website | 2024-09-26 | 20 | Unraveling Sparkling Pisces’s Tool Set: KLogEXE and FPSpy | ||
| Details | Website | 2024-09-26 | 20 | Unraveling Sparkling Pisces’s Tool Set: KLogEXE and FPSpy | ||
| Details | Website | 2024-09-26 | 6 | Unmasking XSS: How to Identify and Exploit Cross-Site Scripting Vulnerabilities |