Show in Graph
Common Information
Type Value
Value 
Keylogging - T1056.001
Category Attack-Pattern
Type Mitre-Attack-Pattern
Misp Type Cluster
Description Adversaries may log user keystrokes to intercept credentials as the user types them. Keylogging is likely to be used to acquire credentials for new access opportunities when [OS Credential Dumping](https://attack.mitre.org/techniques/T1003) efforts are not effective, and may require an adversary to intercept keystrokes on a system for a substantial period of time before credentials can be successfully captured. In order to increase the likelihood of capturing credentials quickly, an adversary may also perform actions such as clearing browser cookies to force users to reauthenticate to systems.(Citation: Talos Kimsuky Nov 2021) Keylogging is the most prevalent type of input capture, with many different ways of intercepting keystrokes.(Citation: Adventures of a Keystroke) Some methods include: * Hooking API callbacks used for processing keystrokes. Unlike [Credential API Hooking](https://attack.mitre.org/techniques/T1056/004), this focuses solely on API functions intended for processing keystroke data. * Reading raw keystroke data from the hardware buffer. * Windows Registry modifications. * Custom drivers. * [Modify System Image](https://attack.mitre.org/techniques/T1601) may provide adversaries with hooks into the operating system of network devices to read raw keystrokes for login sessions.(Citation: Cisco Blog Legacy Device Attacks)
Details Published Attributes CTI Title
Details Website 2024-09-26 5 Intelligence Insights: September 2024
Details Website 2024-09-25 15 Understanding Cybersecurity Threats: A Simple Guide (with examples!!)
Details Website 2024-09-24 9 Part 1. Malware Analysis-Remcos RAT
Details Website 2024-09-24 0 New Octo Android malware version impersonates NordVPN, Google Chrome
Details Website 2024-09-23 45 Threat Intelligence Report 17th September – 23rd September 2024
Details Website 2024-09-19 2 New Brazilian-Linked SambaSpy Malware Targets Italian Users via Phishing Emails
Details Website 2024-09-19 2 New Brazilian-Linked SambaSpy Malware Targets Italian Users via Phishing Emails - RedPacket Security
Details Website 2024-09-19 1 Exotic SambaSpy is now dancing with Italian users
Details Website 2024-09-19 11 Monthly Threat Actor Group Intelligence Report, June 2024 (JPN)
Details Website 2024-09-19 6 Top 10 Cyber Security Tricks to Safeguard Your Online Presence
Details Website 2024-09-19 13 Monthly Threat Actor Group Intelligence Report, June 2024 (JPN) – Red Alert
Details Website 2024-09-19 5 Secure your Elastic Cloud account with multifactor authentication (MFA)
Details Website 2024-09-16 0 Account Takeover By Malware: When and How
Details Website 2024-09-16 28 Threat Intelligence Report September 10 - September 16 2024 | Red Piranha
Details Website 2024-09-14 9 Research Note — Agent Tesla (2)
Details Website 2024-09-12 1 Cybersecurity Alert: Python Libraries Exploited for Malicious Intent
Details Website 2024-09-12 80 2023-11-23 BEAVERTAIL and INVISIBLE_FERRET Lazarus Group Malware Samples
Details Website 2024-09-11 24 Trojan:Win32/Leonem – Gridinsoft Blogs
Details Website 2024-09-11 0 New Acoustic Cyberattack ‘PIXHELL’ Leaks Data from Air-Gapped Systems via LCD Monitors - CloudSEK News
Details Website 2024-09-10 0 New Mobile Malware Campaign Targeting Android Users in South Korea and Beyond - CyberSRC
Details Website 2024-09-10 0 New PIXHELL acoustic attack leaks secrets from LCD screen noise
Details Website 2024-09-09 0 New RAMBO Attack Uses RAM Radio Signals to Steal Data from Air-Gapped Networks
Details Website 2024-09-09 22 Memory Forensics: BlackEnergy Malware
Details Website 2024-09-09 0 New RAMBO Attack Uses RAM Radio Signals to Steal Data from Air-Gapped Networks - RedPacket Security
Details Website 2024-09-09 0 New Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery Keys