Resources
Cybersecurity white papers, data sheets, webinars, videos and more
Resource Library
Blog
Beyond the Hype: Moltbot’s Real Risk Is Exposed Infrastructure, Not AI Superintelligence
While the world debates Moltbook’s role in the AI ecosystem, it is just the tip of the iceberg of Titanic risk. SecurityScorecard’s STRIKE team uncovered what lurks beneath: Thousands of exposed OpenClaw (Moltbot) control panels vulnerable to takeover through misconfigured access and known exploits.
STRIKE Team
Blog
Operation WrtHug, The Global Espionage Campaign Hiding in Your Home Router
SecurityScorecard’s STRIKE team uncovers how attackers turned thousands of ASUS routers into a worldwide spy network.
STRIKE Team
Blog
When SaaS Trust Becomes a Threat: Insights from the Salesloft Drift Compromise
The STRIKE team has been analyzing the Salesloft Drift breach that spread into Salesforce environments. Discover what the breach tells us about supply chain security, how attackers abused OAuth tokens, what data is exposed, and defensive actions to take next.
STRIKE Team
Blog
From the Depths of the Shadows: IRGC and Hacker Collectives Of The 12-Day War
From reconnaissance to propaganda to payloads, this is how Iran’s digital foot soldiers mobilized across borders and platforms during the war with Israel in June 2025.
STRIKE Team
Blog
Unmasking A New China-Linked Covert ORB Network: Inside the LapDogs Campaign
SecurityScorecard’s STRIKE team uncovered a new China-Nexus ORB Network targeting the United States and Southeast Asia. Read the report to gain an in-depth look at the LapDogs ORB network, its custom malware, and its role in cyberespionage.
STRIKE Team
Research
Massive Botnet Targets M365 with Stealthy Password Spraying Attacks
A Technical Breakdown of Large-Scale Password Spraying Through Non-Interactive Sign-Ins\r\n
STRIKE Team
Blog
Lazarus Group Targets Developers Through NPM Packages and Supply Chain Attacks
North Korea’s Lazarus Group is evolving its tactics again. The latest campaign, dubbed Operation Marstech Mayhem, introduces an advanced implant named “Marstech1.”
STRIKE Team
Research
Lazarus Group is Infecting Open-Source Code. Are You at Risk?
North Korea’s Lazarus Group is hiding malware inside GitHub repositories and NPM packages, compromising developers and cryptocurrency platforms. Their targets: your code, your wallets, your users.
STRIKE Team
Blog
A Deep Peek at DeepSeek
DeepSeek’s rapid ascent in the AI space has made it impossible to ignore. Its sophisticated models and AI assistant have captured global attention. And, while headlines focus on DeepSeek’s capabilities, STRIKE research exposes critical security flaws, hidden data flows, and unanswered questions about who has access to the data and why.
STRIKE Team
Research
Operation Phantom Circuit: North Korea’s Global Data Exfiltration Campaign
During STRIKE’s investigation of Operation 99, our team identified multiple command-and-control (C2)\r\nservers active since September 2024.
STRIKE Team
Blog
Operation Phantom Circuit: North Korea’s Global Data Exfiltration Campaign
In December 2024, a routine software update concealed a global threat. Attackers from the Lazarus Group, based in North Korea, infiltrated trusted development tools, compromising hundreds of victims worldwide. This sophisticated campaign, code-named “Phantom Circuit,” targeted cryptocurrency and technology developers, employing advanced obfuscation techniques through proxy servers in Hasan, Russia.
STRIKE Team
Blog
Operation 99: North Korea’s Cyber Assault on Software Developers
On January 9, the SecurityScorecard STRIKE team uncovered Operation 99, a cyberattack by the Lazarus Group, North Korea’s state-sponsored hacking unit.
STRIKE Team
Blog
The Botnet is Back: SSC STRIKE Team Uncovers a Renewed Cyber Threat
Discover the resurgence of Volt Typhoon, a state-sponsored cyber-espionage group targeting the energy sector. Learn how they exploit legacy systems and outdated devices to embed themselves within critical infrastructure, posing a silent yet significant threat. Stay informed about the evolving tactics, global reach, and implications for national security.
STRIKE Team
Blog
Inside a North Korean Phishing Operation Targeting DevOps Employees
Uncover how SecurityScorecard thwarted a sophisticated phishing attack targeting our DevOps team. This blog details a North Korean state actor’s attempt to deploy a malicious backdoor through a fake job offer on social media. Learn about the evolving tactics of threat actors and how our swift response blocked potential damage. Stay informed and strengthen your defenses against these persistent cyber threats.
Nation State Actors
Phishing
STRIKE Team
Blog
The Job Offer That Wasn’t: How We Stopped an Espionage Plot
Discover how SecurityScorecard thwarted a sophisticated cyber-espionage plot disguised as a job offer. Learn about the ‘Contagious Interview’ campaign, the tactics used by the Famous Chollima group, and essential strategies to protect your organization from targeted attacks. Don’t let your next career move become a trap—stay informed and secure!
STRIKE Team
Research
The Increase in Ransomware Attacks on Local Governments
What makes organizations in the public sector vulnerable to ransomware?
Public Sector
STRIKE Team
Research
A Deep Dive Into ALPHV/BlackCat Ransomware
Executive summary ALPHV/BlackCat is the first widely known ransomware written in Rust. The malware must run with an access token consisting of a 32-byte value (–access-token parameter), and other parameters can be specified. The ransomware comes with an encrypted configuration that contains a list of services/processes to be stopped,… Read More
STRIKE Team
Research
Brute Force Attempts May Have Preceded Ransomware Attack on School District
Executive Summary: Vice Society Ransomware Group Attack Following reports that an attack by the Vice Society ransomware group was responsible for disrupting a US school district’s operations, SecurityScorecard researchers reviewed available data from internal sources and strategic partnerships. SecurityScorecard’s platform revealed that the school district suffered from issues that our… Read More
Public Sector
STRIKE Team
Research
Iran-Attributed Exploitation of Log4Shell Vulnerability
Executive Summary CISA and the FBI issued a joint advisory warning of ongoing exploitation of the Log4Shell vulnerability (CVE-2021-44228) on November 16. The advisory noted that an unspecified Iran-linked threat actor group had exploited the vulnerability during an intrusion into a Federal Civilian Executive Branch (FCEB) organization’s network earlier… Read More
Cyber Threat Intelligence
STRIKE Team
Blog
TTPs Associated With a New Version of the BlackCat Ransomware
In this post, we describe a real engagement that we recently handled by giving details about the tools, techniques, and procedures (TTPs) used by this threat actor.
Cyber Threat Intelligence
STRIKE Team
Blog
Analysis of APT35 infrastructure reveals interest in Egyptian Shipping Companies
Executive Summary SecurityScorecard has identified domains resolving to Iran-linked Advanced Persistent Threat (APT) infrastructure, likely to be used to support phishing campaigns against Egypt-based shipping and marine services companies. In at least three instances, Iran-linked APT actors may have gained unauthorized access to the DNS configuration of legitimate domains to… Read More
STRIKE Team