Safeguard
Tag

Threat Actor

Safeguard articles tagged "Threat Actor" — guides, analysis, and best practices for software supply chain and application security.

6 articles

Threat Intelligence

Scattered Spider 2025: How the Most Dangerous Social Engineering Group Evolved

Scattered Spider adapted its tactics in 2025, moving beyond casino hacks to target retail, healthcare, and manufacturing with increasingly sophisticated social engineering.

Mar 20, 20257 min read
Industry Analysis

FIN7: Financial-Sector Supply Chain Tradecraft

FIN7 has spent a decade evolving from POS malware to supply chain operations. A look at the current tradecraft and the implications for financial-sector defenders.

Nov 20, 20246 min read
Industry Analysis

Labyrinth Chollima and Open Source Targeting

Labyrinth Chollima's operations show a specific pattern — poisoned open source packages as initial access. A profile of the tradecraft and the defensive response.

Aug 28, 20246 min read
Industry Analysis

Clop: Supply Chain Exploitation Tradecraft

Clop has turned supply chain exploitation into a repeatable playbook — MOVEit, GoAnywhere, Cleo. A look at the tradecraft that makes the campaign work.

Jun 15, 20246 min read
Industry Analysis

Lazarus Group Software Supply Chain Campaigns

A field analyst's look at how North Korea's Lazarus Group has turned software supply chains into a strategic weapon, from 3CX to npm.

Feb 28, 20246 min read
Threat Actors

LAPSUS$ Group: Unconventional Attack Techniques That Embarrassed Big Tech

LAPSUS$ broke into Microsoft, Nvidia, Samsung, and Okta using social engineering and insider recruitment rather than sophisticated malware. Their techniques exposed fundamental security gaps.

Apr 8, 20227 min read
Threat Actor — Safeguard Blog