Threat Actor
Safeguard articles tagged "Threat Actor" — guides, analysis, and best practices for software supply chain and application security.
6 articles
Scattered Spider 2025: How the Most Dangerous Social Engineering Group Evolved
Scattered Spider adapted its tactics in 2025, moving beyond casino hacks to target retail, healthcare, and manufacturing with increasingly sophisticated social engineering.
FIN7: Financial-Sector Supply Chain Tradecraft
FIN7 has spent a decade evolving from POS malware to supply chain operations. A look at the current tradecraft and the implications for financial-sector defenders.
Labyrinth Chollima and Open Source Targeting
Labyrinth Chollima's operations show a specific pattern — poisoned open source packages as initial access. A profile of the tradecraft and the defensive response.
Clop: Supply Chain Exploitation Tradecraft
Clop has turned supply chain exploitation into a repeatable playbook — MOVEit, GoAnywhere, Cleo. A look at the tradecraft that makes the campaign work.
Lazarus Group Software Supply Chain Campaigns
A field analyst's look at how North Korea's Lazarus Group has turned software supply chains into a strategic weapon, from 3CX to npm.
LAPSUS$ Group: Unconventional Attack Techniques That Embarrassed Big Tech
LAPSUS$ broke into Microsoft, Nvidia, Samsung, and Okta using social engineering and insider recruitment rather than sophisticated malware. Their techniques exposed fundamental security gaps.