#living-off-the-land
6 articles
Government and education sectors across APAC, Asia, Central America, CIS, and META were the primary targets in six articles from April to July 2026 tagged living-off-the-land. The coverage included one critical and four high-severity incidents, with threat actors GopherWhisper, KongTuke, and Operation PhantomCLR observed leveraging legitimate tools. The vulnerability CVE-2023-36036 was specifically cited, while affected industries also encompassed energy, enterprise, and financial services.

Kaspersky: 60% of Incidents Missed by Automated Security Tools
Kaspersky Compromise Assessment 2025 findings: 60% of incidents lacked high-confidence alerts; 30.8% of threats persisted over 3 months; 40% of web shells hid in backups.
CRITICALModeloRAT Campaign Abuses Microsoft Teams for Enterprise Intrusion
Rapid7 dissects an April 2026 intrusion where a fake IT Support Teams message delivered ModeloRAT via Dropbox, leading to privilege escalation, credential theft, and lateral...
HIGHUnit 42 Tracks TGR-STA-1030 Activity in Central and South America
Palo Alto Unit 42 reports TGR-STA-1030 remains active in Central and South America, targeting government and energy sectors with custom malware and living-off-the-land techniques.
HIGHGopherWhisper APT Uses Go Tools, Legit Services in Gov Attacks
GopherWhisper, a new state-backed APT, targets government entities with a Go-based toolkit abusing Outlook, Slack, and Discord for C2.
HIGHOperation PhantomCLR Hijacks Intel Driver to Deploy Stealthy Malware
Operation PhantomCLR exploits a legitimate Intel driver to hijack the .NET CLR and deploy malware, bypassing security tools by using a trusted, signed binary without modifying its code.
HIGHCredential-Based Attacks Blur Line Between Breach and Normal Activity
Modern attackers are exploiting valid credentials and living-off-the-land techniques to make breaches indistinguishable from legitimate user activity, rendering traditional perimeter and anomaly detection ineffective.
Stay Updated
Get the latest cybersecurity news delivered to your inbox.