Ransomware groups switch to stealthy attacks and long-term access
Summary
Ransomware attackers are shifting from loud, disruptive attacks toward stealthy, long-term infiltration tactics where they quietly steal data for extortion rather than encrypting it. They're using defense evasion (techniques to avoid detection) and persistence mechanisms to stay hidden, routing their command-and-control traffic (communications between attackers and compromised systems) through legitimate business services like OpenAI and AWS to blend in with normal activity. Attackers are also chaining multiple vulnerabilities together in coordinated exploitation rather than treating each weakness as an isolated entry point.
Classification
Affected Vendors
Related Issues
Original source: https://www.csoonline.com/article/4137010/ransomware-groups-switch-to-stealthy-attacks-and-long-term-access.html
First tracked: February 27, 2026 at 03:00 AM
Classified by LLM (prompt v3) · confidence: 65%