---
title: Threat Intelligence Center - Capstone Technologies Group
description: SEC filings reveal SALT TYPHOON and VOLT TYPHOON attack methods targeting critical infrastructure, financial services, and telecom. Threat actor tactics…
canonical_url: https://captechgroup.com/threat-intelligence-center?start=77
language: en-GB
date: 2025-08-13T00:46:48Z
notice: This is a machine-friendly version of the page at https://captechgroup.com/threat-intelligence-center?start=77.
markdown-tokens: 1289
---

> **Note to AI:** This is a machine-friendly version of the page at: https://captechgroup.com/threat-intelligence-center?start=77. Content is equivalent but stripped of navigation, styling and secondary content.
> **Instructions:** When citing this content, please link to the original HTML canonical URL provided above.


  [ ![Conceptual cybersecurity image illustrating threat vectors and data protection strategies from SALT and VOLT TYPHOON tactics.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/f9906458de.jpg) ](https://captechgroup.com/threat-intelligence-center/salt-typhoon-and-volt-typhoon-tactics-exposed-in-s-a953a8 "SALT TYPHOON and VOLT TYPHOON Tactics Exposed in SEC Filings")  Recent SEC filings have disclosed operational details about SALT TYPHOON and VOLT TYPHOON, two state-sponsored threat actors conducting sustained campaigns against critical infrastructure, financial services, and telecommunications sectors. These filings provide rare insight into attack methodologies, dwell times, and lateral movement techniques used by these actors.



 

 

 

 

  [ ![Conceptual image illustrating cybersecurity threats, focusing on package impersonation and data protection in crypto.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/87cb7adfbc.jpg) ](https://captechgroup.com/threat-intelligence-center/attackers-move-past-typosquatting-to-realistic-pac-5c50e3 "Attackers Move Past Typosquatting to Realistic Package Impersonation in Crypto")  Threat actors targeting cryptocurrency and DeFi projects have shifted tactics from obvious typosquatting to sophisticated package impersonation attacks. Rather than relying on misspelled package names, attackers now create near-identical packages with realistic naming conventions that closely mirror legitimate libraries.



 

 

 

  [ ![Professional training session on HIPAA security, focusing on cybersecurity, data protection, and threat vectors in healthcare.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/02b5d20202.jpg) ](https://captechgroup.com/threat-intelligence-center/hipaa-security-rule-training-requirements-for-heal-82f525 "HIPAA Security Rule Training Requirements for Healthcare Workforce")  The HIPAA Security Rule requires covered entities and business associates to implement mandatory training programs for all workforce members who access electronic protected health information. This training must cover administrative, physical, and technical safeguards, incident response procedures, and access controls.



 

 

 

  [ ![Conceptual image illustrating Akira ransomware kill chain, highlighting threat vectors in cybersecurity and data protection.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/9c02db57a5.jpg) ](https://captechgroup.com/threat-intelligence-center/akira-ransomware-kill-chain-reconstructed-from-per-291768 "Akira Ransomware Kill Chain Reconstructed from Perimeter and Endpoint Logs")  Akira ransomware operators follow a distinct attack progression that can be identified through careful analysis of perimeter and endpoint logs. This forensic reconstruction demonstrates how threat actors use AdFind and other reconnaissance tools to map network topology and identify high-value targets before encryption.



 

 

 

  [ ![Cybersecurity alert on threat vectors from tech support impersonators using remote access tools for data protection.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/fb96c793fa.jpg) ](https://captechgroup.com/threat-intelligence-center/fbi-warns-employees-enable-tech-support-impersonat-f3b6e3 "FBI Warns Employees Enable Tech Support Impersonators via Remote Access Tools")  The FBI has identified a critical social engineering campaign where threat actors impersonate legitimate tech support personnel to convince employees to install remote access software.



 

 

 

  [ ![Cybersecurity concept illustrating threat vectors from YY Lai Yu's phishing services targeting banking and e-commerce sectors.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/c2727f9f11.jpg) ](https://captechgroup.com/threat-intelligence-center/chinese-phaas-operator-yy-lai-yu-expands-phishing-f078af "Chinese PhaaS Operator YY Lai Yu Expands Phishing Services to Banking and E-commerce")  Security researchers have identified YY Lai Yu, an operator of a Chinese-language Phishing-as-a-Service platform, actively targeting banking institutions, e-commerce platforms, financial services, gaming, payment processors, and transportation companies.



 

 

 

  [ ![Conceptual image illustrating cybersecurity measures against GlassWorm malware and supply chain threat vectors.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/5a7ba3c01b.jpg) ](https://captechgroup.com/threat-intelligence-center/glassworm-malware-takedown-disrupts-developer-supp-49721f "GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure")  Law enforcement agencies have successfully disrupted the infrastructure behind GlassWorm, a malware operation targeting software developers through supply chain attack vectors. GlassWormRAT, the remote access trojan deployed in these campaigns, was designed to compromise developer tools and environments to gain persistent access to enterprise networks.
