Threat Intelligence / Actor / Multiple (APT28, APT29, FIN7, Lazarus, ransomware operators — all exploit NTLM)

Multiple (APT28, APT29, FIN7, Lazarus, ransomware operators — all exploit NTLM)

Nation: Multiple (Russia, China, Iran, North Korea) · 1 tracked threat(s) · Categories: ADVISORY

Tracked threats

Microsoft NTLM Phase-Out: Detection & Migration Guidance — MEDIUM

Full actor intelligence — infrastructure, IOCs, detection coverage and operator fingerprints — is available via the Threadlinqs MCP server (Purple tier). View plans →

Threadlinqs Intelligence