Deployment of destructive wiper malware (e.g., CaddyWiper, IsaacWiper)
Living-off-the-Land (LotL) techniques using native OS tools
Exploitation of edge network devices (VPNs, Firewalls, Routers)
Industrial Control Systems (ICS/SCADA) targeting
Supply chain compromise
Spear-phishing for initial access
Credential harvesting and lateral movement via SMB/WMI
Use of hijacked legitimate infrastructure for C2