Spear-phishing with geopolitical lures
Distribution of malicious Google Chrome extensions
Living off the Land (LotL) using built-in Windows administration tools
Remote Desktop Protocol (RDP) for persistence and manual interaction
Use of Large Language Models (LLMs) for reconnaissance and lure generation
PowerShell-based keyloggers
Credential harvesting from browser memory and process memory