Spear-phishing using LNK, ISO, HTA, and ZIP containers
AI-powered 'vibeware' generation using Nim, Zig, and Crystal to flood environments (Distributed Denial of Detection)
C2 communication via trusted cloud services (Slack, Discord, Supabase, Google Sheets)
Deployment of cross-platform RATs (Crimson RAT, Desk RAT, GETA RAT, ARES RAT)
Social engineering posing as official government entities (e.g., National Informatics Centre)
Living-off-the-land (LotL) techniques to evade file-based detection
Use of malicious PowerPoint Add-Ins (PPAM) for initial access