Exploitation of internet-facing VNC connections
ICS/SCADA/OT intrusion
Human-Machine Interface (HMI) defacement
Hack-and-leak operations
Brute force attacks on remote access services
Scanning for vulnerable devices using Nmap or OPENVAS
Propaganda via Telegram and X (Twitter)