The Cyber Threat Perspective Episode 170: The Evasive Adversary
Feb 27, 2026
They unpack social engineering strikes like Chatty Spider and Scattered Spider that break in via help-desk tactics and voice phishing. They cover click-grab lures that paste PowerShell payloads and malware-free living-off-the-land intrusions. They discuss AI speeding attacks, rapid breakout timelines, zero-day edge exploits, supply-chain risks in NPM packages, and cloud identity/session theft techniques.
AI Snips
Chapters
Transcript
Episode notes
Rapid RMM-Based Exfiltration Example
- Chatty Spider social-engineered a US law firm user to run Microsoft Quick Assist and began exfiltration with WinSCP within four minutes.
- Spencer Alessi highlighted that attackers often use RMM/Quick Assist to pivot quickly and access shares as regular users do.
Voice Phishing As A High Success Vector
- Voice phishing is increasingly used as the initial vector because it's more convincing than email or SMS.
- Tyler Roberts said their social engineering success on voice phishing engagements is effectively 100% for persuading users to install RMM tools.
Click-Grab Captcha Attacks Are Rising Fast
- Attackers shifted from fake browser-update lures to captcha/click-grab that persuades users to paste PowerShell commands.
- Spencer Alessi noted CrowdStrike observed a 563% increase and that EDR visibility may not link the browser lure to the payload.