February 23, 2026 Cyber Threat Intelligence Briefing

kroll logo
Kroll
Feb 23, 2026
Kroll

This week’s briefing covers:

00:00 – Intro

00:30 [TTP Update] ClickFix Using nslookup to Deploy MODELORAT
Microsoft has reported an update to the widely observed ClickFix techniques that commonly see victims being tricked into copy and pasting PowerShell commands into the Windows run bar. In this new update, instead of directly executing PowerShell in the first instance, the command instead conducts a domain lookup using “nslookup” where the response is then parsed and executed.

02:32 [MALWARE] ARKANIX Infostealer
Researchers at Securelist detailed a newly discovered infostealer family dubbed ARKANIX STEALER. It was active in late 2025 and observed circulating primarily through Discord communities and underground forums under the guise of legitimate utilities.

04:23 [MALWARE] Android Devices Infected with KEENADU Backdoor Prior to Consumer Sale
Kaspersky discovered KEENADU Android malware pre-installed on tablets prior to consumer sales. Tablets from some manufacturers had the backdoor packed with the device firmware.

06:36 [RANSOMWARE] Poland Arrests Alleged Phobos Ransomware Affiliate
Polish authorities arrested a 47-year-old man in the Małopolska region for alleged ties to the Phobos ransomware operation. Officers from the Central Bureau for Combating Cybercrime seized computers and mobile phones containing hacking tools, login credentials, passwords, credit card data and server IP addresses.

Dive deeper:

Kroll’s Monthly Threat Intelligence Spotlight Report: https://www.kroll.com/en/reports/cyber/threat-intelligence-reports/cti-spotlight-trends-report

Kroll’s Q4 2024 Cyber Threat Landscape: https://www.kroll.com/en/reports/cyber/threat-intelligence-reports/q4-2024-threat-landscape-report-phishing

Kroll’s 2025 Cyber Threat Landscape Report: Cybercrime in the Crypto Era: https://www.kroll.com/Reports/Cyber/Threat-Intelligence-Reports/Threat-Landscape-Report-Lens-on-Crypto

Playlist of Kroll's Weekly Cyber Threat Intelligence Briefings: https://www.youtube.com/playlist

Kroll Cyber Blog: https://www.kroll.com/en/insights/cyber

Kroll Cyber Threat Intelligence: https://www.kroll.com/en/services/cyber/threat-intelligence-services

Kroll Threat Intelligence Reports: https://www.kroll.com/en/reports/cyber/threat-intelligence-reports

Kroll Responder MDR: https://www.kroll.com/en/services/cyber/kroll-responder

#krollcyber #threatintelligence #cyberthreats

Copyright © 2026 OpsMatters™. All rights reserved.