Major Cyber Attacks in February 2026: BQTLock, Thread-Hijack Phishing, and MFA Bypass Evolution

ANY.RUN analysts report multiple high-risk developments in February 2026: two fast, extortion-capable ransomware families (GREENBLOOD, BQTLock); two stealthy, zero-detection RATs (Moonrise, Karsto) with credential-theft and persistence capabilities; and advanced phishing playbooks—including thread-hijack attacks and PhaaS kits (EvilProxy, Tycoon2FA, Sneaky2FA) hosted on major cloud/CDN providers that evade reputation-based defenses and can bypass MFA. The piece provides sandbox-observed behaviors, sample IOCs, and recommends behavioral detonation and continuous TI feeds to detect and hunt these evasive threats.