APT Blog- 2026 2025 2024 2023 2022 2021 2020 2019 2018
APT blog Attack blog BigBrother blog BotNet blog Cyber blog Cryptocurrency blog Exploit blog Hacking blog ICS blog Incident blog IoT blog Malware blog OS Blog Phishing blog Ransom blog Safety blog Security blog Social blog Spam blog Vulnerebility blog
DATE | NAME | Info | CATEG. | WEB |
| 7.2.2026 | The Shadow Campaigns: Uncovering Global Espionage | This investigation unveils a new cyberespionage group that Unit 42 tracks as TGR-STA-1030. We refer to the group’s activity as the Shadow Campaigns. We assess with high confidence that TGR-STA-1030 is a state-aligned group that operates out of Asia. Over the past year, this group has compromised government and critical infrastructure organizations across 37 countries. | APT blog | Palo Alto |
| 7.2.2026 | Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast Asia | Check Point Research (CPR) has been tracking Amaranth-Dragon, a nexus of APT-41, previously aligned with Chinese interests. The group launched highly targeted cyber-espionage campaigns throughout 2025 against government and law enforcement agencies in Southeast Asia. | APT blog | CHECKPOINT |
| 7.2.2026 | APT28’s Stealthy Multi-Stage Campaign Leveraging CVE‑2026‑21509 and Cloud C2 Infrastructure | Russian state-sponsored threat group APT28 (aka Fancy Bear or UAC-0001) has launched a sophisticated espionage campaign targeting European military and government entities, specifically targeting maritime and transport organizations across Poland, Slovenia, Turkey, Greece, the UAE, and Ukraine. | APT blog | Trelix |
| 1.2.26 | Dissecting UAT-8099: New persistence mechanisms and regional focus | Cisco Talos has identified a new, regionally targeted campaign by UAT-8099 that leverages advanced persistence techniques and custom BadIIS malware variants to compromise IIS servers, particularly in Thailand and Vietnam. | APT blog | CISCO TALOS |
| 24.1.26 | The Invisible Insider: Why AML and KYC Compliance Fail Against Digital Deception | North Korean operatives and professional money launderers have been drawing six-figure salaries from Fortune Global 500 companies by exploiting a fundamental flaw in identity verification. | APT blog | Silent Push |
| 24.1.26 | From the Shadows to the Headlines: A Decade of State-Sponsored Cyber Leaks | Analysis of a decade of major state-sponsored cyber leaks (Shadow Brokers, Vault 7, i-Soon, KittenBusters): patterns, impact, and the centrality of human vulnerability. | APT blog | Trelix |
| 17.1.26 | Unmasking the DPRK Remote Worker Problem | The DPRK remote worker program functions as a high-volume revenue engine for the North Korean regime. These state-sponsored operatives use stolen identities to secure remote roles within Western enterprises. They establish long-term persistence inside corporate infrastructure before their first meeting. These actors bypass standard IAM and EDR by mimicking the behavior, location, and hardware signatures of a domestic employee. | APT blog | Silent Push |
| 17.1.26 | APT PROFILE – KIMSUKI | Kimsuki, an advanced persistent threat (APT) group active since at least 2012, is suspected to be operating out of North Korea in direct support of the regime’s strategic objectives. The… | APT blog | |
| 17.1.26 | Inside RedVDS: How a single virtual desktop provider fueled worldwide cybercriminal operations | Microsoft’s investigation into RedVDS services and infrastructure uncovered a global network of disparate cybercriminals purchasing and using to target multiple sectors. | APT blog | Microsoft blog |
| 17.1.26 | UAT-8837 targets critical infrastructure sectors in North America | Cisco Talos is closely tracking UAT-8837, a threat actor we assess with medium confidence is a China-nexus advanced persistent threat (APT) actor. | APT blog | CISCO TALOS |
| 10.1.26 | Initial Access Sales Accelerated Across Australia and New Zealand in 2025 | Cyble’s 2025 report analyzes Initial Access sales, ransomware operations, and data breaches shaping the cyber threat landscape in Australia and New Zealand. | APT blog | |
| 10.1.26 | Resurgence of Scattered Lapsus$ hunters | Executive Summary: Recent monitoring of underground forums and Telegram communities has identified the resurgence of the Scattered Lapsus$ collective. The actors appear to be | APT blog | Cyfirma |
| 10.1.26 | UAT-7290 targets high value telecommunications infrastructure in South Asia | Talos assesses with high confidence that UAT-7290 is a sophisticated threat actor falling under the China-nexus of advanced persistent threat actors (APTs). UAT-7290 primarily targets telecommunications providers in South Asia. | APT blog | |
| 10.1.26 | Resolutions, shmesolutions (and what’s actually worked for me) | Talos' editor ditches the pressure of traditional New Year’s resolutions in favor of practical, in-the-moment changes, and finds more success by letting go of perfection. Plus, we break down the latest on UAT-7290, a newly disclosed threat actor targeting critical infrastructure. | APT blog |