DATE |
NAME |
INFO |
CATEGORY |
SUBCATE |
| 27.5.25 | Void Blizzard | New Russia-affiliated actor Void Blizzard targets critical sectors for espionage | GROUP | GROUP |
| 27.5.25 | TAG-110 | Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents | GROUP | GROUP |
| 22.5.25 | UAT-6382 | UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware | GROUP | GROUP |
| 20.5.25 | Hazy Hawk | From banks to battalions: SideWinder’s attacks on South Asia’s public sector | GROUP | APT |
| 16.5.24 | APT GROUP123 | Group123 is a North Korean state-sponsored advanced persistent threat (APT) group active since at least 2012. It is also tracked under other names such as APT37, Reaper, and ScarCruft by various cybersecurity firms. | GROUP | APT |
| 13.5.24 | TA406 | TA406 began targeting government entities in Ukraine, delivering both credential harvesting and malware in its phishing campaigns. The aim of these campaigns is likely to collect intelligence on the trajectory of the Russian invasion. | GROUP | CAMPAIGN |
| 9.5.24 | Gunra Ransomware | At CYFIRMA, we are committed to delivering timely insights into emerging cyber threats and the evolving tactics of cybercriminals targeting individuals and organizations. | GROUP | RANSOMWARE |
| 26.4.25 | ToyMaker | Introducing ToyMaker, an initial access broker working in cahoots with double extortion gangs | GROUP | IAB |
| 24.4.25 | UNC4736 | UNC4736 is a North Korean threat actor that has been involved in supply chain attacks targeting software chains of 3CX and X_TRADER. They have used malware strains such as TAXHAUL, Coldcat, and VEILEDSIGNAL to compromise Windows and macOS systems. | GROUP | GROUP |
| 24.4.25 | UNC1069 | (Active since at least April 2018), which targets diverse industries for financial gain using social engineering ploys by sending fake meeting invites and posing as investors from reputable companies on Telegram to gain access to victims' digital assets and cryptocurrency | GROUP | GROUP |
| 24.4.25 | UNC4899 | (Active since 2022), which is known for orchestrating job-themed campaigns that deliver malware as part of a supposed coding assignment and has previously staged supply chain compromises for financial gain (Overlaps with Jade Sleet, PUKCHONG, Slow Pisces, and TraderTraitor) | GROUP | GROUP |
| 24.4.25 | UNC5342 | (Active since at least December 2022), which is also known for employing job-related lures to trick developers into running malware-laced projects (Overlaps with Contagious Interview, DeceptiveDevelopment, DEV#POPPER, and Famous Chollima) | GROUP | GROUP |
| 22.4.25 | Billbug | Billbug: Intrusion Campaign Against Southeast Asia Continues | GROUP | Espionage group |
| 22.4.25 | Larva-24005 | During the breach investigation process, the AhnLab SEcurity intelligence Center (ASEC) discovered a new operation related to the Kimsuky group and named it Larva-24005.1 | GROUP | APT Group Profiles |
| 22.4.25 | Proton66 | Proton66 Part 1: Mass Scanning and Exploit Campaigns | GROUP | GROUP |
| 16.4.25 | UNC5174 | UNC5174’s evolution in China’s ongoing cyber warfare: From SNOWLIGHT to VShell | GROUP | GROUP |
| 15.4.25 | Slow Pisces | Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware | GROUP | GROUP |
| 11.4.25 | Core Werewolf | Core Werewolf hones its arsenal against Russia’s government organizations | GROUP | GROUP |
| 11.4.25 | Venture Wolf | Venture Wolf attempts to disrupt Russian businesses with MetaStealer | GROUP | GROUP |
| 11.4.25 | NOVA | Attackers use a fork of a popular stealer to target Russian companies | GROUP | GROUP |
| 11.4.25 | Bloody Wolf | Bloody Wolf evolution: new targets, new tools | GROUP | GROUP |
| 11.4.25 | Sapphire Werewolf | Sapphire Werewolf refines Amethyst stealer to attack energy companies | GROUP | GROUP |
| 11.4.25 | GOFFEE | GOFFEE continues to attack organizations in Russia | GROUP | GROUP |
| 10.4.25 | Everest Ransomware Group | Threat Actor Profile | GROUP | Ransomware |
| 4.4.25 | Proton66 | Bulletproof Hosting Networks and Proton66 | GROUP | GROUP |
|
27.3.25 |
FamousSparrow | You will always remember this as the day you finally caught FamousSparrow | GROUP | APT |
|
26.3.25 |
RedCurl | In mid to late 2024, Huntress uncovered activity across several organizations in Canada, with similar infrastructure and TTPs used that can be associated with the APT group known as RedCurl (aka Earth Kapre and Red Wolf). | GROUP | APT |
|
25.3.25 |
Elephant Beetle | Elephant Beetle: Uncovering an Organized Financial-Theft Operation | GROUP | GROUP |
|
25.3.25 |
Weaver Ant | Weaver Ant, the Web Shell Whisperer: Tracking a Live China-nexus Operation | GROUP | GROUP |
|
21.3.25 |
UAT-5918 | UAT-5918 targets critical infrastructure entities in Taiwan | GROUP | GROUP |
|
21.3.25 |
-=TWELVE= | -=TWELVE=- is back | GROUP | GROUP |
|
21.3.25 |
Head Mare | Head Mare: adventures of a unicorn in Russia and Belarus | GROUP | GROUP |
| 13.3.25 | Actor UNC3886 | Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers | GROUP | GROUP |
| 8.3.25 | LARVA-208 | (EncryptHub) is a threat actor that has come to the forefront with highly sophisticated spear-phishing attacks since 26 June 2024. | GROUP | GROUP |
| 6.3.25 | Silk Typhoon | Silk Typhoon targeting IT supply chain | GROUP | APT |
| 6.3.25 | Dark Caracal | The evolution of Dark Caracal tools: analysis of a campaign featuring Poco RAT | GROUP | APT |
| 6.3.25 | Lotus Panda | Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking tools | GROUP | APT |
| 4.3.25 | JavaGhost’s | JavaGhost’s Persistent Phishing Attacks From the Cloud | GROUP | GROUP |
| 27.2.25 | TraderTraitor |
TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies |
GROUP | GROUP |
| 26.2.25 | UNC1151 | UNC1151 Strikes Again: Unveiling Their Tactics Against Ukraine’s Ministry of Defence | GROUP | GROUP |
| 22.2.25 | Salt Typhoon | Weathering the storm: In the midst of a Typhoon | GROUP | APT |
| 15.2.25 | Storm-2372 | Storm-2372 conducts device code phishing campaign | GROUP | Phishing |
| 27.1.25 | GamaCopy | Love and hate under war: The GamaCopy organization, which imitates the Russian Gamaredon, uses military — related bait to launch attacks on Russia | GROUP | GROUP |
| 25.1.25 | UAC-0063 | UAC-0063: Cyber Espionage Operation Expanding from Central Asia | GROUP | GROUP |
|
16.1.25 | NICKEL TAPESTRY | NICKEL TAPESTRY Infrastructure Associated with Crowdfunding Scheme | GROUP | GROUP |
|
14.1.25 | UAC-0063 | Double-Tap Campaign: Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations | GROUP | GROUP |
| 10.2.25 | DragonRank | Trend Micro researchers observed an SEO manipulation campaign that highlights the need for organizations using Internet Information Services (IIS) to proactively update and patch systems to prevent exploitation by threat actors that use malware like BadIIS in their campaigns. | GROUP | Campaigns |
|
10.1.25 | RedDelta | Chinese State-Sponsored RedDelta Targeted Taiwan, Mongolia, and Southeast Asia with Adapted PlugX Infection Chain | GROUP | GROUP |
|
10.1.25 | MirrorFace | China-linked threat actor named MirrorFace of orchestrating a persistent attack campaign targeting organizations, businesses, and individuals in the country since 2019. | GROUP | GROUP |