APT List 2025 - 2026 2025 2024 2021 2020 2019 2018 2017 2016
DATE | NAME |
Info | CATEG. |
WEB |
| 27.12.25 | China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware | A China-linked advanced persistent threat (APT) group has been attributed to a highly-targeted cyber espionage campaign in which the adversary poisoned Domain Name System | APT | The Hacker News |
| 25.12.25 | Denmark blames Russia for destructive cyberattack on water utility | Danish intelligence officials blamed Russia for orchestrating cyberattacks against Denmark's critical infrastructure, as part of Moscow's hybrid attacks against Western nations. | APT | |
| 23.12.25 | Iranian Infy APT Resurfaces with New Malware Activity After Years of Silence | Threat hunters have discerned new activity associated with an Iranian threat actor known as Infy (aka Prince of Persia), nearly five years after the hacking group was observed targeting | APT | |
| 20.12.25 | Google links more Chinese hacking groups to React2Shell attacks | Over the weekend, Google's threat intelligence team linked five more Chinese hacking groups to attacks exploiting the maximum-severity "React2Shell" remote code execution vulnerability. | APT | |
| 19.12.25 | China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware | A previously undocumented China-aligned threat cluster dubbed LongNosedGoblin has been attributed to a series of cyber attacks targeting governmental entities in Southeast Asia and | APT | The Hacker News |
| 18.12.25 | North Korea-Linked Hackers Steal $2.02 Billion in 2025, Leading Global Crypto Theft | Threat actors with ties to the Democratic People's Republic of Korea (DPRK or North Korea) have been instrumental in driving a surge in global cryptocurrency theft in 2025, accounting | APT | The Hacker News |
| 17.12.25 | APT28 Targets Ukrainian UKR-net Users in Long-Running Credential Phishing Campaign | The Russian state-sponsored threat actor known as APT28 has been attributed to what has been described as a "sustained" credential-harvesting campaign targeting users of UKR[.]net, | APT | The Hacker News |
| 17.12.25 | New ForumTroll Phishing Attacks Target Russian Scholars Using Fake eLibrary Emails | The threat actor linked to Operation ForumTroll has been attributed to a fresh set of phishing attacks targeting individuals within Russia, according to Kaspersky. The Russian | APT | The Hacker News |
| 17.12.25 | A Browser Extension Risk Guide After the ShadyPanda Campaign | In early December 2025, security researchers exposed a cybercrime campaign that had quietly hijacked popular Chrome and Edge browser extensions on a massive scale. A threat | APT | The Hacker News |
| 10.12.25 | Storm-0249 Escalates Ransomware Attacks with ClickFix, Fileless PowerShell, and DLL Sideloading | The threat actor known as Storm-0249 is likely shifting from its role as an initial access broker to adopt a combination of more advanced tactics like domain spoofing, DLL side- | APT | The Hacker News |
| 8.12.25 | MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign | The Iranian hacking group known as MuddyWater has been observed leveraging a new backdoor dubbed UDPGangster that uses the User Datagram Protocol (UDP) for command- | APT | The Hacker News |
| 7.12.25 | Critical React2Shell flaw actively exploited in China-linked attacks | Multiple China-linked threat actors began exploiting the React2Shell vulnerability (CVE-2025-55182) affecting React and Next.js just hours after the max-severity issue was disclosed. | APT | |
|
6.12.25 |
North Korea lures engineers to rent identities in fake IT worker scheme | In an unprecedented intelligence operation, security researchers exposed how North Korean IT recruiters target and lure developers into renting their identities for illicit fundraising. | APT | |
| 3.12.25 | ShadyPanda browser extensions amass 4.3M installs in malicious campaign | A long-running malware operation known as "ShadyPanda" has amassed over 4.3 million installations of seemingly legitimate Chrome and Edge browser extensions that evolved into malware. | APT | |
| 3.12.25 | Researchers Capture Lazarus APT's Remote-Worker Scheme Live on Camera | A joint investigation led by Mauro Eldritch, founder of BCA LTD , conducted together with threat-intel initiative NorthScan and ANY.RUN , a solution for interactive malware analysis and | APT | The Hacker News |
| 3.12.25 | Iran-Linked Hackers Hit Israeli Sectors with New MuddyViper Backdoor in Targeted Attacks | Israeli entities spanning academia, engineering, local government, manufacturing, technology, transportation, and utilities sectors have emerged as the target of a new set of | APT | The Hacker News |
| 23.11.25 | China-Linked APT31 Launches Stealthy Cyberattacks on Russian IT Using Cloud Services | The China-linked advanced persistent threat (APT) group known as APT31 has been attributed to cyber attacks targeting the Russian information technology (IT) sector between | APT | The Hacker News |
| 23.11.25 | Google exposes BadAudio malware used in APT24 espionage campaigns | China-linked APT24 hackers have been using a previously undocumented malware called BadAudio in a three-year espionage campaign that recently switched to more sophisticated attack methods. | APT | |
| 22.11.25 | ‘PlushDaemon’ hackers hijack software updates in supply-chain attacks | The China-aligned advanced persistent threat (APT) tracked as 'PlushDaemon' is hijacking software update traffic to deliver malicious payloads to its targets. | APT | |
| 21.11.25 | APT24 Deploys BADAUDIO in Years-Long Espionage Hitting Taiwan and 1,000+ Domains | A China-nexus threat actor known as APT24 has been observed using a previously undocumented malware dubbed BADAUDIO to establish persistent remote access to | APT | The Hacker News |
| 20.11.25 | Iran-Linked Hackers Mapped Ship AIS Data Days Before Real-World Missile Strike Attempt | Threat actors with ties to Iran engaged in cyber warfare as part of efforts to facilitate and enhance physical, real-world attacks, a trend that Amazon has called cyber-enabled kinetic | APT | The Hacker News |
| 16.11.25 | Five plead guilty to helping North Koreans infiltrate US firms | The U.S. Department of Justice announced that five individuals pleaded guilty to aiding North Korea's illicit revenue generation schemes, including remote IT worker fraud and cryptocurrency theft. | APT | |
| 16.11.25 | Five Plead Guilty in U.S. for Helping North Korean IT Workers Infiltrate 136 Companies | The U.S. Department of Justice (DoJ) on Friday announced that five individuals have pleaded guilty to assisting North Korea's illicit revenue generation schemes by enabling information | APT | The Hacker News |
| 15.11.25 | Iranian Hackers Launch 'SpearSpecter' Spy Operation on Defense & Government Targets | The Iranian state-sponsored threat actor known as APT42 has been observed targeting individuals and organizations that are of interest to the Islamic Revolutionary Guard Corps | APT | The Hacker News |
| 14.11.25 | APT37 hackers abuse Google Find Hub in Android data-wiping attacks | North Korean hackers from the KONNI activity cluster are abusing Google's Find Hub tool to track their targets' GPS positions and trigger remote factory resets of Android devices. | APT | |
| 9.11.25 | US sanctions North Korean bankers linked to cybercrime, IT worker fraud | The U.S. Treasury Department imposed sanctions on two North Korean financial institutions and eight individuals involved in laundering cryptocurrency stolen in cybercrime and fraudulent IT worker schemes. | APT | |
| 8.11.25 | From Log4j to IIS, China's Hackers Turn Legacy Bugs into Global Espionage Tools | A China-linked threat actor has been attributed to a cyber attack targeting an U.S. non-profit organization with an aim to establish long-term persistence, as part of broader activity aimed | APT | The Hacker News |
| 5.11.25 | Mysterious 'SmudgedSerpent' Hackers Target U.S. Policy Experts Amid Iran–Israel Tensions | A never-before-seen threat activity cluster codenamed UNK_SmudgedSerpent has been attributed as behind a set of cyber attacks targeting academics and foreign policy experts | APT | The Hacker News |
| 26.10.25 | North Korean Lazarus hackers targeted European defense companies | North Korean Lazarus hackers compromised three European companies in the defense sector through a coordinated Operation DreamJob campaign leveraging fake recruitment lures. | APT | |
| 26.10.25 | Iranian hackers targeted over 100 govt orgs with Phoenix backdoor | State-sponsored Iranian hacker group MuddyWater has targeted more than 100 government entities in attacks that deployed version 4 of the Phoenix backdoor. | APT | |
| 25.10.25 | APT36 Targets Indian Government with Golang-Based DeskRAT Malware Campaign | A Pakistan-nexus threat actor has been observed targeting Indian government entities as part of spear-phishing attacks designed to deliver a Golang-based malware known as | APT | The Hacker News |
| 25.10.25 | North Korean Hackers Lure Defense Engineers With Fake Jobs to Steal Drone Secrets | Threat actors with ties to North Korea have been attributed to a new wave of attacks targeting European companies active in the defense industry as part of a long-running | APT | The Hacker News |
| 25.10.25 | Iran-Linked MuddyWater Targets 100+ Organisations in Global Espionage Campaign | The Iranian nation-state group known as MuddyWater has been attributed to a new campaign that has leveraged a compromised email account to distribute a backdoor called Phoenix to | APT | |
| 22.10.25 | Researchers Identify PassiveNeuron APT Using Neursite and NeuralExecutor Malware | Government, financial, and industrial organizations located in Asia, Africa, and Latin America are the target of a new campaign dubbed PassiveNeuron , according to findings from | APT | The Hacker News |
| 18.10.25 | Chinese hackers abuse geo-mapping tool for year-long persistence | Chinese state hackers remained undetected in a target environment for more than a year by turning a component in the ArcGIS geo-mapping tool into a web shell. | APT | |
| 17.10.25 | North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware | The North Korean threat actor linked to the Contagious Interview campaign has been observed merging some of the functionality of two of its malware programs, indicating that | APT | The Hacker News |
| 16.10.25 | Chinese Threat Group 'Jewelbug' Quietly Infiltrated Russian IT Network for Months | A threat actor with ties to China has been attributed to a five-month-long intrusion targeting a Russian IT service provider, marking the hacking group's expansion to the country beyond | APT | |
|
11.10.25 |
Microsoft Warns of 'Payroll Pirates' Hijacking HR SaaS Accounts to Steal Employee Salaries | A threat actor known as Storm-2657 has been observed hijacking employee accounts with the end goal of diverting salary payments to attacker-controlled accounts. "Storm-2657 is actively | APT | |
|
10.10.25 |
From HealthKick to GOVERSHELL: The Evolution of UTA0388's Espionage Malware | A China-aligned threat actor codenamed UTA0388 has been attributed to a series of spear-phishing campaigns targeting North America, Asia, and Europe that are designed to deliver a | APT | |
|
8.10.25 |
Chinese Hackers Weaponize Open-Source Nezha Tool in New Attack Wave | Threat actors with suspected ties to China have turned a legitimate open-source monitoring tool called Nezha into an attack weapon, using it to deliver a known malware called Gh0st RAT to | APT | |
|
7.10.25 |
Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware | Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa | APT | |
|
7.10.25 |
New Report Links Research Firms BIETA and CIII to China's MSS Cyber Operations | A Chinese company named the Beijing Institute of Electronics Technology and Application (BIETA) has been assessed to be likely led by the Ministry of State Security (MSS). The | APT | |
| 3.10.25 | Phantom Taurus: New China-Linked Hacker Group Hits Governments With Stealth Malware | Government and telecommunications organizations across Africa, the Middle East, and Asia have emerged as the target of a previously undocumented China-aligned nation-state actor | APT | The Hacker News |
| 3.10.25 | First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package | Telecommunications and manufacturing sectors in Central and South Asian countries have emerged as the target of an ongoing campaign distributing a new variant of a known malware | APT | The Hacker News |
| 26.9.25 | New COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia-Focused Cyberattacks | The Russian advanced persistent threat (APT) group known as COLDRIVER has been attributed to a fresh round of ClickFix-style attacks designed to deliver two new "lightweight" malware families tracked as BAITSWITCH and SIMPLEFIX. | APT | The Hacker News |
| 25.9.25 | North Korean Hackers Use New AkdoorTea Backdoor to Target Global Crypto Developers | The North Korea-linked threat actors associated with the Contagious Interview campaign have been attributed to a previously undocumented backdoor called AkdoorTea, along with tools like | APT | The Hacker News |
| 25.9.25 | Chinese Hackers RedNovember Target Global Governments Using Pantegana and Cobalt Strike | A suspected cyber espionage activity cluster that was previously found targeting global government and private sector organizations spanning Africa, Asia, North America, South | APT | The Hacker News |
| 25.9.25 | UNC5221 Uses BRICKSTORM Backdoor to Infiltrate U.S. Legal and Technology Sectors | Companies in the legal services, software-as-a-service (SaaS) providers, Business Process Outsourcers (BPOs), and technology sectors in the U.S. have been targeted by a suspected | APT | The Hacker News |
| 22.9.25 | DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams | Threat actors with ties to the Democratic People's Republic of Korea (aka DPRK or North Korea) have been observed leveraging ClickFix-style lures to deliver a known malware called BeaverTail | APT | The Hacker News |
| 20.9.25 | UNC1549 Hacks 34 Devices in 11 Telecom Firms via LinkedIn Job Lures and MINIBIKE Malware | An Iran-nexus cyber espionage group known as UNC1549 has been attributed to a new campaign targeting European telecommunications companies, successfully infiltrating 34 | APT | The Hacker News |
| 19.9.25 | Russian Hackers Gamaredon and Turla Collaborate to Deploy Kazuar Backdoor in Ukraine | Cybersecurity researchers have discerned evidence of two Russian hacking groups Gamaredon and Turla collaborating together to target and co-comprise Ukrainian entities. Slovak | APT | The Hacker News |
| 18.9.25 | TA558 Uses AI-Generated Scripts to Deploy Venom RAT in Brazil Hotel Attacks | The threat actor known as TA558 has been attributed to a fresh set of attacks delivering various remote access trojans (RATs) like Venom RAT to breach hotels in Brazil and Spanish-speaking | APT | The Hacker News |
| 18.9.25 | Chinese TA415 Uses VS Code Remote Tunnels to Spy on U.S. Economic Policy Experts | A China-aligned threat actor known as TA415 has been attributed to spear-phishing campaigns targeting the U.S. government, think tanks, and academic organizations utilizing U.S.-China | APT | The Hacker News |
| 17.9.25 | Going Underground: China-aligned TA415 Conducts U.S.-China Economic Relations Targeting Using VS Code Remote Tunnels | Throughout July and August 2025, TA415 conducted spearphishing campaigns targeting United States government, think tank, and academic organizations utilizing U.S.-China economic-themed lures. | APT | PROOFPOINT |
| 17.9.25 | Chinese TA415 Uses VS Code Remote Tunnels to Spy on U.S. Economic Policy Experts | A China-aligned threat actor known as TA415 has been attributed to spear-phishing campaigns targeting the U.S. government, think tanks, and academic organizations | APT | The Hacker News |
| 11.9.25 | Chinese APT Deploys EggStreme Fileless Malware to Breach Philippine Military Systems | An advanced persistent threat (APT) group from China has been attributed to the compromise of a Philippines-based military company using a previously | APT | The Hacker News |
| 10.9.25 | China-Linked APT41 Hackers Target U.S. Trade Officials Amid 2025 Negotiations | The House Select Committee on China has formally issued an advisory warning of an "ongoing" series of highly targeted cyber espionage campaigns linked to the | APT | The Hacker News |
| 9.9.25 | 45 Previously Unreported Domains Expose Longstanding Salt Typhoon Cyber Espionage | Threat hunters have discovered a set of previously unreported domains, some going back to May 2020, that are associated with China-linked threat actors Salt Typhoon | APT | The Hacker News |
| 7.9.25 | Amazon disrupts watering hole campaign by Russia’s APT29 | Amazon’s threat intelligence team has identified and disrupted a watering hole campaign conducted by APT29 (also known as Midnight Blizzard), a threat actor associated with Russia’s Foreign Intelligence Service (SVR). | APT | AWS SECURITY BLOG |
| 6.9.25 | Amazon disrupts Russian APT29 hackers targeting Microsoft 365 | Researchers have disrupted an operation attributed to Russian state-sponsored threat group Midnight Blizzard, who sought access to Microsoft 365 accounts and data. | APT | |
| 6.9.25 | US targets North Korean IT worker army with new sanctions | The U.S. Treasury's Office of Foreign Assets Control (OFAC) has sanctioned two individuals and two companies associated with North Korean IT worker schemes that operate at the expense of American organizations. | APT | |
| 5.9.25 | Russian APT28 Deploys "NotDoor" Outlook Backdoor Against Companies in NATO Countries | The Russian state-sponsored hacking group tracked as APT28 has been attributed to a new Microsoft Outlook backdoor called NotDoor in attacks targeting multiple | APT | The Hacker News |
| 4.9.25 | Iranian Hackers Exploit 100+ Embassy Email Accounts in Global Phishing Targeting Diplomats | An Iran-nexus group has been linked to a "coordinated" and "multi-wave" spear-phishing campaign targeting the embassies and consulates in Europe and other | APT | The Hacker News |
| 4.9.25 | Lazarus Group Expands Malware Arsenal With PondRAT, ThemeForestRAT, and RemotePE | The North Korea-linked threat actor known as the Lazarus Group has been attributed to a social engineering campaign that distributes three different pieces of | APT | The Hacker News |
| 2.9.25 | Silver Fox Exploits Microsoft-Signed WatchDog Driver to Deploy ValleyRAT Malware | The threat actor known as Silver Fox has been attributed to abuse of a previously unknown vulnerable driver associated with WatchDog Anti-malware as part of a | APT | The Hacker News |
| 2.9.25 | ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics | Cybersecurity researchers have discovered a new phishing campaign undertaken by the North Korea-linked hacking group called ScarCruft (aka APT37) to deliver a | APT | The Hacker News |
| 31.8.25 | Storm-0501 hackers shift to ransomware attacks in the cloud | Microsoft warns that a threat actor tracked as Storm-0501 has evolved its operations, shifting away from encrypting devices with ransomware to focusing on cloud-based encryption, data theft, and extortion. | APT | |
| 31.8.25 | Global Salt Typhoon hacking campaigns linked to Chinese tech firms | The U.S. National Security Agency (NSA), the UK's National Cyber Security Centre (NCSC), and partners from over a dozen countries have linked the Salt Typhoon global hacking campaigns to three China-based technology firms. | APT | |
| 30.8.25 | Mustang Panda hackers hijack network captive portals in diplomat attacks | State-sponsored hackers linked to the Mustang Panda activity cluster targeted diplomats by hijacking web traffic to redirect to a malware serving website. | APT | |
| 30.8.25 | Murky Panda hackers exploit cloud trust to hack downstream customers | A Chinese state-sponsored hacking group known as Murky Panda (Silk Typhoon) exploits trusted relationships in cloud environments to gain initial access to the networks and data of downstream customers. | APT | |
| 30.8.25 | APT36 hackers abuse Linux .desktop files to install malware in new attacks | The Pakistani APT36 cyberspies are using Linux .desktop files to load malware in new attacks against government and defense entities in India. | APT | |
| 29.8.25 | Amazon Disrupts APT29 Watering Hole Campaign Abusing Microsoft Device Code Authentication | Amazon on Friday said it flagged and disrupted what it described as an opportunistic watering hole campaign orchestrated by the Russia-linked APT29 | APT | The Hacker News |
| 28.8.25 | Salt Typhoon Exploits Cisco, Ivanti, Palo Alto Flaws to Breach 600 Organizations Worldwide | The China-linked advanced persistent threat (APT) actor known as Salt Typhoon has continued its attacks targeting networks across the world, including | APT | The Hacker News |
| 28.8.25 | U.S. Treasury Sanctions DPRK IT-Worker Scheme, Exposing $600K Crypto Transfers and $1M+ Profits | The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) announced a fresh round of sanctions against two individuals and two entities for | APT | The Hacker News |
| 28.8.25 | Storm-0501 Exploits Entra ID to Exfiltrate and Delete Azure Data in Hybrid Cloud Attacks | The financially motivated threat actor known as Storm-0501 has been observed refining its tactics to conduct data exfiltration and extortion attacks targeting cloud | APT | The Hacker News |
| 28.8.25 | ShadowSilk Hits 35 Organizations in Central Asia and APAC Using Telegram Bots | A threat activity cluster known as ShadowSilk has been attributed to a fresh set of attacks targeting government entities within Central Asia and Asia-Pacific (APAC). | APT | The Hacker News |
| 26.8.25 | UNC6384 Deploys PlugX via Captive Portal Hijacks and Valid Certificates Targeting Diplomats | A China-nexus threat actor known as UNC6384 has been attributed to a set of attacks targeting diplomats in Southeast Asia and other entities across the globe to | APT | The Hacker News |
| 25.8.25 | Transparent Tribe Targets Indian Govt With Weaponized Desktop Shortcuts via Phishing | The advanced persistent threat (APT) actor known as Transparent Tribe has been observed targeting both Windows and BOSS (Bharat Operating System Solutions) | APT | The Hacker News |
| 24.8.25 | Murky Panda hackers exploit cloud trust to hack downstream customers | A Chinese state-sponsored hacking group known as Murky Panda (Silk Typhoon) exploits trusted relationships in cloud environments to gain initial access to the networks and data of downstream customers. | APT | |
| 24.8.25 | APT36 hackers abuse Linux .desktop files to install malware in new attacks | The Pakistani APT36 cyberspies are using Linux .desktop files to load malware in new attacks against government and defense entities in India. | APT | |
| 22.8.25 | Chinese Hackers Murky, Genesis, and Glacial Panda Escalate Cloud and Telecom Espionage | Cybersecurity researchers are calling attention to malicious activity orchestrated by a China-nexus cyber espionage group known as Murky Panda that involves abusing | APT | The Hacker News |
| 20.8.25 | North Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ Firms | North Korean threat actors have been attributed to a coordinated cyber espionage campaign targeting diplomatic missions in their southern counterpart between | APT | The Hacker News |
| 17.8.25 | Taiwan Web Servers Breached by UAT-7237 Using Customized Open-Source Hacking Tools | A Chinese-speaking advanced persistent threat (APT) actor has been observed targeting web infrastructure entities in Taiwan using customized versions of open- | APT | The Hacker News |
| 12.8.25 | New 'Curly COMrades' APT Using NGEN COM Hijacking in Georgia, Moldova Attacks | A previously undocumented threat actor dubbed Curly COMrades has been observed targeting entities in Georgia and Moldova as part of a cyber espionage | APT | The Hacker News |
| 05.08.25 | Vietnamese Hackers Use PXA Stealer, Hit 4,000 IPs and Steal 200,000 Passwords Globally | Cybersecurity researchers are calling attention to a new wave of campaigns distributing a Python-based information stealer called PXA Stealer. The malicious | APT | The Hacker News |
| 25.7.25 | China-Based APTs Deploy Fake Dalai Lama Apps to Spy on Tibetan Community | The Tibetan community has been targeted by a China-nexus cyber espionage group as part of two campaigns conducted last month ahead of the Dalai Lama's 90th | APT | The Hacker News |
| 22.7.25 | The SOC files: Rumble in the jungle or APT41’s new target in Africa | Some time ago, Kaspersky MDR analysts detected a targeted attack against government IT services in the African region. | APT | Securelist |
| 22.7.25 | China-Linked Hackers Launch Targeted Espionage Campaign on African IT Infrastructure | The China-linked cyber espionage group tracked as APT41 has been attributed to a new campaign targeting government IT services in the African region. "The | APT | The Hacker News |
| 20.7.25 | Chinese hackers breached National Guard to steal network configurations | The Chinese state-sponsored hacking group known as Salt Typhoon breached and remained undetected in a U.S. Army National Guard network for nine months in 2024, stealing network configuration files and administrator credentials that could be used to compromise other government networks. | APT | |
| 19.7.25 | China's Massistant Tool Secretly Extracts SMS, GPS Data, and Images From Confiscated Phones | Cybersecurity researchers have shed light on a mobile forensics tool called Massistant that's used by law enforcement authorities in China to gather | APT | The Hacker News |
| 19.7.25 | UNG0002 Group Hits China, Hong Kong, Pakistan Using LNK Files and RATs in Twin Campaigns | Multiple sectors in China, Hong Kong, and Pakistan have become the target of a threat activity cluster tracked as UNG0002 (aka Unknown Group 0002) as part of a | APT | The Hacker News |
| 18.7.25 | CERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing Campaign | The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a phishing campaign that's designed to deliver a malware codenamed | APT | The Hacker News |
| 17.7.25 | Phish and Chips: China-Aligned Espionage Actors Ramp Up Taiwan Semiconductor Industry Targeting | Between March and June 2025, Proofpoint Threat Research observed three Chinese state-sponsored threat actors conduct targeted phishing campaigns against the Taiwanese semiconductor industry. In all cases, the motive was most likely espionage. | APT | Proofpoint |
| 17.7.25 | Europol Disrupts NoName057(16) Hacktivist Group Linked to DDoS Attacks Against Ukraine | An international operation coordinated by Europol has disrupted the infrastructure of a pro-Russian hacktivist group known as NoName057(16) that has been linked to | APT | The Hacker News |
| 17.7.25 | Chinese Hackers Target Taiwan's Semiconductor Sector with Cobalt Strike, Custom Backdoors | The Taiwanese semiconductor industry has become the target of spear-phishing campaigns undertaken by three Chinese state-sponsored threat actors. "Targets of | APT | The Hacker News |
| 16.7.25 | North Korean Hackers Flood npm Registry with XORIndex Malware in Ongoing Attack Campaign | The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing another set of 67 malicious packages to the npm registry, | APT | The Hacker News |
| 11.7.25 | Alleged Chinese hacker tied to Silk Typhoon arrested for cyberespionage | A Chinese national was arrested in Milan, Italy, last week for allegedly being linked to the state-sponsored Silk Typhoon hacking group, which responsible for cyberattacks against American organizations and government agencies. | APT | |
| 10.7.25 | DoNot APT Expands Operations, Targets European Foreign Ministries with LoptikMod Malware | A threat actor with suspected ties to India has been observed targeting a European foreign affairs ministry with malware capable of harvesting sensitive data from | APT | The Hacker News |
| 9.7.25 | U.S. Sanctions North Korean Andariel Hacker Behind Fraudulent IT Worker Scheme | The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Tuesday sanctioned a member of a North Korean hacking group called Andariel for | APT | The Hacker News |
| 9.7.25 | Chinese Hacker Xu Zewei Arrested for Ties to Silk Typhoon Group and U.S. Cyber Attacks | A Chinese national has been arrested in Milan, Italy, for his alleged links to a state-sponsored hacking group known as Silk Typhoon and for carrying out cyber attacks | APT | The Hacker News |
| 5.7.25 | US disrupts North Korean IT worker "laptop farm" scheme in 16 states | The U.S. Department of Justice (DoJ) announced coordinated law enforcement actions against North Korean government's fund raising operations using remote IT workers. | APT | |
| 5.7.25 | NightEagle APT Exploits Microsoft Exchange Flaw to Target China's Military and Tech Sectors | Cybersecurity researchers have shed light on a previously undocumented threat actor called NightEagle (aka APT-Q-95) that has been observed targeting Microsoft | APT | The Hacker News |
| 2.7.25 | TA829 and UNK_GreenSec Share Tactics and Infrastructure in Ongoing Malware Campaigns | Cybersecurity researchers have flagged the tactical similarities between the threat actors behind the RomCom RAT and a cluster that has been observed delivering a | APT | The Hacker News |
| 1.7.25 | U.S. Agencies Warn of Rising Iranian Cyberattacks on Defense, OT Networks, and Critical Infrastructure | U.S. cybersecurity and intelligence agencies have issued a joint advisory warning of potential cyber-attacks from Iranian state-sponsored or affiliated threat actors. | APT | The Hacker News |
| 28.6.25 | Over 1,000 SOHO Devices Hacked in China-linked LapDogs Cyber Espionage Campaign | Threat hunters have discovered a network of more than 1,000 compromised small office and home office (SOHO) devices that have been used to facilitate a prolonged | APT | The Hacker News |
| 26.6.25 | Iranian APT35 Hackers Targeting Israeli Tech Experts with AI-Powered Phishing Attacks | An Iranian state-sponsored hacking group associated with the Islamic Revolutionary Guard Corps (IRGC) has been linked to a spear-phishing campaign targeting | APT | The Hacker News |
| 26.6.25 | APT28 hackers use Signal chats to launch new malware attacks on Ukraine | The Russian state-sponsored threat group APT28 is using Signal chats to target government targets in Ukraine with two previously undocumented malware families named BeardShell and SlimAgent. | APT | BleepingComputer |
| 26.6.25 | US Homeland Security warns of escalating Iranian cyberattack risks | The U.S. Department of Homeland Security (DHS) warned over the weekend of escalating cyberattack risks by Iran-backed hacking groups and pro-Iranian hacktivists. | APT | |
| 26.6.25 | Canada says Salt Typhoon hacked telecom firm via Cisco flaw | The Canadian Centre for Cyber Security and the FBI confirm that the Chinese state-sponsored 'Salt Typhoon' hacking group is also targeting Canadian telecommunication firms, breaching a telecom provider in February. | APT | |
| 26.6.25 | Pro-Iranian Hacktivist Group Leaks Personal Records from the 2024 Saudi Games | Thousands of personal records allegedly linked to athletes and visitors of the Saudi Games have been published online by a pro-Iranian hacktivist group called Cyber | APT | The Hacker News |
| 25.6.25 | North Korea-linked Supply Chain Attack Targets Developers with 35 Malicious npm Packages | Cybersecurity researchers have uncovered a fresh batch of malicious npm packages linked to the ongoing Contagious Interview operation originating from | APT | The Hacker News |
| 25.6.25 | APT28 Uses Signal Chat to Deploy BEARDSHELL Malware and COVENANT in Ukraine | The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new cyber attack campaign by the Russia-linked APT28 (aka UAC-0001) threat | APT | The Hacker News |
| 24.6.25 | China-linked Salt Typhoon Exploits Critical Cisco Vulnerability to Target Canadian Telecom | The Canadian Centre for Cyber Security and the U.S. Federal Bureau of Investigation (FBI) have issued an advisory warning of cyber attacks mounted by the China-linked Salt Typhoon actors to breach major global telecommunications providers as part of a cyber espionage campaign. | APT | The Hacker News |
| 24.6.25 | DHS Warns Pro-Iranian Hackers Likely to Target U.S. Networks After Iranian Nuclear Strikes | The United States government has warned of cyber attacks mounted by pro-Iranian groups after it launched airstrikes on Iranian nuclear sites as part of the Iran–Israel | APT | The Hacker News |
| 23.6.25 | Russian hackers bypass Gmail MFA using stolen app passwords | Russian hackers bypass multi-factor authentication and access Gmail accounts by leveraging app-specific passwords in advanced social engineering attacks that impersonate U.S. Department of State officials. | APT | BleepingComputer |
| 22.6.25 | Telecom giant Viasat breached by China's Salt Typhoon hackers | Satellite communications company Viasat is the latest victim of China's Salt Typhoon cyber-espionage group, which has previously hacked into the networks of multiple other telecom providers in the United States and worldwide. | APT | |
| 22.6.25 | North Korean hackers deepfake execs in Zoom call to spread Mac malware | North Korean advanced persistent threat (APT) 'BlueNoroff' (aka 'Sapphire Sleet' or 'TA444') are using deepfake company executives during fake Zoom calls to trick employees into installing custom malware on their computers. | APT | BleepingComputer |
| 20.6.25 | BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with macOS Backdoor Malware | The North Korea-aligned threat actor known as BlueNoroff has been observed targeting an employee in the Web3 sector with deceptive Zoom calls featuring deepfaked company executives to trick them into installing malware on their Apple macOS devices. | APT | The Hacker News |
| 20.6.25 | Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign | Threat actors with suspected ties to Russia have been observed taking advantage of a Google account feature called application specific passwords (or app | APT | The Hacker News |
| 18.6.25 | Iran Slows Internet to Prevent Cyber Attacks Amid Escalating Regional Conflict | Iran has throttled internet access in the country in a purported attempt to hamper Israel's ability to conduct covert cyber operations, days after the latter launched an | APT | The Hacker News |
| 18.6.25 | Silver Fox APT Targets Taiwan with Complex Gh0stCringe and HoldingHands RAT Malware | Cybersecurity researchers are warning of a new phishing campaign that's targeting users in Taiwan with malware families such as HoldingHands RAT and Gh0stCringe. | APT | The Hacker News |
| 14.6.25 | FIN6 hackers pose as job seekers to backdoor recruiters’ devices | In a twist on typical hiring-related social engineering attacks, the FIN6 hacking group impersonates job seekers to target recruiters, using convincing resumes and phishing sites to deliver malware. | APT | |
| 11.6.25 | FIN6 Uses AWS-Hosted Fake Resumes on LinkedIn to Deliver More_eggs Malware | The financially motivated threat actor known as FIN6 has been observed leveraging fake resumes hosted on Amazon Web Services (AWS) infrastructure to deliver a | APT | The Hacker News |
| 10.6.25 | Rare Werewolf APT Uses Legitimate Software in Attacks on Hundreds of Russian Enterprises | The threat actor known as Rare Werewolf (formerly Rare Wolf) has been linked to a series of cyber attacks targeting Russia and the Commonwealth of Independent | APT | The Hacker News |
| 10.6.25 | Over 70 Organizations Across Multiple Sectors Targeted by China-Linked Cyber Espionage Group | The reconnaissance activity targeting American cybersecurity company SentinelOne was part of a broader set of partially-related intrusions into several | APT | The Hacker News |
| 8.6.25 | ViLE gang members sentenced for DEA portal breach, extortion | Two members of a group of cybercriminals named ViLE were sentenced this week for hacking into a federal law enforcement web portal in an extortion scheme. | APT | BleepingComputer |
| 6.6.25 | Scattered Spider: Three things the news doesn’t tell you | Scattered Spider isn't one group — it's an identity-first threat model evolving fast. From vishing to AiTM phishing, they're exploiting MFA gaps to hijack the cloud. Watch the Push Security webinar to learn how their identity-based tactics work — and how to stop them. | APT | |
| 6.6.25 | Microsoft and CrowdStrike partner to link hacking group names | Microsoft and CrowdStrike announced today that they've partnered to connect the aliases used for specific threat groups without actually using a single naming standard. | APT | BleepingComputer |
| 5.6.25 | Researchers Detail Bitter APT's Evolving Tactics as Its Geographic Scope Expands | The threat actor known as Bitter has been assessed to be a state-backed hacking group that's tasked with gathering intelligence that aligns with the interests of the | APT | The Hacker News |
| 5.6.25 | Iran-Linked BladedFeline Hits Iraqi and Kurdish Targets with Whisper and Spearal Malware | An Iran-aligned hacking group has been attributed to a new set of cyber attacks targeting Kurdish and Iraqi government officials in early 2024. The activity is tied to | APT | The Hacker News |
| 5.6.25 | Google Exposes Vishing Group UNC6040 Targeting Salesforce with Fake Data Loader App | Google has disclosed details of a financially motivated threat cluster that it said "specializes" in voice phishing (aka vishing ) campaigns designed to breach | APT | The Hacker News |
| 3.6.25 | Microsoft and CrowdStrike Launch Shared Threat Actor Glossary to Cut Attribution Confusion | Microsoft and CrowdStrike have announced that they are teaming up to align their individual threat actor taxonomies by publishing a new joint threat actor mapping. | APT | The Hacker News |
| 1.6.25 | ConnectWise breached in cyberattack linked to nation-state hackers | IT management software firm ConnectWise says a suspected state-sponsored cyberattack breached its environment and impacted a limited number of ScreenConnect customers. | APT | BleepingComputer |
| 1.6.25 | APT41 malware abuses Google Calendar for stealthy C2 communication | The Chinese APT41 hacking group uses a new malware named 'ToughProgress' that abuses Google Calendar for command-and-control (C2) operations, hiding malicious activity behind a trusted cloud service. | APT | |
| 30.4.25 | Chinese Hackers Abuse IPv6 SLAAC for AitM Attacks via Spellbinder Lateral Movement Tool | A China-aligned advanced persistent threat (APT) group called TheWizards has been linked to a lateral movement tool called Spellbinder that can facilitate | APT | The Hacker News |
| 28.4.25 | SentinelOne Uncovers Chinese Espionage Campaign Targeting Its Infrastructure and Clients | Cybersecurity company SentinelOne has revealed that a China-nexus threat cluster dubbed PurpleHaze conducted reconnaissance attempts against its infrastructure | APT | The Hacker News |
| 28.4.25 | Earth Kurma Targets Southeast Asia With Rootkits and Cloud-Based Data Theft Tools | Government and telecommunications sectors in Southeast Asia have become the target of a "sophisticated" campaign undertaken by a new advanced persistent | APT | The Hacker News |
| 27.4.25 | Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers | Microsoft has revealed that a threat actor it tracks as Storm-1977 has conducted password spraying attacks against cloud tenants in the education sector over the | APT | The Hacker News |
| 27.4.25 | FBI seeks help to unmask Salt Typhoon hackers behind telecom breaches | The FBI has asked the public for information on Chinese Salt Typhoon hackers behind widespread breaches of telecommunications providers in the United States and worldwide. | APT | |
| 27.4.25 | Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts | In a recent espionage campaign, the infamous North Korean threat group Lazarus targeted multiple organizations in the software, IT, finance, and telecommunications sectors in South Korea. | APT | BleepingComputer |
| 26.4.25 | Lazarus hackers breach six companies in watering hole attacks | In a recent espionage campaign, the infamous North Korean threat group Lazarus targeted multiple organizations in the software, IT, finance, and telecommunications sectors in South Korea. | APT | |
| 25.4.25 | SK Telecom warns customer USIM data exposed in malware attack | South Korea's largest mobile operator, SK Telecom, is warning that a malware infection allowed threat actors to access sensitive USIM-related information for customers. | APT | |
| 25.4.25 | North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures | North Korea-linked threat actors behind the Contagious Interview have set up front companies as a way to distribute malware during the fake hiring process. "In this | APT | The Hacker News |
| 24.4.25 | Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Zero-Day and ThreatNeedle Malware | At least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole . | APT | The Hacker News |
| 24.4.25 | DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack | Multiple threat activity clusters with ties to North Korea (aka Democratic People's Republic of Korea or DPRK) have been linked to attacks targeting organizations and | APT | The Hacker News |
| 23.4.25 | Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign | The Iran-nexus threat actor known as UNC2428 has been observed delivering a backdoor known as MURKYTOUR as part of a job-themed social engineering | APT | The Hacker News |
| 22.4.25 | Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach | Microsoft on Monday announced that it has moved the Microsoft Account (MSA) signing service to Azure confidential virtual machines (VMs) and that it's also in the process of migrating the Entra ID signing service as well. | APT | The Hacker News |
| 22.4.25 | Lotus Panda Hacks SE Asian Governments With Browser Stealers and Sideloaded Malware | The China-linked cyber espionage group tracked as Lotus Panda has been attributed to a campaign that compromised multiple organizations in an unnamed | APT | The Hacker News |
| 22.4.25 | Kimsuky Exploits BlueKeep RDP Vulnerability to Breach Systems in South Korea and Japan | Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now- | APT | The Hacker News |
| 22.4.25 | Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery | Cybersecurity researchers have disclosed a surge in "mass scanning, credential brute-forcing, and exploitation attempts" originating from IP addresses associated | APT | The Hacker News |
| 21.4.25 | State-sponsored hackers embrace ClickFix social engineering tactic | ClickFix attacks are being increasingly adopted by threat actors of all levels, with researchers now seeing multiple advanced persistent threat (APT) groups from North Korea, Iran, and Russia utilizing the tactic to breach networks. | APT | |
| 21.4.25 | APT29 Deploys GRAPELOADER Malware Targeting European Diplomats Through Wine-Tasting Lures | The Russian state-sponsored threat actor known as APT29 has been linked to an advanced phishing campaign that's targeting diplomatic entities across Europe with | APT | The Hacker News |
| 20.4.25 | Midnight Blizzard deploys new GrapeLoader malware in embassy phishing | Russian state-sponsored espionage group Midnight Blizzard is behind a new spear-phishing campaign targeting diplomatic entities in Europe, including embassies. | APT | |
| 18.4.25 | Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates | The China-linked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in Myanmar with previously | APT | The Hacker News |
| 15.4.25 | Crypto Developers Targeted by Python Malware Disguised as Coding Challenges | The North Korea-linked threat actor assessed to be behind the massive Bybit hack in February 2025 has been linked to a malicious campaign that targets developers | APT | The Hacker News |
| 5.4.25 | North Korean IT worker army expands operations in Europe | North Korea's IT workers have expanded operations beyond the United States and are now increasingly targeting organizations across Europe. | APT | |
| 4.4.25 | North Korean hackers adopt ClickFix attacks to target crypto firms | The notorious North Korean Lazarus hacking group has reportedly adopted 'ClickFix' tactics to deploy malware targeting job seekers in the cryptocurrency industry, particularly centralized finance (CeFi). | APT | |
| 4.4.25 | Lazarus Group Targets Job Seekers With ClickFix Tactic to Deploy GolangGhost Malware | The North Korean threat actors behind Contagious Interview have adopted the increasingly popular ClickFix social engineering tactic to lure job seekers in the | APT | The Hacker News |
| 2.4.25 | FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites | The financially motivated threat actor known as FIN7 has been linked to a Python-based backdoor called Anubis (not to be confused with an Android banking trojan | APT | |
| 1.4.25 | China-Linked Earth Alux Uses VARGEIT and COBEACON in Multi-Stage Cyber Intrusions | Cybersecurity researchers have shed light on a new China-linked threat actor called Earth Alux that has targeted various key sectors such as government, | APT | |
|
27.3.25 |
APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware | An advanced persistent threat (APT) group with ties to Pakistan has been attributed to the creation of a fake website masquerading as India's public sector postal system as part of a campaign designed to infect both Windows and | APT | The Hacker News |
|
27.3.25 |
New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations | The Chinese threat actor known as FamousSparrow has been linked to a cyber attack targeting a trade group in the United States and a research institute in | APT | The Hacker News |
|
23.3.25 |
US removes sanctions against Tornado Cash crypto mixer | The U.S. Department of Treasury announced today that it has removed sanctions against the Tornado Cash cryptocurrency mixer, which North Korean Lazarus hackers used to launder hundreds of millions stolen in multiple crypto heists. | APT | |
|
21.3.25 |
China-Linked APT Aquatic Panda: 10-Month Campaign, 7 Global Targets, 5 Malware Families | The China-linked advanced persistent threat (APT) group. known as Aquatic Panda has been linked to a "global espionage campaign" that took place in 2022 targeting | APT | The Hacker News |
|
20.3.25 |
OKX suspends DEX aggregator after Lazarus hackers try to launder funds | OKX Web3 has decided to suspend its DEX aggregator services to implement security upgrades following reports of abuse by the notorious North Korean Lazarus hackers, who recently conducted a $1.5 billion crypto heist. | APT | |
|
19.3.25 |
Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017 | An unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns that date back to 2017. | APT | The Hacker News |
|
15.3.25 | Chinese cyberspies backdoor Juniper routers for stealthy access | Chinese hackers are deploying custom backdoors on Juniper Networks Junos OS MX routers that have reached end-of-life (EoL) and no longer receive security updates. | APT | BleepingComputer |
|
15.3.25 | North Korean Lazarus hackers infect hundreds via npm packages | Six malicious packages have been identified on npm (Node package manager) linked to the notorious North Korean hacking group Lazarus. | APT | BleepingComputer |
| 13.3.25 | North Korea's ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps | The North Korea-linked threat actor known as ScarCruft is said to have been behind a never-before-seen Android surveillance tool named KoSpy targeting | APT | The Hacker News |
| 13.3.25 | Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits | The China-nexus cyber espionage group tracked as UNC3886 has been observed targeting end-of-life MX routers from Juniper Networks as part of a campaign | APT | The Hacker News |
| 12.3.25 | Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks | The threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since | APT | The Hacker News |
| 11.3.25 | SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, Middle East, and Africa | Maritime and logistics companies in South and Southeast Asia, the Middle East, and Africa have become the target of an advanced persistent threat (APT) group | APT | The Hacker News |
| 8.3.25 | Silk Typhoon hackers now target IT supply chains to breach networks | Microsoft warns that Chinese cyber-espionage threat group 'Silk Typhoon' has shifted its tactics, now targeting remote management tools and cloud services in supply chain attacks that give them access to downstream customers. | APT | BleepingComputer |
| 8.3.25 | US charges Chinese hackers linked to critical infrastructure breaches | The US Justice Department has charged Chinese state security officers along with APT27 and i-Soon hackers for network breaches and cyberattacks that have targeted victims globally since 2011. | APT | BleepingComputer |
| 8.3.25 | FIN7, FIN8, and Others Use Ragnar Loader for Persistent Access and Ransomware Operations | Threat hunters have shed light on a "sophisticated and evolving malware toolkit" called Ragnar Loader that's used by various cybercrime and ransomware groups | APT | The Hacker News |
| 6.3.25 | China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access | The China-linked threat actor behind the zero-day exploitation of security flaws in Microsoft Exchange servers in January 2021 has shifted its tactics to target the information technology (IT) supply chain as a means to obtain initial access to | APT | The Hacker News |
| 6.3.25 | Chinese APT Lotus Panda Targets Governments With New Sagerunex Backdoor Variants | The threat actor known as Lotus Panda has been observed targeting government, manufacturing, telecommunications, and media sectors in the Philippines, | APT | The Hacker News |
| 5.3.25 | Suspected Iranian Hackers Used Compromised Indian Firm's Email to Target U.A.E. Aviation Sector | Threat hunters are calling attention to a new highly-targeted phishing campaign that singled out "fewer than five" entities in the United Arab Emirates (U.A.E.) to | APT | The Hacker News |
| 27.2.25 | Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations | A new campaign is targeting companies in Taiwan with malware known as Winos 4.0 as part of phishing emails masquerading as the country's National Taxation | APT | The Hacker News |
| 22.2.25 | Data Leak Exposes TopSec's Role in China's Censorship-as-a-Service Operations | An analysis of a data leak from a Chinese cybersecurity company TopSec has revealed that it likely offers censorship-as-a-service solutions to prospective | APT | The Hacker News |
| 22.2.25 | North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware | Freelance software developers are the target of an ongoing campaign that leverages job interview-themed lures to deliver cross-platform malware families known as BeaverTail and InvisibleFerret. The activity, linked to North Korea, has | APT | The Hacker News |
| 22.2.25 | Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks | The Chinese state-sponsored threat actor known as Mustang Panda has been observed employing a novel technique to evade detection and maintain control | APT | The Hacker News |
|
19.1.25 | US cracks down on North Korean IT worker army with more sanctions | The U.S. Treasury Department has sanctioned a network of individuals and front companies linked to North Korea's Ministry of National Defense that have generated revenue via illegal remote IT work schemes. | APT | BleepingComputer |
|
18.1.25 | U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Silk Typhoon | The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has imposed sanctions against a Chinese cybersecurity company and a Shanghai- | APT | The Hacker News |
|
18.1.25 | U.S. Sanctions North Korean IT Worker Network Supporting WMD Programs | The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned two individuals and four entities for their alleged involvement in illicit | APT | The Hacker News |
|
16.1.25 | Lazarus Group Targets Web3 Developers with Fake LinkedIn Profiles in Operation 99 | The North Korea-linked Lazarus Group has been attributed to a new cyber attack campaign dubbed Operation 99 that targeted software developers looking for | APT | The Hacker News |
|
16.1.25 | North Korean IT Worker Fraud Linked to 2016 Crowdfunding Scam and Fake Domains | Cybersecurity researchers have identified infrastructure links between the North Korean threat actors behind the fraudulent IT worker schemes and a 2016 crowdfunding scam. The new evidence suggests that Pyongyang-based | APT | The Hacker News |
|
12.1.25 | MirrorFace hackers targeting Japanese govt, politicians since 2019 | The National Police Agency (NPA) and the Cabinet Cyber Security Center in Japan have linked a cyber-espionage campaign targeting the country to the Chinese state-backed "MirrorFace" hacking group. | APT | BleepingComputer |
|
12.1.25 | US Treasury hack linked to Silk Typhoon Chinese state hackers | Chinese state-backed hackers, tracked as Silk Typhoon, have been linked to the U.S. Office of Foreign Assets Control (OFAC) hack in early December. | APT | BleepingComputer |
|
4.1.25 | U.S. Treasury Sanctions Beijing Cybersecurity Firm for State-Backed Hacking Campaigns | The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Friday issued sanctions against a Beijing-based cybersecurity company known as | APT | |
|
3.1.25 | US sanctions Chinese company linked to Flax Typhoon hackers | The U.S. Treasury Department has sanctioned Beijing-based cybersecurity company Integrity Tech (also known as Yongxin Zhicheng) for its involvement in cyberattacks attributed to the Chinese state-sponsored Flax Typhoon hacking group. | APT | BleepingComputer |