APT List - 2026 2025 2024 2021 2020 2019 2018 2017 2016
DATE | NAME |
Info | CATEG. |
WEB |
| 31.1.26 | Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists | A Farsi-speaking threat actor aligned with Iranian state interests is suspected to be behind a new campaign targeting non-governmental organizations and | APT | The Hacker News |
| 31.1.26 | China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware | Cybersecurity researchers have discovered a new campaign attributed to a China-linked threat actor known as UAT-8099 that took place between late | APT | The Hacker News |
| 28.1.26 | APT Attacks Target Indian Government Using GOGITTER, GITSHELLPAD, and GOSHELL | Part 1 | In September 2025, Zscaler ThreatLabz identified two campaigns, tracked as Gopher Strike and Sheet Attack, by a threat actor that operates in Pakistan and primarily targets entities in the Indian government. | APT | ZSCALER |
| 28.1.26 | Experts Detect Pakistan-Linked Cyber Campaigns Aimed at Indian Government Entities | Indian government entities have been targeted in two campaigns undertaken by a threat actor that operates in Pakistan using previously undocumented | APT | The Hacker News |
| 25.1.26 | Sandworm hackers linked to failed wiper attack on Poland’s energy systems | A cyberattack targeting Poland's power grid in late December 2025 has been linked to the Russian state-sponsored hacking group Sandworm, which attempted to deploy a new destructive data-wiping malware dubbed DynoWiper during the attack.. | APT | |
| 25.1.26 | Konni hackers target blockchain engineers with AI-built malware | The North Korean hacker group Konni (Opal Sleet, TA406) is using AI-generated PowerShell malware to target developers and engineers in the blockchain sector. | APT | |
| 25.1.26 | UK govt. warns about ongoing Russian hacktivist group attacks | The U.K. government is warning of continued malicious activity from Russian-aligned hacktivist groups targeting critical infrastructure and local government organizations in the country in disruptive denial-of-service (DDoS) attacks. | APT | |
| 22.1.26 | North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews | As many as 3,136 individual IP addresses linked to likely targets of the Contagious Interview activity have been identified, with the campaign claiming | APT | The Hacker News |
| 22.1.26 | North Korea-Linked Hackers Target Developers via Malicious VS Code Projects | The North Korean threat actors associated with the long-running Contagious Interview campaign have been observed using malicious Microsoft Visual | APT | The Hacker News |
| 18.1.26 | China-linked hackers exploited Sitecore zero-day for initial access | An advanced threat actor tracked as UAT-8837 and believed to be linked to China has been focusing on critical infrastructure systems in North America, gaining access by exploiting both known and zero-day vulnerabilities. | APT | |
| 16.1.26 | China-Linked APT Exploits Sitecore Zero-Day in Attacks on American Critical Infrastructure | A threat actor likely aligned with China has been observed targeting critical infrastructure sectors in North America since at least last year. Cisco Talos, which is tracking the activity | APT | The Hacker News |
| 11.1.26 | New China-linked hackers breach telcos using edge device exploits | A sophisticated threat actor that uses Linux-based malware to target telecommunications providers has recently broadened its operations to include organizations in Southeastern Europe. | APT | |
| 10.1.26 | FBI warns about Kimsuky hackers using QR codes to phish U.S. orgs | The North Korean state-sponsored hacker group Kimsuki is using malicious QR codes in spearphishing campaigns that target U.S. organizations, the Federal Bureau of Investigation warns in a flash alert. | APT | |
| 10.1.26 | China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines | Chinese-speaking threat actors are suspected to have leveraged a compromised SonicWall VPN appliance as an initial access vector to deploy a VMware ESXi exploit that may have | APT | The Hacker News |
| 10.1.26 | Russian APT28 Runs Credential-Stealing Campaign Targeting Energy and Policy Organizations | Russian state-sponsored threat actors have been linked to a fresh set of credential harvesting attacks targeting individuals associated with a Turkish energy and nuclear | APT | The Hacker News |
| 8.1.26 | China-Linked UAT-7290 Targets Telecoms with Linux Malware and ORB Nodes | A China-nexus threat actor known as UAT-7290 has been attributed to espionage-focused intrusions against entities in South Asia and Southeastern Europe. The activity cluster, which | APT | The Hacker News |
| 6.1.26 | Russia-Aligned Hackers Abuse Viber to Target Ukrainian Military and Government | The Russia-aligned threat actor known as UAC-0184 has been observed targeting Ukrainian military and government entities by leveraging the Viber messaging platform to deliver | APT | The Hacker News |