APT List - 2026 2025 2024 2021 2020 2019 2018 2017 2016
DATE | NAME |
Info | CATEG. |
WEB |
| 14.5.26 | Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike | The Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting governmental organizations in Ukraine. Active since at least 2016, Ghostwriter has been linked to both cyber espionage and influence operations targeting neighboring countries, particularly Ukraine. | APT | The Hacker News |
| 14.5.26 | Instructure reaches 'agreement' with ShinyHunters to stop data leak | Instructure, the edtech giant behind the widely popular Canvas learning management system (LMS), has reached an "agreement" with the ShinyHunters extortion group to prevent the data stolen in a recent breach from being leaked online. | APT | BleepingComputer |
| 10.5.26 | Americans sentenced for running 'laptop farms' for North Korea | Two U.S. nationals were sentenced to 18 months in prison each for operating so-called laptop farms that helped North Korean IT workers fraudulently obtain remote employment at nearly 70 American companies. | APT | BleepingComputer |
| 10.5.26 | MuddyWater hackers use Chaos ransomware as a decoy in attacks | The MuddyWater Iranian hackers disguised their operations as a Chaos ransomware attack, relying on Microsoft Teams social engineering to gain access and establish persistence. | APT | BleepingComputer |
| 9.5.26 | ScarCruft hackers push BirdCall Android malware via game platform | The North Korean hacker group APT37 has been delivering an Android version of a backdoor called BirdCall in a supply-chain attack through a video game platform. | APT | BleepingComputer |
| 6.5.26 | China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions | A sophisticated China-nexus advanced persistent threat (APT) group has been attributed to attacks targeting government entities in South America | APT | The Hacker News |
| 4.5.26 | Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia | The China-based cybercrime group known as Silver Fox has been linked to a new campaign targeting organizations in Russia and India with a new | APT | The Hacker News |
| 30.4.26 | New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs | Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic's Claude Opus large language model (LLM). The package in question is " | APT | The Hacker News |
| 28.4.26 | Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks | A Chinese national accused of being a member of the Silk Typhoon hacking group has been extradited to the U.S. from Italy. Xu Zewei, 34, was arrested in | APT | The Hacker News |
| 26.4.26 | New GopherWhisper APT group abuses Outlook, Slack, Discord for comms | A previously undocumented state-backed threat actor named GopherWhisper is using a Go-based custom toolkit and legitimate services like Microsoft 365 Outlook, Slack, and Discord in attacks against government entities. | APT | |
| 25.4.26 | KelpDAO suffers $290 million heist tied to Lazarus hackers | State-sponsored North Korean hackers are likely behind the $290 million crypto-heist that impacted the KelpDAO DeFi project on Saturday. | APT | BleepingComputer |
| 23.4.26 | China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors | Mongolian governmental institutions have emerged as the target of a previously undocumented China-aligned advanced persistent threat (APT) | APT | The Hacker News |
| 22.4.26 | Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles | Cybersecurity researchers have discovered a new variant of a known malware called LOTUSLITE that's distributed via a theme related to India's banking | APT | The Hacker News |
| 19.4.26 | US nationals behind DPRK IT worker 'laptop farm' sent to prison | Two U.S. nationals have been sent to prison for helping North Korean remote information technology (IT) workers to pose as U.S. residents and get hired by over 100 companies across the country, including many Fortune 500 firms. | APT | |
| 14.4.26 | North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware | The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage, social engineering campaign in which threat | APT | The Hacker News |
| 12.4.26 | Nearly 4,000 US industrial devices exposed to Iranian cyberattacks | The attack surface targeted by Iranian-linked hackers in cyberattacks against U.S. critical infrastructure networks includes thousands of Internet-exposed programmable logic controllers (PLCs) manufactured by Rockwell Automation. | APT | BleepingComputer |
| 10.4.26 | UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns | A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting Taiwanese non-governmental | APT | The Hacker News |
| 10.4.26 | Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region | An apparent hack-for-hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activists, and | APT | The Hacker News |
| 9.4.26 | APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies | The Russian threat actor known as APT28 (aka Forest Blizzard and Pawn Storm) has been linked to a fresh spear-phishing campaign targeting Ukraine | APT | The Hacker News |
| 9.4.26 | N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust | The North Korea-linked persistent campaign known as Contagious Interview has spread its tentacles by publishing malicious packages targeting the Go, | APT | The Hacker News |
| 8.4.26 | Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs | Iran-affiliated cyber actors are targeting internet-facing operational technology (OT) devices across critical infrastructures in the U.S., including programmable | APT | The Hacker News |
| 8.4.26 | Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign | The Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromised insecure MikroTik and TP- | APT | The Hacker News |
| 8.4.26 | China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware | A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day | APT | The Hacker News |
| 8.4.26 | Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations | An Iran-nexus threat actor is suspected to be behind a password-spraying campaign targeting Microsoft 365 environments in Israel and the U.A.E. | APT | The Hacker News |
| 8.4.26 | DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea | Threat actors likely associated with the Democratic People's Republic of Korea (DPRK) have been observed using GitHub as command-and-control (C2) | APT | The Hacker News |
| 8.4.26 | $285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation | Drift has revealed that the April 1, 2026, attack that led to the theft of $285 million was the culmination of a months-long targeted and meticulously | APT | The Hacker News |
| 6.4.26 | Drift loses $280 million as North Korean hackers seize Security Council powers | The Drift Protocol lost at least $280 million after a threat actor took control of its Security Council administrative powers in a planned, sophisticated operation. | APT | BleepingComputer |
| 5.4.26 | FBI warns against using Chinese mobile apps due to privacy risks | The U.S. Federal Bureau of Investigation (FBI) warned Americans against using foreign-developed mobile applications, particularly those created by Chinese developers. | APT | |
| 4.4.26 | China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing | A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year period of | APT | The Hacker News |
| 3.4.26 | UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack | The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign | APT | The Hacker News |
| 3.4.26 | Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK | Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident that | APT | The Hacker News |
| 1.4.26 | Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069 | Google has formally attributed the supply chain compromise of the popular Axios npm package to a financially motivated North Korean threat activity | APT | The Hacker News |
| 30.3.26 | Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels | Cybersecurity researchers have discovered a remote access toolkit of Russian-origin that's distributed via malicious Windows shortcut (LNK) files that are | APT | The Hacker News |
| 30.3.26 | Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign | Three threat activity clusters aligned with China have targeted a government organization in Southeast Asia as part of what has been described as a | APT | The Hacker News |
| 30.3.26 | Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack | Threat actors with ties to Iran successfully broke into the personal email account of Kash Patel, the director of the U.S. Federal Bureau of Investigation | APT | The Hacker News |
| 28.3.26 | TA446 Deploys DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign | Proofpoint has disclosed details of a targeted email campaign in which threat actors with ties to Russia are leveraging the recently disclosed DarkSword | APT | The Hacker News |
| 27.3.26 | China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks | A long-term and ongoing campaign attributed to a China-nexus threat actor has embedded itself in telecom networks to conduct espionage against | APT | The Hacker News |
| 25.3.26 | Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks | The U.S. Department of Justice (DoJ) said a Russian national has been sentenced to two years in prison for managing a botnet that was used to | APT | The Hacker News |
| 22.3.26 | Bitrefill blames North Korean Lazarus group for cyberattack | Crypto-powered gift card store Bitrefill says that the attack it suffered at the beginning of the month was likely perpetrated by North Korean hackers of the Bluenoroff group. | APT | BleepingComputer |
| 22.3.26 | Russian hackers exploit Zimbra flaw in Ukrainian govt attacks | Hackers part of APT28, a state-backed threat group linked to Russia's military intelligence service (GRU), are exploiting a Zimbra Collaboration Suite (ZCS) vulnerability in attacks targeting Ukrainian government entities. | APT | BleepingComputer |
| 21.3.26 | Europe sanctions Chinese and Iranian firms for cyberattacks | The European Union Council has announced sanctions against three entities and two individuals for their involvement in cyberattacks targeting critical infrastructure in the region. | APT | BleepingComputer |
| 18.3.26 | OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs | The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has sanctioned six individuals and two entities for their involvement in the | APT | The Hacker News |
| 14.3.26 | New ‘BlackSanta’ EDR killer spotted targeting HR departments | For more than a year, a Russian-speaking threat actor targeted human resource (HR) departments with malware that delivers a new EDR killer named BlackSanta. | APT | |
| 14.3.26 | APT28 hackers deploy customized variant of Covenant open-source tool | The Russian state-sponsored APT28 threat group is using a custom variant of the open-source Covenant post-exploitation framework for long-term espionage operations. | APT | BleepingComputer |
| 14.3.26 | Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware | A suspected China-based cyber espionage operation has targeted Southeast Asian military organizations as part of a state-sponsored campaign that dates | APT | The Hacker News |
| 14.3.26 | Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials | Microsoft has disclosed details of a credential theft campaign that employs fake virtual private network (VPN) clients distributed through search engine | APT | The Hacker News |
| 12.3.26 | ShinyHunters claims ongoing Salesforce Aura data theft attacks | Salesforce is warning customers that hackers are targeting websites with misconfigured Experience Cloud platforms that give guest users access to more data than intended. However, the ShinyHunters extortion gang claims to be actively exploiting a new bug to steal data from instances. | APT | BleepingComputer |
| 11.3.26 | UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours | A threat actor known as UNC6426 leveraged keys stolen following the supply chain compromise of the nx npm package last year to completely breach a | APT | The Hacker News |
| 10.3.26 | APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military | The Russian state-sponsored hacking group tracked as APT28 has been observed using a pair of implants dubbed BEARDSHELL and COVENANT to | APT | The Hacker News |
| 7.3.26 | Iran-Linked MuddyWater Hackers Target U.S. Networks With New Dindoor Backdoor | New research from Broadcom's Symantec and Carbon Black Threat Hunter Team has discovered evidence of an Iranian hacking group embedding itself in | APT | The Hacker News |
| 6.3.26 | China-Linked Hackers Use TernDoor, PeerTime, BruteEntry in South American Telecom Attacks | A China-linked advanced persistent threat (APT) actor has been targeting critical telecommunications infrastructure in South America since 2024, | APT | The Hacker News |
| 6.3.26 | APT28-Linked Campaign Deploys BadPaw Loader and MeowMeow Backdoor in Ukraine | Cybersecurity researchers have disclosed details of a new Russian cyber campaign that has targeted Ukrainian entities with two previously | APT | The Hacker News |
| 4.3.26 | APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2 | Cybersecurity researchers have disclosed details of an advanced persistent threat (APT) group dubbed Silver Dragon that has been linked to cyber attacks | APT | The Hacker News |
| 3.3.26 | SloppyLemming Targets Pakistan and Bangladesh Governments Using Dual Malware Chains | The threat activity cluster known as SloppyLemming has been attributed to a fresh set of attacks targeting government entities and critical infrastructure | APT | The Hacker News |
| 2.3.26 | APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday | A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat actor known as APT28 , | APT | The Hacker News |
| 2.3.26 | North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT | Cybersecurity researchers have disclosed a new iteration of the ongoing Contagious Interview campaign, where the North Korean threat actors have | APT | The Hacker News |
| 1.3.26 | APT37 hackers use new malware to breach air-gapped networks | North Korean hackers are deploying newly uncovered tools to move data between internet-connected and air-gapped systems, spread via removable drives, and conduct covert surveillance. | APT | |
| 28.2.26 | North Korean Lazarus group linked to Medusa ransomware attacks | North Korean state-backed hackers associated with the Lazarus threat group are targeting U.S. healthcare organizations in extortion attacks using the Medusa ransomware. | APT | |
| 26.2.26 | UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor | A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare sectors in the | APT | The Hacker News |
| 24.2.26 | UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware | A Russia-aligned threat actor has been observed targeting a European financial institution as part of a social engineering attack to likely facilitate | APT | The Hacker News |
| 24.2.26 | UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors | The threat activity cluster known as UnsolicitedBooker has been observed targeting telecommunications companies in Kyrgyzstan and Tajikistan, marking a shift from prior attacks aimed at Saudi Arabian entities. The attacks | APT | The Hacker News |
| 24.2.26 | APT28 Targeted European Entities Using Webhook-Based Macro Malware | The Russia-linked state-sponsored threat actor tracked as APT28 has been attributed to a new campaign targeting specific entities in Western and Central | APT | The Hacker News |
| 23.2.26 | MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP | The Iranian hacking group known as MuddyWater (aka Earth Vetala, Mango Sandstorm, and MUDDYCOAST) has targeted several organizations and | APT | The Hacker News |
| 22.2.26 | Texas sues TP-Link over Chinese hacking risks, user deception | Texas sued networking giant TP-Link Systems, accusing the company of deceptively marketing its routers as secure while allowing Chinese state-backed hackers to exploit firmware vulnerabilities and access users' devices. | APT | |
| 21.2.26 | Chinese hackers exploiting Dell zero-day flaw since mid-2024 | A suspected Chinese state-backed hacking group has been quietly exploiting a critical Dell security flaw in zero-day attacks that started in mid-2024. | APT | |
| 18.2.26 | From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day | Mandiant and Google Threat Intelligence Group (GTIG) have identified the zero-day exploitation of a high-risk vulnerability in Dell RecoverPoint for Virtual Machines, tracked as CVE-2026-22769, with a CVSSv3.1 score of 10.0. | APT | GTI |
| 15.2.26 | Fake job recruiters hide malware in developer coding challenges | A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks. | APT | |
| 13.2.26 | Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations | Several state-sponsored actors, hacktivist entities, and criminal groups from China, Iran, North Korea, and Russia have trained their sights on the defense | APT | The Hacker News |
| 13.2.26 | Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems | Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake | APT | The Hacker News |
| 11.2.26 | APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities | Indian defense sector and government-aligned organizations have been targeted by multiple campaigns that are designed to compromise Windows | APT | The Hacker News |
| 11.2.26 | DPRK Operatives Impersonate Professionals on LinkedIn to Infiltrate Companies | The information technology (IT) workers associated with the Democratic People's Republic of Korea (DPRK) are now applying to remote positions using | APT | The Hacker News |
| 10.2.26 | China-Linked UNC3886 Targets Singapore Telecom Sector in Cyber Espionage Campaign | The Cyber Security Agency (CSA) of Singapore on Monday revealed that the China-nexus cyber espionage group known as UNC3886 targeted its | APT | The Hacker News |
| 9.2.26 | Bloody Wolf Targets Uzbekistan, Russia Using NetSupport RAT in Spear-Phishing Campaign | The threat actor known as Bloody Wolf has been linked to a campaign targeting Uzbekistan and Russia to infect systems with a remote access trojan | APT | The Hacker News |
| 8.2.26 | New Amaranth Dragon cyberespionage group exploits WinRAR flaw | A new threat actor called Amaranth Dragon, linked to APT41 state-sponsored Chinese operations, exploited the CVE-2025-8088 vulnerability in WinRAR in espionage attacks on government and law enforcement agencies. | APT | |
| 7.2.26 | Notepad++ update feature hijacked by Chinese state hackers for months | Chinese state-sponsored threat actors were likely behind the hijacking of Notepad++ update traffic last year that lasted for almost half a year, the developer states in an official announcement today. | APT | |
| 7.2.26 | Mandiant details how ShinyHunters abuse SSO to steal cloud data | Mandiant says a wave of recent ShinyHunters SaaS data-theft attacks is being fueled by targeted voice phishing (vishing) attacks and company-branded phishing sites that steal single sign-on (SSO) credentials and multi-factor authentication (MFA) codes. | APT | |
| 6.2.26 | China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery | Cybersecurity researchers have taken the wraps off a gateway-monitoring and adversary-in-the-middle (AitM) framework dubbed DKnife that's operated by | APT | The Hacker News |
| 6.2.26 | Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities | A previously undocumented cyber espionage group operating from Asia broke into the networks of at least 70 government and critical infrastructure | APT | The Hacker News |
| 5.2.26 | Prince of Persia, Part II: Covering Tracks, Striking Back & a Revealing Link to the Iranian Regime Amid the Country’s Internet Blackout | Get SafeBreach Labs’s latest update on the threat actor, including new details about their Telegram attack vector, a strike back attempt at SafeBreach researchers, the discovery of a new Tornado malware variant, and activity that indicates a definitive connection to the Iranian government. | APT | SAFEBREACH |
| 5.2.26 | Infy Hackers Resume Operations with New C2 Servers After Iran Internet Blackout Ends | The elusive Iranian threat group known as Infy (aka Prince of Persia) has evolved its tactics as part of efforts to hide its tracks, even as it readied new | APT | The Hacker News |
| 4.2.26 | China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns | Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law enforcement agencies | APT | The Hacker News |
| 3.2.26 | APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks | The Russia-linked state-sponsored threat actor known as APT28 (aka UAC-0001) has been attributed to attacks exploiting a newly disclosed security flaw | APT | The Hacker News |
| 3.2.26 | Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group | A China-linked threat actor known as Lotus Blossom has been attributed with medium confidence to the recently discovered compromise of the | APT | The Hacker News |
| 31.1.26 | Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists | A Farsi-speaking threat actor aligned with Iranian state interests is suspected to be behind a new campaign targeting non-governmental organizations and | APT | The Hacker News |
| 31.1.26 | China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware | Cybersecurity researchers have discovered a new campaign attributed to a China-linked threat actor known as UAT-8099 that took place between late | APT | The Hacker News |
| 28.1.26 | APT Attacks Target Indian Government Using GOGITTER, GITSHELLPAD, and GOSHELL | Part 1 | In September 2025, Zscaler ThreatLabz identified two campaigns, tracked as Gopher Strike and Sheet Attack, by a threat actor that operates in Pakistan and primarily targets entities in the Indian government. | APT | ZSCALER |
| 28.1.26 | Experts Detect Pakistan-Linked Cyber Campaigns Aimed at Indian Government Entities | Indian government entities have been targeted in two campaigns undertaken by a threat actor that operates in Pakistan using previously undocumented | APT | The Hacker News |
| 25.1.26 | Sandworm hackers linked to failed wiper attack on Poland’s energy systems | A cyberattack targeting Poland's power grid in late December 2025 has been linked to the Russian state-sponsored hacking group Sandworm, which attempted to deploy a new destructive data-wiping malware dubbed DynoWiper during the attack.. | APT | |
| 25.1.26 | Konni hackers target blockchain engineers with AI-built malware | The North Korean hacker group Konni (Opal Sleet, TA406) is using AI-generated PowerShell malware to target developers and engineers in the blockchain sector. | APT | |
| 25.1.26 | UK govt. warns about ongoing Russian hacktivist group attacks | The U.K. government is warning of continued malicious activity from Russian-aligned hacktivist groups targeting critical infrastructure and local government organizations in the country in disruptive denial-of-service (DDoS) attacks. | APT | |
| 22.1.26 | North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews | As many as 3,136 individual IP addresses linked to likely targets of the Contagious Interview activity have been identified, with the campaign claiming | APT | The Hacker News |
| 22.1.26 | North Korea-Linked Hackers Target Developers via Malicious VS Code Projects | The North Korean threat actors associated with the long-running Contagious Interview campaign have been observed using malicious Microsoft Visual | APT | The Hacker News |
| 18.1.26 | China-linked hackers exploited Sitecore zero-day for initial access | An advanced threat actor tracked as UAT-8837 and believed to be linked to China has been focusing on critical infrastructure systems in North America, gaining access by exploiting both known and zero-day vulnerabilities. | APT | |
| 16.1.26 | China-Linked APT Exploits Sitecore Zero-Day in Attacks on American Critical Infrastructure | A threat actor likely aligned with China has been observed targeting critical infrastructure sectors in North America since at least last year. Cisco Talos, which is tracking the activity | APT | The Hacker News |
| 11.1.26 | New China-linked hackers breach telcos using edge device exploits | A sophisticated threat actor that uses Linux-based malware to target telecommunications providers has recently broadened its operations to include organizations in Southeastern Europe. | APT | |
| 10.1.26 | FBI warns about Kimsuky hackers using QR codes to phish U.S. orgs | The North Korean state-sponsored hacker group Kimsuki is using malicious QR codes in spearphishing campaigns that target U.S. organizations, the Federal Bureau of Investigation warns in a flash alert. | APT | |
| 10.1.26 | China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines | Chinese-speaking threat actors are suspected to have leveraged a compromised SonicWall VPN appliance as an initial access vector to deploy a VMware ESXi exploit that may have | APT | The Hacker News |
| 10.1.26 | Russian APT28 Runs Credential-Stealing Campaign Targeting Energy and Policy Organizations | Russian state-sponsored threat actors have been linked to a fresh set of credential harvesting attacks targeting individuals associated with a Turkish energy and nuclear | APT | The Hacker News |
| 8.1.26 | China-Linked UAT-7290 Targets Telecoms with Linux Malware and ORB Nodes | A China-nexus threat actor known as UAT-7290 has been attributed to espionage-focused intrusions against entities in South Asia and Southeastern Europe. The activity cluster, which | APT | The Hacker News |
| 6.1.26 | Russia-Aligned Hackers Abuse Viber to Target Ukrainian Military and Government | The Russia-aligned threat actor known as UAC-0184 has been observed targeting Ukrainian military and government entities by leveraging the Viber messaging platform to deliver | APT | The Hacker News |