Group 2024 2026() 2025() 2024()
| DATE | NAME | INFO | ||
| 17.12.24 | TA397 | Proofpoint observed advanced persistent threat (APT) TA397 targeting a Turkish defense sector organization with a lure about public infrastructure projects in Madagascar. | GROUP | GROUP |
| 14.12.24 | MUT-1244 | Getting a taste of your own medicine: Threat actor MUT-1244 targets offensive actors, leaking hundreds of thousands of credentials | GROUP | GROUP |
| 12.12.24 | Gamaredon | Unit 42 threat researchers have recently observed a threat group distributing new, custom developed malware. | GROUP | APT |
| 11.12.24 | Secret Blizzard | Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine | GROUP | GROUP |
|
26.11.24 |
RomCom exploits Firefox and Windows zero days in the wild |
GROUP |
||
|
26.11.24 |
Game of Emperor: Unveiling Long Term Earth Estries Cyber Intrusions |
GROUP |
||
|
23.11.24 |
Microsoft shares latest intelligence on North Korean and Chinese threat actors at CYBERWARCON |
GROUP |
||
|
22.11.24 |
Russia-Aligned TAG-110 Targets Asia and Europe with HATVIBE and CHERRYSPY |
GROUP |
||
|
22.11.24 |
China-Nexus TAG-112 Compromises Tibetan Websites to Distribute Cobalt Strike |
GROUP |
||
|
21.11.24 |
Unveiling WolfsBane: Gelsemium’s Linux counterpart to Gelsevirine |
GROUP |
||
|
19.11.24 |
Unveiling LIMINAL PANDA: A Closer Look at China's Cyber Threats to the Telecom Sector |
GROUP |
||
|
16.11.24 |
BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA |
GROUP |
||
|
13.11.24 |
Hamas-affiliated Threat Actor WIRTE Continues its Middle East Operations and Moves to Disruptive Activity |
GROUP |
||
|
28.10.24 |
UNC5812 | Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives | GROUP | GROUP |
|
28.10.24 | Crypt Ghouls | Analysis of the Crypt Ghouls group: continuing the investigation into a series of attacks on Russia | GROUP | GROUP |
|
27.10.24 | Water Makara | Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign, Targets Brazil With Astaroth Malware | GROUP | GROUP |
|
27.10.24 | UAT-5647 | UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants | GROUP | APT |
27.9.24 | Embargo | Embargo Ransomware Group Strikes DME Delivers in Cyber Attack | GROUP | RANSOMWARE |
27.9.24 | DragonForce | Inside the Dragon: DragonForce Ransomware Group | GROUP | RANSOMWARE |
26.9.24 | BlackJack | BlackJack is a hacktivist group that emerged at the end of 2023, targeting companies based in Russia. | GROUP | Hacktivist |
22.9.24 | Marko Polo | “Marko Polo” Navigates Uncharted Waters With Infostealer Empire | GROUP | GROUP |
21.9.24 | TWELVE | -=TWELVE=- is back | GROUP | GROUP |
13.9.24 | DragonRank | DragonRank, a Chinese-speaking SEO manipulator service provider | GROUP | GROUP |
11.9.24 | CosmicBeetle | CosmicBeetle steps up: Probation period at RansomHub | GROUP | RANSOMWARE |
9.9.24 | Unit 29155 | Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure | GROUP | Military group |
5.9.24 | Head Mare | Head Mare: adventures of a unicorn in Russia and Belarus | GROUP | GROUP |
21.8.24 | UTG-Q-010 | UTG-Q-010: Targeted Attack Campaign Against the AI and Gaming Industry | GROUP | GROUP |
21.8.24 | TA453 | Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset | GROUP | GROUP |
15.8.24 | Actor240524 | New APT Group Actor240524: A Closer Look at Its Cyber Tactics Against Azerbaijan and Israel | GROUP | APT |
6.8.24 | Moonstone Sleet | Stressed Pungsan: DPRK-aligned threat actor leverages npm for initial access | GROUP | GROUP |
2.8.24 | Cuckoo Spear – the latest Nation-state Threat Actor targeting Japanese companies | GROUP |
||
27.7.24 | Handala Hacking Team | Handala Hack: What We Know About the Rising Threat Actor | GROUP | GROUP |
27.7.24 | Cuckoo Spear | Highly sophisticated, well-funded, and strategically motivated nation-state cybersecurity threats are complex and challenging, requiring advanced cybersecurity measures, threat intelligence, and international cooperation. | GROUP | GROUP |
26.7.24 | APT45 | APT45: North Korea’s Digital Military Machine | GROUP | APT |
25.7.24 | Patchwork | The Patchwork group has updated its arsenal, launching attacks for the first time using Brute Ratel C4 and an enhanced version of PGoShell | GROUP | GROUP |
24.7.24 | Daggerfly: Espionage Group Makes Major Update to Toolset | Espionage |
||
23.7.24 | VIGORISH VIPER | GAMBLING IS NO GAME: DNS LINKS BETWEEN CHINESE ORGANIZED CRIME AND SPORTS SPONSORSHIPS | GROUP | GROUP |
23.7.24 | FLUXROOT | A Latin America (LATAM)-based financially motivated actor codenamed FLUXROOT has been observed leveraging Google Cloud serverless projects to orchestrate credential phishing activity,... | GROUP | HACKING |
23.7.24 | Prolific Puma | Play Ransomware Group’s New Linux Variant Targets ESXi, Shows Ties With Prolific Puma | GROUP | Ransomware |
19.7.24 | UNC5537 | UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion | GROUP | GROUP |
18.7.24 | TAG-100 | TAG-100 Uses Open-Source Tools in Suspected Global Espionage Campaign, Compromising Two Asia-Pacific Intergovernmental Bodies | GROUP | GROUP |
16.7.24 | MuddyWater | MuddyWater replaces Atera by custom MuddyRot implant in a recent campaign | GROUP | GROUP |
16.7.24 | Void Banshee | CVE-2024-38112: Void Banshee Targets Windows Users Through Zombie Internet Explorer in Zero-Day Attacks | GROUP | GROUP |
14.7.24 | CRYSTALRAY | CRYSTALRAY: Inside the Operations of a Rising Threat Actor Exploiting OSS Tools | GROUP | GROUP |
30.6.24 | Unfurling Hemlock | Unfurling Hemlock: New threat group uses cluster bomb campaign to distribute malware | GROUP | GROUP |
30.6.24 | KADOKAWA | Service Outages on Multiple Websites of the KADOKAWA Gro | GROUP | GROUP |
| 27.6.24 | ChamelGang | ChamelGang & Friends | Cyberespionage Groups Attacking Critical Infrastructure with Ransomware | Group | Gang |
| 26.6.24 | FIN9 | Inside the DEA Tool Hackers Allegedly Used to Extort Targets | GROUP | APT |
| 26.6.24 | ExCobalt | ExCobalt: GoRed, the hidden-tunnel technique | GROUP | Cyber Gang |
| 19.6.24 | UNC3886 | Cloaked and Covert: Uncovering UNC3886 Espionage Operations | GROUP | CAMPAIGN |
| 14.6.24 | UNC4899 | Insights on Cyber Threats Targeting Users and Enterprises in Brazil | GROUP | GROUP |
| 11.6.24 | UNC5537 | UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion | GROUP | GROUP |
| 10.6.24 | Sticky Werewolf | Howling at the Inbox: Sticky Werewolf's Latest Malicious Aviation Attacks | GROUP | GROUP |
7.6.24 | Ghostwriter is referred as an 'activity set', with various incidents tied together by overlapping behavioral characteristics and personas, rather than as an actor or group in itself. | GROUP |
||
7.6.24 | Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers | Cryptojacking |
||
3.6.24 | Analysis of APT Attack Cases Using Dora RAT Against Korean Companies (Andariel Group) | APT |
||
31.5.24 | UAC-0006 | UAC-0006 is a financially motivated threat actor that has been active since at least 2013. | Group | Group |
31.5.24 | FlyingYeti | Cloudforce One is publishing the results of our investigation and real-time effort to detect, deny, degrade, disrupt, and delay threat activity by the Russia-aligned threat actor FlyingYeti during their latest phishing campaign targeting Ukraine. | Group | Group |
30.5.24 | LilacSquid | The stealthy trilogy of PurpleInk, InkBox and InkLoader | Group | Group |
29.5.24 | Moonstone Sleet | Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks | Group | APT |
27.5.24 | Storm-0539 | Navigating cyberthreats and strengthening defenses in the era of AI | Group | Group |
25.5.24 | Space Pirates: analyzing the tools and connections of a new hacker group | Group |
||
25.5.24 | No sleep until the Cybercrime Fighters Club is done with finding the answer as to who is behind this new ransomware-as-a-service affiliate. | Group |
||
24.5.24 | SHARP DRAGON EXPANDS TOWARDS AFRICA AND THE CARIBBEAN | APT |
||
23.5.24 | Deep Dive Into Unfading Sea Haze: A New Threat Actor in the South China Sea | Group |
||
21.5.24 | Void Manticore | BAD KARMA, NO JUSTICE: VOID MANTICORE DESTRUCTIVE ACTIVITIES IN ISRAEL | Group | Group |
21.5.24 | GitCaught | GitCaught: Threat Actor Leverages GitHub Repository for Malicious Infrastructure | Group | Group |
18.5.24 | Kinsing | Kinsing Demystified A Comprehensive Technical Guide | Group | Hacking |
16.5.24 | Storm-1811 | Threat actors misusing Quick Assist in social engineering attacks leading to ransomware | Group | Group |
|
16.5.24 |
Group123 is a North Korean state-sponsored advanced persistent threat (APT) group active since at least 2012. It is also tracked under other names such as APT37, Reaper, and ScarCruft by various cybersecurity firms. |
APT |
||
|
13.5.24 |
TA406 began targeting government entities in Ukraine, delivering both credential harvesting and malware in its phishing campaigns. The aim of these campaigns is likely to collect intelligence on the trajectory of the Russian invasion. |
CAMPAIGN |
||
|
9.5.24 |
At CYFIRMA, we are committed to delivering timely insights into emerging cyber threats and the evolving tactics of cybercriminals targeting individuals and organizations. |
RANSOMWARE |
||
| 19.4.24 | FIN7 | Threat Group FIN7 Targets the U.S. Automotive Industry | Group | APT |
| 16.4.24 | Muddled Libra | Muddled Libra also uses the legitimate scalability and native functionality of CSP services to create new resources to assist with data exfiltration. | Group | Group |
| 12.4.24 | TA547 | Security Brief: TA547 Targets German Organizations with Rhadamanthys Stealer | Group | Group |
11.4.24 |
There is no indication that this campaign is linked to any known group; however, we are tracking the threat actors behind it under the moniker Virtual Invaders. | Group |
||
| 9.4.24 | Starry Addax | Starry Addax targets human rights defenders in North Africa with new malware | Group | Group |
| 5.4.24 | UTA0178 | While Volexity largely observed the attacker essentially living off the land, they still deployed a handful of malware files and tools during the course of the incident which primarily consisted of webshells, proxy utilities, and file modifications to allow credential harvesting. | Group | Group |
| 5.4.24 | CoralRaider | CoralRaider targets victims’ data and social media accounts | Group | Group |
| 2.4.24 | Earth Freybug | This article provides an in-depth look into two techniques used by Earth Freybug actors: dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to prevent child processes from being monitored via a new malware we’ve discovered and dubbed UNAPIMON. | Group | Group |
| 28.3.24 | NARWHAL SPIDER | NARWHAL SPIDER’s operation of Cutwail v2 was limited to country-specific spam campaigns, although late in 2019 there appeared to be an effort to expand by bringing in INDRIK SPIDER as a customer. | Group | APT |
| 27.3.24 | Earth Krahang | Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks | Group | APT |
| 27.3.24 | Earth Lusca | Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections | Group | APT |
| 27.3.24 | BRONZE VINEWOOD | DETAILS ON BRONZE VINEWOOD, IMPLICATED IN TARGETING OF THE U.S. ELECTION CAMPAIGN | Group | APT |
| 26.3.24 | Lord Nemesis Strikes | “Lord Nemesis Strikes: Supply Chain Attack on the Israeli Academic Sector | Group | Hacktivism |
| 26.3.24 | TA450 | Security Brief: TA450 Uses Embedded Links in PDF Attachments in Latest Campaign | Group | APT |
| 24.3.24 | Springtail | Springtail APT group abuses valid certificate of known Korean public entity | Group | APT |
| 24.3.24 | Kimsuky | The Updated APT Playbook: Tales from the Kimsuky threat actor group | Group | APT |
| 22.3.24 | UNC302 | BRONZE SPRING is a threat group that CTU researchers assess with high confidence operates on behalf of China in the theft of intellectual property from defense, engineering, pharmaceutical and technology companies | Group | Group |
| 22.3.24 | UNC3886 | UNC3886 is an advanced cyber espionage group with unique capabilities in how they operate on-network as well as the tools they utilize in their campaigns. | Group | Group |
| 22.3.24 | UNC5221 | While Volexity largely observed the attacker essentially living off the land, they still deployed a handful of malware files and tools during the course of the incident which primarily consisted of webshells, proxy utilities, and file modifications to allow credential harvesting. | Group | Group |
20.3.24 | Andariel Group (MeshAgent) is attacking by abusing domestic asset management solutions | Group |
||
18.3.24 | Ongoing ITG05 operations leverage evolving malware arsenal in global campaigns | Group |
||
| 14.3.24 | APT-C-36 | Since April 2018, an APT group (Blind Eagle, APT-C-36) suspected coming from South America carried out continuous targeted attacks against Colombian government institutions as well as important corporations in financial sector, petroleum industry, professional manufacturing, etc. | Group | APT |
| 14.3.24 | DarkCasino | DarkCasino is an economically motivated APT group that targets online trading platforms, including cryptocurrencies, online casinos, network banks, and online credit platforms. | Group | APT |
| 11.3.24 | BianLian | BianLian is a ransomware developer, deployer, and data extortion cybercriminal group that has targeted organizations in multiple U.S. critical infrastructure sectors since June 2022. | Group | Ransomware |
| 7.3.24 | Evasive Panda | Evasive Panda is an APT group that has been active since at least 2012, conducting cyberespionage targeting individuals, government institutions and organizations. | Group | APT |
| 7.3.24 | TA4903 | TA4903: Actor Spoofs U.S. Government, Small Businesses in Phishing, BEC Bids | Group | Phishing |
| 7.3.24 | 8220 Mining Group | Returned Libra, also known as 8220 Mining Group, is a cloud threat actor group that has been active since at least 2017. | Group | Cryptocurrency |
| 6.3.24 | GhostSec | GhostSec is a hacktivist group that emerged as an offshoot of Anonymous. | Group | Ransomware |
| 6.3.24 | UNC1945 | UNC1945 is an APT group that has been targeting telecommunications companies globally. | Group | APT |
| 6.3.24 | APT32 | Cyber espionage actors, now designated by FireEye as APT32 (OceanLotus Group), are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign governments, dissidents, and journalists. | Group | APT |
| 6.3.24 | Kimsuky | JOINT CYBERSECURITY ADVISORY North Korean Advanced Persistent Threat Focus: Kimsuky | Group | APT |
| 5.3.24 | TA577 | TA577’s Unusual Attack Chain Leads to NTLM Data Theft | Group | Group |
| 2.3.24 | Scattered Spider | Scattered Spider, a highly active hacking group, has made headlines by targeting more than 130 organizations, with the number of victims steadily increasing. | Group | Hacking |
| 2.3.24 | BlackTech | BlackTech is a cyber espionage group operating against targets in East Asia, particularly Taiwan, and occasionally, Japan and Hong Kong. Based on the mutexes and domain names of some of their C&C servers, BlackTech’s campaigns are likely designed to steal their target’s technology. | Group | CyberSpy |
| 2.3.24 | Peach Sandstorm | Our analysis reveals that APT33 is a capable group that has carried out cyber espionage operations since at least 2013. We assess APT33 works at the behest of the Iranian government. | Group | APT |
| 2.3.24 | LightBasin | UNC1945 is an APT group that has been targeting telecommunications companies globally. They use Linux-based implants to maintain long-term access in compromised networks. | Group | APT |
| 1.3.24 | UNC1549 | When Cats Fly: Suspected Iranian Threat Actor UNC1549 Targets Israeli and Middle East Aerospace and Defense Sectors | BigBrother | CyberSpy |
| 1.3.24 | UNC3886 | UNC3886 is an advanced cyber espionage group with unique capabilities in how they operate on-network as well as the tools they utilize in their campaigns. UNC3886 has been observed targeting firewall and virtualization technologies which lack EDR support. | Group | Group |
| 1.3.24 | Tortoiseshell | A previously undocumented attack group is using both custom and off-the-shelf malware to target IT providers in Saudi Arabia in what appear to be supply chain attacks with the end goal of compromising the IT providers’ customers. | Group | Group |
| 1.3.24 | Bohrium | Bohrium is an Iranian threat actor that has been involved in spear-phishing operations targeting organizations in the US, Middle East, and India. | Group | Group |
| 19.2.24 | TAG-70 | Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign | Group | Group |
6.2.24 | Analysis of TTPs tied to GambleForce, which carried out SQL injection attacks against companies in the APAC region | Group |
||
3.2.24 | COLDRIVER | The Coldriver Group, also known as Callisto and SEABORGIUM, is a threat actor known to attack government organizations, think tanks, and journalists in Europe and the Caucasus regions through spearphishing campaigns. | Group | Group |
3.2.24 | Shuckworm | Shuckworm: Inside Russia’s Relentless Cyber Campaign Against Ukraine | Group | Group |
3.2.24 | LitterDrifter | Malware Spotlight – Into the Trash: Analyzing LitterDrifter | Group | Group |
3.2.24 | UAC-0027 | UAC-0027 Attack Detection: Hackers Target Ukrainian Organizations Using DIRTYMOE (PURPLEFOX) Malware | Group | Group |
2.2.24 | UNC5221 | UNC5221: Unreported and Undetected WIREFIRE Web Shell Variant | Group | CyberSpy |
2.2.24 | Volt Typhoon | [Microsoft] Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering. | Group | Group |
1.2.24 | UNC4990 | Evolution of UNC4990: Uncovering USB Malware's Hidden Depths | Group | Group |
19.1.24 |
COLDRIVER | Russian threat group COLDRIVER expands its targeting of Western officials to include the use of malware | Group | Group |