Group 2025 2026() 2025() 2024()
|
27.12.25 |
Key Targets. Industries Affected. Geographical Focus. Infection Chain – Operation IconCat. Infection Chain – I. Infection Chain – II. Campaign-Analysis – Operation IconCat. Campaign-I Initial Findings. Looking into the malicious PDF File. Technical Analysis. Malicious PyInstaller implant – PYTRIC... |
|||
|
12.12.25 |
AridViper, an intrusion set allegedly associated with Hamas |
|||
|
28.11.25 |
Bloody Wolf: A Blunt Crowbar Threat To Justice |
|||
|
25.11.25 |
ToddyCat: your hidden email assistant. Part 1 |
|||
|
6.11.25 |
Curly COMrades: Evasion and Persistence via Hidden Hyper-V Virtual Machines |
|||
|
5.11.25 |
Crossed wires: a case study of Iranian espionage and attribution |
|||
|
2.11.25 |
CryptoChameleon: New Phishing Tactics Exhibited in FCC-Targeted Attack |
|||
|
1.11.25 |
|
Hezi Rash: Rising Kurdish Hacktivist Group Targets Global Sites |
||
|
1.11.25 |
UNC6384 Weaponizes ZDI-CAN-25373 Vulnerability to Deploy PlugX Against Hungarian and Belgian Diplomatic Entities |
|||
|
30.10.25 |
Cyber Warfare Amidst Gold's Skyrocketing Price: UTG-Q-010 Group's Supply Chain Attack Strike Directly at the Heart of HongKong's Financial Market |
|||
|
17.10.25 |
Famous Chollima deploying Python version of GolangGhost RAT |
|||
|
17.10.25 |
Vice Society is a ransomware group that has been active since at least June 2021. |
|||
|
17.10.25 |
DPRK Adopts EtherHiding: Nation-State Malware Hiding on Blockchains |
|||
|
17.10.25 |
New Group on the Block: UNC5142 Leverages EtherHiding to Distribute Malware |
|||
|
16.10.25 |
When the monster bytes: tracking TA585 and its arsenal |
|||
|
12.10.25 |
Warlock: Professional Development, China Ties, and the Multiple Variants it Planned from the Start |
RANSOMWARE |
||
|
11.10.25 |
UNC1151 Assessed with High Confidence to have Links to Belarus, Ghostwriter Campaign Aligned with Belarusian Government Interests |
|||
|
10.10.25 |
UAC-0226 is a cyber-espionage group targeting Ukrainian military, law enforcement, and local government entities—particularly near the eastern border—since February 2025. |
|||
|
10.10.25 |
UAC-0219 is a hacking group observed conducting cyber-espionage operations targeting Ukrainian critical sectors, primarily utilising WRECKSTEEL malware for file exfiltration in both VBScript and PowerShell variants. |
|||
|
10.10.25 |
UAC-0218 Attack Detection: Adversaries Steal Files Using HOMESTEEL Malware |
|||
|
8.10.25 |
BatShadow: Vietnamese Threat Actor Expands Its Digital Operations |
|||
|
5.10.25 |
UNC5174, a Chinese state-sponsored threat actor, has been identified by Mandiant for exploiting critical vulnerabilities in F5 BIG-IP and ScreenConnect. They have been linked to targeting research and education institutions, businesses, charities, NGOs, and government organizations in Southeast Asia, the U.S., and the UK |
|||
|
4.10.25 |
TAG-124’s Multi-Layered TDS Infrastructure and Extensive User Base |
|||
|
4.10.25 |
Hive0145 back in German inboxes with Strela Stealer and a backdoor |
|||
|
4.10.25 |
Confucius threat group evolves from document stealers to Python backdoors, showcasing the growing sophistication of state-aligned cyber campaigns |
|||
|
4.10.25 |
Phantom Taurus is a previously undocumented nation-state actor whose espionage operations align with People’s Republic of China (PRC) state interests. Over the past two and a half years, Unit 42 researchers have observed Phantom Taurus targeting government and telecommunications organizations across Africa, the Middle East, and Asia. |
|||
|
4.10.25 |
UAT-8099: Chinese-speaking cybercrime group targets high-value IIS for SEO fraud |
|||
|
4.10.25 |
||||
|
26.9.25 |
COLDRIVER Updates Arsenal with BAITSWITCH and SIMPLEFIX |
|||
|
26.9.25 |
DNS-Driven Insights into a Malicious Ad Network |
|||
|
25.9.25 |
RedNovember Targets Government, Defense, and Technology Organizations |
|||
|
13.9.25 |
The Cybercrime Group Redefining Threats |
|||
|
12.9.25 |
Cloud Atlas seen using a new tool in its attacks |
|||
|
30.8.25 |
Falcon Platform Prevents COOKIE SPIDER’s SHAMOS Delivery on macOS |
|||
|
27.8.25 |
Widespread Data Theft Targets Salesforce Instances via Salesloft Drift |
|||
|
27.8.25 |
TAG-144’s Persistent Grip on South American Organizations |
|||
|
22.8.25 |
MURKY PANDA: A Trusted-Relationship Threat in the Cloud |
|||
|
17.8.25 |
UAT-7237 targets Taiwanese web hosting infrastructure |
|||
|
22.7.25 |
PoisonSeed downgrading FIDO key authentications to ‘fetch’ user accounts |
|||
|
19.7.25 |
Fancy Bear, also known as APT28, is a notorious Russian cyberespionage group with a long history of targeting governments, military entities, and other high-value |
APT |
||
|
19.7.25 |
UNG0002: Regional Threat Operations Tracked Across Multiple Asian Jurisdictions |
APT |
||
|
16.7.25 |
GLOBAL GROUP: Emerging Ransomware-as-a-Service, Supporting AI Driven Negotiation and Mobile Control Panel for Their Affiliates |
RANSOMWARE |
||
|
28.6.25 |
UAC-0226 is a cyber-espionage group targeting Ukrainian military, law enforcement, and local government entities—particularly near the eastern border—since February 2025. |
|||
|
27.6.25 |
Hive0154 aka Mustang Panda shifts focus on Tibetan community to deploy Pubload backdoor |
|||
|
26.6.25 |
Dire Wolf Strikes: New Ransomware Group Targeting Global Sectors |
|||
|
20.6.25 |
Feeling Blue(Noroff): Inside a Sophisticated DPRK Web3 Intrusion |
|||
|
11.6.25 |
Eggs in a Cloudy Basket: Skeleton Spider’s Trusted Cloud Malware Delivery |
|||
|
5.6.25 |
Bitter Group Distributes CHM Malware to Chinese Organizations |
|||
|
5.6.25 |
The Cost of a Call: From Voice Phishing to Data Extortion |
|||
|
3.6.25 |
The Wiz Threat Research team has identified a widespread cryptojacking campaign targeting commonly used DevOps applications including Nomad and Consul. |
|||
|
27.5.25 |
New Russia-affiliated actor Void Blizzard targets critical sectors for espionage |
|||
|
27.5.25 |
Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents |
|||
|
22.5.25 |
UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware |
|||
|
20.5.25 |
From banks to battalions: SideWinder’s attacks on South Asia’s public sector |
APT |
||
|
26.4.25 |
Introducing ToyMaker, an initial access broker working in cahoots with double extortion gangs |
IAB |
||
|
24.4.25 |
UNC4736 is a North Korean threat actor that has been involved in supply chain attacks targeting software chains of 3CX and X_TRADER. They have used malware strains such as TAXHAUL, Coldcat, and VEILEDSIGNAL to compromise Windows and macOS systems. |
|||
|
24.4.25 |
(Active since at least April 2018), which targets diverse industries for financial gain using social engineering ploys by sending fake meeting invites and posing as investors from reputable companies on Telegram to gain access to victims' digital assets and cryptocurrency |
|||
|
24.4.25 |
(Active since 2022), which is known for orchestrating job-themed campaigns that deliver malware as part of a supposed coding assignment and has previously staged supply chain compromises for financial gain (Overlaps with Jade Sleet, PUKCHONG, Slow Pisces, and TraderTraitor) |
|||
|
24.4.25 |
(Active since at least December 2022), which is also known for employing job-related lures to trick developers into running malware-laced projects (Overlaps with Contagious Interview, DeceptiveDevelopment, DEV#POPPER, and Famous Chollima) |
|||
|
22.4.25 |
Billbug: Intrusion Campaign Against Southeast Asia Continues |
Espionage group |
||
|
22.4.25 |
During the breach investigation process, the AhnLab SEcurity intelligence Center (ASEC) discovered a new operation related to the Kimsuky group and named it Larva-24005.1 |
APT Group Profiles |
||
|
22.4.25 |
Proton66 Part 1: Mass Scanning and Exploit Campaigns |
|||
|
16.4.25 |
UNC5174’s evolution in China’s ongoing cyber warfare: From SNOWLIGHT to VShell |
|||
|
15.4.25 |
Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware |
|||
|
11.4.25 |
Core Werewolf hones its arsenal against Russia’s government organizations |
|||
|
11.4.25 |
Venture Wolf attempts to disrupt Russian businesses with MetaStealer |
|||
|
11.4.25 |
Attackers use a fork of a popular stealer to target Russian companies |
|||
|
11.4.25 |
Bloody Wolf evolution: new targets, new tools |
|||
|
11.4.25 |
Sapphire Werewolf refines Amethyst stealer to attack energy companies |
|||
|
11.4.25 |
GOFFEE continues to attack organizations in Russia |
|||
|
10.4.25 |
Threat Actor Profile |
Ransomware |
||
|
4.4.25 |
Bulletproof Hosting Networks and Proton66 |
|||
|
27.3.25 |
You will always remember this as the day you finally caught FamousSparrow |
APT |
||
|
26.3.25 |
In mid to late 2024, Huntress uncovered activity across several organizations in Canada, with similar infrastructure and TTPs used that can be associated with the APT group known as RedCurl (aka Earth Kapre and Red Wolf). |
APT |
||
|
25.3.25 |
Elephant Beetle: Uncovering an Organized Financial-Theft Operation |
|||
|
25.3.25 |
Weaver Ant, the Web Shell Whisperer: Tracking a Live China-nexus Operation |
|||
|
21.3.25 |
UAT-5918 targets critical infrastructure entities in Taiwan |
|||
|
21.3.25 |
-=TWELVE=- is back |
|||
|
21.3.25 |
Head Mare: adventures of a unicorn in Russia and Belarus |
|||
|
13.3.25 |
Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers |
|||
|
8.3.25 |
(EncryptHub) is a threat actor that has come to the forefront with highly sophisticated spear-phishing attacks since 26 June 2024. |
|||
|
6.3.25 |
Silk Typhoon targeting IT supply chain |
APT |
||
|
6.3.25 |
The evolution of Dark Caracal tools: analysis of a campaign featuring Poco RAT |
APT |
||
|
6.3.25 |
Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking tools |
APT |
||
|
4.3.25 |
JavaGhost’s Persistent Phishing Attacks From the Cloud |
|||
|
27.2.25 |
TraderTraitor: North Korean State-Sponsored |
|||
|
26.2.25 |
UNC1151 Strikes Again: Unveiling Their Tactics Against Ukraine’s Ministry of Defence |
|||
|
22.2.25 |
Weathering the storm: In the midst of a Typhoon |
APT |
||
|
15.2.25 |
Storm-2372 conducts device code phishing campaign |
Phishing |
||
|
27.1.25 |
Love and hate under war: The GamaCopy organization, which imitates the Russian Gamaredon, uses military — related bait to launch attacks on Russia |
|||
|
25.1.25 |
UAC-0063: Cyber Espionage Operation Expanding from Central Asia |
|||
|
16.1.25 |
NICKEL TAPESTRY Infrastructure Associated with Crowdfunding Scheme |
|||
|
14.1.25 |
Double-Tap Campaign: Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations |
|||
|
10.2.25 |
Trend Micro researchers observed an SEO manipulation campaign that highlights the need for organizations using Internet Information Services (IIS) to proactively update and patch systems to prevent exploitation by threat actors that use malware like BadIIS in their campaigns. |
Campaigns |
||
|
10.1.25 |
Chinese State-Sponsored RedDelta Targeted Taiwan, Mongolia, and Southeast Asia with Adapted PlugX Infection Chain |
|||
|
10.1.25 |
China-linked threat actor named MirrorFace of orchestrating a persistent attack campaign targeting organizations, businesses, and individuals in the country since 2019. |