Group 2026 2026() 2025() 2024()
| 5.4.26 | TA416 | I’d come running back to EU again: TA416 resumes European government espionage campaigns | GROUP | GROUP |
| 3.4.26 | UAT-10608 | UAT-10608: Inside a large-scale automated credential harvesting operation targeting web applications | GROUP | GROUP |
| 1.4.26 | UNC1069 | North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack | GROUP | GROUP |
| 27.3.26 | Bearlyfy | Bearlyfy Hits Russian Firms with Custom GenieLocker Ransomware | GROUP | GROUP |
| 14.3.26 | Handala Hack | Handala Hack is an online persona operated by Void Manticore (aka Red Sandstorm, Banished Kitten), an actor affiliated with Iranian Ministry of Intelligence and Security (MOIS) | GROUP | GROUP |
| 14.3.26 | CL-STA-1087 | Suspected China-Based Espionage Operation Against Military Targets in Southeast Asia | GROUP | CLUSTER |
| 14.3.26 | Storm-2561 | Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft | GROUP | GROUP |
| 10.3.26 | Sednit | Sednit reloaded: Back in the trenches | GROUP | GROUP |
| 8.3.26 | Jasper Sleet | Jasper Sleet: North Korean remote IT workers’ evolving tactics to infiltrate organizations | GROUP | GROUP |
| 6.3.26 | UAT-9244 | UAT-9244 targets South American telecommunication providers with three new malware implants | GROUP | GROUP |
| 3.3.26 | SloppyLemming | SloppyLemming is an advanced actor that uses multiple cloud service providers to facilitate different aspects of their activities, such as credential harvesting, malware delivery and command and control (C2). This actor conducts extensive operations targeting Pakistani, Sri Lanka, Bangladesh, and China. | GROUP | GROUP |
| 1.3.26 | COOKIE SPIDER | COOKIE SPIDER (active since at least October 2018) develops and rents Atomic macOS Stealer (AMOS), an information stealer targeting macOS victims via multiple delivery methods, including search engine optimization (SEO) poisoning, fake job advertisements, and malicious VSCode extensions. | GROUP | GROUP |
| 1.3.26 | Diesel Vortex | Diesel Vortex: Inside the Russian cybercrime group targeting US & EU freight | GROUP | GROUP |
| 27.2.26 | APT37 | APT37 Adds New Capabilities for Air-Gapped Networks | GROUP | GROUP |
| 26.2.26 | Scattered LAPSUS$ Hunters | Cyber Intel Brief: Scattered Lapsus$ Hunters (SLH) Kicks Off Campaign to Recruit Women | GROUP | GROUP |
| 26.2.26 | UNC2814 | Exposing the Undercurrent: Disrupting the GRIDTIDE Global Cyber Espionage Campaign | GROUP | GROUP |
| 15.2.26 | Storm-2603 | Storm-2603 Exploits CVE-2026-23760 to Stage Warlock Ransomware | GROUP | GROUP |
| 14.2.26 | UAT-9921 | New threat actor, UAT-9921, leverages VoidLink framework in campaigns | GROUP | GROUP |
| 11.2.26 | UNC1069 | UNC1069 Targets Cryptocurrency Sector with New Tooling and AI-Enabled Social Engineering | GROUP | GROUP |
| 10.2.26 | UNC3886 | Largest Multi-Agency Cyber Operation Mounted to Counter Threat Posed by Advanced Persistent Threat (APT) Actor UNC3886 to Singapore’s Telecommunications Sector | GROUP | GROUP |
| 9.2.26 | Stan Ghouls | Stan Ghouls targeting Russia and Uzbekistan with NetSupport RAT | GROUP | GROUP |
| 2.2.26 | UAT-8099 | Dissecting UAT-8099: New persistence mechanisms and regional focus | GROUP | GROUP |
| 25.1.26 | UAT-9686 | UAT-9686 actively targets Cisco Secure Email Gateway and Secure Email and Web Manager | GROUP | GROUP |
|
22.1.26 |
PurpleBravo’s Targeting of the IT Software Supply Chain |
|||
|
16.1.26 |
UAT-8837 targets critical infrastructure sectors in North America |
|||
|
8.1.26 |
UAT-7290 targets high value telecommunications infrastructure in South Asia |
|||
|
7.1.26 |
UAC-0184 |