-
In a newly uncovered campaign, the threat group known as Bitter—also tracked as APT-Q-37—has leveraged both malicious Office macros and a previously undocumented WinRAR path traversal vulnerability to deliver a C# backdoor and siphon sensitive informat…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
From May to August 2025, an advanced persistent threat group known as Cavalry Werewolf—also tracked as YoroTrooper and Silent Lynx—executed a sophisticated attack campaign targeting Russia’s public sector and vital industries such as energy, mining, an…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers at Sekoia.io have uncovered a sophisticated cyberattack campaign orchestrated by APT28, the notorious Russian state-sponsored threat actor, targeting Ukrainian military personnel with weaponized Office documents that deliver advanc…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In a recently uncovered campaign, the Mysterious Elephant advanced persistent threat (APT) group has executed a sophisticated series of intrusions against government and foreign policy agencies across the Asia-Pacific region. The latest operations, act…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In a groundbreaking disclosure, CloudSEK’s TRIAD unit has unearthed internal operational materials that shed light on Charming Kitten (APT35), revealing an intricate espionage apparatus linked to Iran’s Islamic Revolutionary Guard Corps (IRGC). The lea…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cavalry Werewolf, a Russian-focused advanced persistent threat (APT) cluster, has intensified its offensive operations by experimenting with new malware variants and leveraging Telegram-based command-and-control (C2). Security teams must prioritize rea…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Patchwork, the advanced persistent threat (APT) actor also known as Dropping Elephant, Monsoon, and Hangover Group, has been observed deploying a new PowerShell-based loader that abuses Windows Scheduled Tasks to execute its final payload. Active since…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
China-linked advanced persistent threat (APT) group Phantom Taurus has intensified espionage operations against government and telecommunications targets across Africa, the Middle East, and Asia, deploying a newly discovered .NET malware suite called N…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Stormshield CTI researchers have identified two active phishing servers linked to APT35, revealing ongoing credential-stealing operations targeting government and military entities. In an active threat-hunting operation, Stormshield’s Cyber Threat Inte…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Russia-linked threat actors continue targeting civil society with sophisticated social engineering campaigns and lightweight malware tools in September 2025. The campaign delivers two previously undocumented malware families: a downloader dubbed BAITSW…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
