-
A notable operational pivot by the GRU-linked intrusion set APT28 (aka Fancy Bear, Sofacy, Forest Blizzard, Pawn Storm) that combines the MooBot botnet and compromised EdgeRouters to enable resilient cyber operations. This shift amplifies APT28’s long-…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
BRICKSTORM is a modular remote access trojan (RAT) originally seen in Golang and later in Rust. It uses a wssoft library with pluggable “tasks” for shell commands, a Socks5 proxy, and a simple web server for file listing. An incident response engagemen…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly observed cyber campaign linked to the Iran-aligned threat group Nimbus Manticore (also tracked as UNC1549 and Smoke Sandstorm) is targeting aerospace and defense organizations using a deceptive recruitment workflow that delivers custom malware …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sustained cyber espionage campaign attributed to the Cloud Atlas advanced persistent threat (APT) group has introduced a stealthy technique that modifies the Windows termsrv.dll library to enable multiple Remote Desktop Protocol (RDP) sessions on com…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly observed cyber campaign linked to the Iranian IRGC-affiliated threat group Nimbus Manticore (also tracked as UNC1549) highlights an evolution in both delivery tactics and malware sophistication. The activity, uncovered during the ongoing geopol…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated Russian-language threat cluster known as Paper Werewolf (also tracked as GOFFEE) has launched a fresh wave of targeted cyberattacks against Russian industrial, financial, and transport organizations between March and April 202…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Chinese state-aligned hackers compromised a Microsoft Exchange server at a major energy firm. They repeatedly reused that same entry point to run a months‑long espionage operation, deploying the Deed RAT and Terndoor backdoors to maintain deep access a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Seedworm also known as MuddyWater, Temp Zagros, and Static Kitten is widely attributed to Iran’s Ministry of Intelligence and Security (MOIS). An Iran-linked cyber-espionage group has launched a stealthy global campaign, abusing trusted software to inf…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new attribution framework is reshaping how cybersecurity analysts connect advanced persistent threat (APT) activity, moving beyond static group labels toward a dynamic, multi-layered model that reflects how modern adversaries actually operate. These …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Censys has warned that more than 5,000 Rockwell Automation/Allen-Bradley PLCs are currently exposed to the internet as Iranian-affiliated APT actors actively target these devices across U.S. critical infrastructure. The same operators were previously a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
