APT

New DPRK Campaign Uses AI-Injected npm Malware, Fake Companies, and RATs in Cyber Attacks

Cybersecurity researchers have uncovered a sophisticated cyber campaign linked to North Korean threat actors, combining AI-generated malicious code, fake corporate identities, and advanced malware to compromise developers, particularly in the Web3 and cryptocurrency ecosystem. The operation, tracked as PromptMink, has been attributed to Famous Chollima, also known as Shifty Corsair, a group previously associated with long-running […]

New DPRK Campaign Uses AI-Injected npm Malware, Fake Companies, and RATs in Cyber Attacks Read More »

Alleged Silk Typhoon Hacker from China Extradited to the U.S. for Cyberattacks on COVID Research

A Chinese national accused of participating in a major cyber espionage campaign linked to COVID-19 research has been extradited from Italy to the United States, marking a significant development in an ongoing international cybercrime investigation. Arrest and Extradition Details The suspect, Xu Zewei, aged 34, was taken into custody by Italian authorities in July 2025. His

Alleged Silk Typhoon Hacker from China Extradited to the U.S. for Cyberattacks on COVID Research Read More »

China-Linked GopherWhisper Compromises 12 Mongolian Government Systems Using Go-Based Backdoors

A newly identified advanced persistent threat group, tracked as GopherWhisper, has been linked to a cyber espionage campaign targeting government systems in Mongolia. Security researchers have uncovered a sophisticated toolkit used to infiltrate networks and maintain long-term access. argeted Government Systems Compromised According to findings by ESET, at least 12 systems within Mongolian government infrastructure were successfully

China-Linked GopherWhisper Compromises 12 Mongolian Government Systems Using Go-Based Backdoors Read More »

UAT-10362 Launches Spear-Phishing Campaigns Targeting Taiwanese NGOs with LucidRook Malware

A newly identified cyber threat cluster, UAT-10362, has been linked to targeted spear-phishing attacks aimed at organizations in Taiwan, including non-governmental organizations (NGOs) and academic institutions. The campaign deploys a previously unknown malware framework called LucidRook. Security researchers from Cisco Talos revealed that the operation was first detected in October 2025 and demonstrates a high

UAT-10362 Launches Spear-Phishing Campaigns Targeting Taiwanese NGOs with LucidRook Malware Read More »

APT28 Launches PRISMEX Malware Campaign Targeting Ukraine and NATO Allies with Zero-Day Exploits

A new cyber espionage operation linked to Russia’s state-backed group APT28, also known as Forest Blizzard and Pawn Storm, has been uncovered targeting Ukraine and its allied nations. The campaign delivers a newly identified malware framework called PRISMEX through highly targeted spear-phishing attacks. Security researchers from Trend Micro revealed that the campaign has been active since at least

APT28 Launches PRISMEX Malware Campaign Targeting Ukraine and NATO Allies with Zero-Day Exploits Read More »

North Korea-Linked Hackers Distribute Over 1,700 Malicious Packages Across npm, PyPI, Go, and Rust Ecosystems

A large-scale software supply chain attack linked to North Korean threat actors has been uncovered, involving the of more than 1,700 malicious packages across multiple developer ecosystems, including npm, PyPI, Go, Rust, and Packagist. The campaign, tracked as Contagious Interview, demonstrates a coordinated effort to infiltrate developer environments by disguising malware as legitimate development tools.

North Korea-Linked Hackers Distribute Over 1,700 Malicious Packages Across npm, PyPI, Go, and Rust Ecosystems Read More »

Russian APT28 Exploits SOHO Routers in Global DNS Hijacking and Cyber Espionage Campaign

A sophisticated cyber espionage campaign linked to Russia’s notorious threat group APT28, also tracked as Forest Blizzard, has been uncovered targeting vulnerable home and small office routers worldwide. The operation focuses on manipulating DNS configurations to intercept sensitive data without user awareness. The campaign, named FrostArmada by Black Lotus Labs, has been active since at least May

Russian APT28 Exploits SOHO Routers in Global DNS Hijacking and Cyber Espionage Campaign Read More »

Medusa Ransomware

China-Linked Storm-1175 Exploits Zero-Day Flaws to Rapidly Deploy Medusa Ransomware Attacks

A cyber threat group associated with China, identified as Storm-1175, has been observed conducting rapid and highly coordinated cyberattacks by exploiting both undisclosed (zero-day) and known (N-day) vulnerabilities. The group is primarily focused on deploying Medusa ransomware across compromised systems. Security researchers from Microsoft Threat Intelligence report that the attackers are capable of executing high-speed intrusions, often breaching systems within

China-Linked Storm-1175 Exploits Zero-Day Flaws to Rapidly Deploy Medusa Ransomware Attacks Read More »

Silver Fox Expands Asia-Focused Cyber Campaign Using AtlasCross RAT and Fake Domains

A sophisticated cybercrime group known as Silver Fox, also tracked as SwimSnake, Valley Thief, UTG-Q-1000, and Void Arachne, has escalated its operations in Asia using a previously undocumented remote access trojan (RAT) named AtlasCross RAT. The campaign specifically targets Chinese-speaking users by leveraging typosquatted domains impersonating trusted software brands. Attack Vectors and Targeted Applications The group is

Silver Fox Expands Asia-Focused Cyber Campaign Using AtlasCross RAT and Fake Domains Read More »

Three China-Linked Threat Clusters Launch Coordinated Cyber Campaign Against Southeast Asian Government in 2025

A coordinated cyber espionage campaign involving three China-aligned threat clusters has targeted a Southeast Asian government organization throughout 2025, deploying sophisticated malware and backdoor tools. Multiple Threat Clusters Identified The activity has been traced to the following clusters: Palo Alto Networks Unit 42 researchers Palo Alto Networks Unit 42 noted, “The overlapping tactics, techniques, and procedures suggest

Three China-Linked Threat Clusters Launch Coordinated Cyber Campaign Against Southeast Asian Government in 2025 Read More »