APT

Operation SkyCloak Uses Tor-Enabled OpenSSH Backdoor to Target Defense Organizations

A sophisticated cyber espionage campaign, dubbed Operation SkyCloak, is using weaponized phishing emails to deploy a highly stealthy backdoor on target systems. The malware establishes persistent remote access by combining a customized OpenSSH server with a Tor hidden service, creating a covert channel that is extremely difficult to trace. The Lure: Phishing with Military Documents The […]

Operation SkyCloak Uses Tor-Enabled OpenSSH Backdoor to Target Defense Organizations Read More »

Nation-State Hackers Use New Airstalk Malware in Suspected Supply Chain Attack

A sophisticated threat actor, believed to be state-sponsored, has been discovered using a previously unknown malware family dubbed “Airstalk” in a suspected software supply chain attack. The malware uniquely abuses a legitimate enterprise mobile device management (MDM) API to establish a covert communication channel with its operators. The Attacker and the Malware’s Core Deception Tracked

Nation-State Hackers Use New Airstalk Malware in Suspected Supply Chain Attack Read More »

China-Linked Hackers Exploit Windows Shortcut Vulnerability to Target European Diplomats

A China-affiliated cyber espionage group, tracked as UNC6384, has been discovered conducting a sophisticated campaign targeting European diplomatic and government entities. The attacks, occurring between September and October 2025, exploit an unpatched Windows shortcut vulnerability to deploy the notorious PlugX remote access trojan on victim systems. Strategic Targeting of European Diplomacy According to a technical

China-Linked Hackers Exploit Windows Shortcut Vulnerability to Target European Diplomats Read More »

China-Linked Tick APT Exploits Lanscope Zero-Day to Compromise Corporate Networks

A sophisticated cyber espionage group known as Tick has been identified as the actor behind the exploitation of a critical, recently disclosed zero-day vulnerability in Motex Lanscope Endpoint Manager. This campaign, targeting specific sectors for intelligence gathering, demonstrates the continued threat posed by advanced persistent threats (APTs) to corporate network security. The Zero-Day Vulnerability: CVE-2025-61932

China-Linked Tick APT Exploits Lanscope Zero-Day to Compromise Corporate Networks Read More »

Russian Hackers Target Ukrainian Organizations Using Stealthy, Living Off the Land Tactics

Russian threat actors have reportedly conducted a series of stealthy cyberattacks on organizations in Ukraine, aiming to steal confidential data and maintain persistent access to compromised networks.According to a recent joint report by Symantec and Carbon Black Threat Hunter Team, the attacks targeted a large business services company for two months and a local government

Russian Hackers Target Ukrainian Organizations Using Stealthy, Living Off the Land Tactics Read More »

Researchers Reveal GhostCall and GhostHire, New Malware Chains Linked to BlueNoroff APT

Security researchers have exposed two coordinated malware campaigns, GhostCall and GhostHire, linked to the North Korea-associated Lazarus sub-group BlueNoroff, also tracked under names like APT38, CryptoCore, Genie Spider, Nickel Gladstone, Sapphire Sleet, and Stardust Chollima. The campaigns focus on the Web3 and blockchain ecosystem, and together they form part of a larger, long-running operation Kaspersky

Researchers Reveal GhostCall and GhostHire, New Malware Chains Linked to BlueNoroff APT Read More »

SideWinder APT Uses ClickOnce Based Attack Chain to Target South Asian Diplomats

A new cyber espionage campaign has been uncovered, showing the continuous evolution of the SideWinder advanced persistent threat (APT) group. The operation, which took place in September 2025, targeted a European embassy in New Delhi and multiple organizations across Sri Lanka, Pakistan, and Bangladesh. Researchers from Trellix, Ernesto Fernández Provecho and Pham Duy Phuc, have

SideWinder APT Uses ClickOnce Based Attack Chain to Target South Asian Diplomats Read More »

APT36 Targets Indian Government Using Golang-Based DeskRAT Malware

A Pakistan-linked threat actor, identified as Transparent Tribe (APT36), has been observed launching spear-phishing attacks against Indian government entities using a Golang-based remote access trojan (RAT) called DeskRAT. The campaign, active during August and September 2025, continues a series of operations first highlighted by CYFIRMA in August 2025 and now monitored by Sekoia. Attack MethodologyThe

APT36 Targets Indian Government Using Golang-Based DeskRAT Malware Read More »

North Korean Hackers Use Fake Job Offers to Lure Defense Engineers and Steal Drone Secrets

A persistent North Korean cyber campaign, known as Operation Dream Job, has resurfaced with a focused wave of attacks against European companies in the defense and aerospace sectors. ESET researchers Peter Kálnai and Alexis Rapin report the activity appears aimed at harvesting proprietary data and manufacturing know-how, especially tied to unmanned aerial vehicle, UAV, development.

North Korean Hackers Use Fake Job Offers to Lure Defense Engineers and Steal Drone Secrets Read More »

Iran-Linked MuddyWater Targets Over 100 Organizations in Global Espionage Campaign

Iranian-affiliated cyber group MuddyWater has launched a large-scale espionage campaign targeting more than 100 organizations, mainly across the Middle East and North Africa (MENA) region. The group has reportedly used a compromised email account to distribute a backdoor malware called Phoenix, aiming to infiltrate high-value targets and gather intelligence, according to a technical report by

Iran-Linked MuddyWater Targets Over 100 Organizations in Global Espionage Campaign Read More »