APT

Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Attacks

Several state-sponsored and criminal cyber groups from China, Iran, North Korea, and Russia have increasingly targeted the defense industrial base (DIB), according to the latest findings from the Google Threat Intelligence Group (GTIG). GTIG reports that these attacks revolve around four main strategies: targeting defense entities using battlefield technologies during the Russia-Ukraine conflict, exploiting employees […]

Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Attacks Read More »

UAT-9921 Deploys VoidLink Malware Against Technology and Financial Sectors

A previously unknown threat actor, tracked as UAT-9921, has been linked to sophisticated campaigns targeting technology and financial services organizations. The adversary employs a modular malware framework named VoidLink, capable of long term, stealthy access across Linux and Windows systems, according to findings by Cisco Talos. VoidLink demonstrates advanced capabilities, including kernel level rootkits, on-demand plugin compilation, and

UAT-9921 Deploys VoidLink Malware Against Technology and Financial Sectors Read More »

Google Reports State-Backed Hackers Leveraging Gemini AI for Reconnaissance and Attack Support

Google has reported that the North Korea-linked threat actor UNC2970 is using its generative AI model Gemini for reconnaissance, highlighting a growing trend of hacking groups weaponizing AI to accelerate cyber attack operations. These capabilities include information gathering, model extraction, and enhancing attack efficiency. According to the Google Threat Intelligence Group (GTIG), UNC2970 leveraged Gemini

Google Reports State-Backed Hackers Leveraging Gemini AI for Reconnaissance and Attack Support Read More »

Lazarus Campaign Injects Malicious Packages into npm and PyPI Ecosystems

Cybersecurity researchers have uncovered a new wave of malicious packages in the npm and Python Package Index (PyPI) ecosystems linked to the North Korea-backed Lazarus Group. The campaign, dubbed graphalgo, has been active since May 2025 and leverages fake recruitment efforts to compromise developer systems. Campaign Overview Attackers create a convincing narrative around a fictitious company

Lazarus Campaign Injects Malicious Packages into npm and PyPI Ecosystems Read More »

APT36 and SideCopy Conduct Cross-Platform RAT Campaigns Targeting Indian Organizations

Indian government-linked entities and defense sector organizations are facing a new wave of cyber espionage operations attributed to Pakistan-aligned threat groups APT36, also known as Transparent Tribe, and its suspected sub-cluster SideCopy. The coordinated campaigns are designed to infiltrate both Windows and Linux systems using advanced Remote Access Trojans, RATs, capable of stealing sensitive information

APT36 and SideCopy Conduct Cross-Platform RAT Campaigns Targeting Indian Organizations Read More »

North Korea-Linked UNC1069 Uses AI Lures to Target Cryptocurrency Organizations

The North Korea-associated threat group UNC1069 has intensified its cyber operations against the cryptocurrency sector, leveraging advanced social engineering and artificial intelligence techniques to compromise Windows and macOS systems. The campaign is primarily designed to extract sensitive credentials and enable large-scale financial theft. According to findings from Google Mandiant researchers Ross Inman and Adrian Hernandez, the operation

North Korea-Linked UNC1069 Uses AI Lures to Target Cryptocurrency Organizations Read More »

DPRK Operatives Impersonate Professionals on LinkedIn to Infiltrate Organizations

Security researchers have revealed that North Korean cyber operatives are increasingly targeting global companies by impersonating legitimate professionals on LinkedIn. The threat actors are applying for remote roles using real LinkedIn accounts, often tied to verified email addresses and identity badges, to make their applications appear authentic. This long-running campaign, tracked as Jasper Sleet, PurpleDelta, and Wagemole,

DPRK Operatives Impersonate Professionals on LinkedIn to Infiltrate Organizations Read More »

China-Linked UNC3886 Targets Singapore Telecom Sector in Cyber Espionage Operations

Singapore’s Cyber Security Agency (CSA) has confirmed that a China linked cyber espionage group known as UNC3886 carried out a coordinated and targeted campaign against the country’s telecommunications sector. According to CSA, the operation was deliberate, highly organized, and carefully executed. All four major telecommunications providers in Singapore, M1, SIMBA Telecom, Singtel, and StarHub, were

China-Linked UNC3886 Targets Singapore Telecom Sector in Cyber Espionage Operations Read More »

Bloody Wolf Targets Uzbekistan and Russia with NetSupport RAT via Spear-Phishing Campaign

Cybersecurity researchers have linked a targeted cyber campaign to the threat actor known as Bloody Wolf, which is actively infecting systems in Uzbekistan and Russia through spear-phishing emails that deliver the NetSupport Remote Access Trojan. The activity is being monitored by cybersecurity firm Kaspersky under the tracking name Stan Ghouls. The group has been operational

Bloody Wolf Targets Uzbekistan and Russia with NetSupport RAT via Spear-Phishing Campaign Read More »

China-Linked DKnife AitM Framework Targets Routers to Hijack Traffic and Deliver Malware

Cybersecurity researchers have uncovered a sophisticated adversary-in-the-middle framework named DKnife, which has been operated by China-linked threat actors since at least 2019. The framework is designed to compromise routers and edge devices, enabling large-scale traffic interception, credential theft, and targeted malware distribution. According to a report published by Cisco Talos, DKnife consists of multiple Linux-based implants

China-Linked DKnife AitM Framework Targets Routers to Hijack Traffic and Deliver Malware Read More »