APT

GHOSTFORM-Malware

Dust Specter Targets Iraqi Officials Using New SPLITDROP and GHOSTFORM Malware

Cybersecurity researchers have disclosed a campaign attributed to a suspected Iran-linked threat actor targeting Iraqi government officials. The attackers impersonated Iraq’s Ministry of Foreign Affairs to deliver previously unknown malware families, including SPLITDROP, TWINTASK, TWINTALK, and GHOSTFORM. Observed by Zscaler ThreatLabz in January 2026, the campaign employs two distinct infection chains that ultimately deploy these malicious tools. A […]

Dust Specter Targets Iraqi Officials Using New SPLITDROP and GHOSTFORM Malware Read More »

Ukraine-attack

APT28 Associated Campaign Uses BadPaw Loader and MeowMeow Backdoor Against Ukraine

Cybersecurity researchers have revealed a new Russian cyber campaign targeting Ukrainian organizations using two previously unknown malware families, BadPaw and MeowMeow. According to a report by ClearSky, the attack begins with a phishing email containing a link to a ZIP archive. Once extracted, an HTA file opens a decoy document in Ukrainian concerning border crossing appeals, designed to

APT28 Associated Campaign Uses BadPaw Loader and MeowMeow Backdoor Against Ukraine Read More »

APT41 Connected Silver Dragon Targets Governments with Cobalt Strike and Google Drive C2

Cybersecurity researchers have uncovered fresh details about an advanced persistent threat group known as Silver Dragon, which has been targeting government entities across Europe and Southeast Asia since at least mid 2024. According to a technical analysis published by Check Point, the group employs a mix of server exploitation and phishing attacks to gain initial access,

APT41 Connected Silver Dragon Targets Governments with Cobalt Strike and Google Drive C2 Read More »

SloppyLemming Targets Government Entities in Pakistan and Bangladesh with Dual Malware Chains

The cyber threat cluster identified as SloppyLemming has been linked to a new wave of targeted attacks against government institutions and critical infrastructure organizations in Pakistan and Bangladesh, according to fresh research from Arctic Wolf. The activity reportedly occurred between January 2025 and January 2026 and involved two separate malware delivery chains. These attack paths

SloppyLemming Targets Government Entities in Pakistan and Bangladesh with Dual Malware Chains Read More »

APT28 Linked to CVE-2026-21513 MSHTML Zero Day Exploited Ahead of Feb 2026 Patch Tuesday

A high severity Microsoft vulnerability patched during February 2026 Patch Tuesday may have been actively exploited by the Russia linked threat group APT28, according to new research from Akamai. The flaw, tracked as CVE-2026-21513 with a CVSS score of 8.8, affects the MSHTML Framework and enables attackers to bypass key Windows security protections. Microsoft described

APT28 Linked to CVE-2026-21513 MSHTML Zero Day Exploited Ahead of Feb 2026 Patch Tuesday Read More »

North Korean Hackers Release 26 Malicious npm Packages Concealing Pastebin C2 for Cross-Platform RAT

Cybersecurity researchers have uncovered a fresh wave of the ongoing Contagious Interview campaign, revealing that North Korean threat actors uploaded 26 malicious packages to the npm registry. These packages were disguised as legitimate developer utilities but secretly delivered credential stealing malware and a cross platform remote access trojan, RAT. The activity, tracked by Socket and

North Korean Hackers Release 26 Malicious npm Packages Concealing Pastebin C2 for Cross-Platform RAT Read More »

ScarCruft Uses Zoho WorkDrive and USB Malware to Infiltrate Air Gapped Networks

The North Korean threat group known as ScarCruft has been linked to a sophisticated cyber espionage campaign that leverages cloud storage services and removable media to infiltrate even isolated environments. Security researchers at Zscaler ThreatLabz have named the operation Ruby Jumper. The campaign, uncovered in December 2025, introduces several new malware families designed to conduct surveillance, move laterally across

ScarCruft Uses Zoho WorkDrive and USB Malware to Infiltrate Air Gapped Networks Read More »

Google Disrupts UNC2814 GRIDTIDE Campaign Following 53 Breaches in 42 Countries

Google has announced a coordinated effort with industry partners to dismantle the infrastructure of a suspected China linked cyber espionage group identified as UNC2814. The campaign is confirmed to have compromised at least 53 organizations across 42 countries, making it one of the most extensive cyber espionage operations uncovered in recent years. According to a

Google Disrupts UNC2814 GRIDTIDE Campaign Following 53 Breaches in 42 Countries Read More »

UAC-0050 Targets European Financial Institution Using Spoofed Domain and RMS Malware

A Russia aligned cyber threat group has been linked to a targeted social engineering campaign against a European financial institution, marking a potential expansion beyond its usual Ukraine focused operations. The activity has been attributed to UAC-0050, also known as DaVinci Group. Threat intelligence firm BlueVoyant tracks the cluster under the name Mercenary Akula. The attack reportedly targeted

UAC-0050 Targets European Financial Institution Using Spoofed Domain and RMS Malware Read More »

Lazarus Group Deploys Medusa Ransomware in Middle East and U.S. Healthcare Attacks

The North Korea aligned threat collective Lazarus Group, also tracked under alternative names such as Diamond Sleet and Pompilus, has been linked to fresh ransomware activity impacting organizations in the Middle East and the United States healthcare sector. According to research published by the Symantec and Carbon Black Threat Hunter Team, part of Broadcom, the group leveraged

Lazarus Group Deploys Medusa Ransomware in Middle East and U.S. Healthcare Attacks Read More »