APT

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government and Infrastructure Organizations

Cybersecurity researchers at Palo Alto Networks Unit 42 have uncovered a previously unknown state-backed cyber espionage group that has compromised at least 70 government and critical infrastructure organizations across 37 countries within the last year. The threat actor, tracked as TGR-STA-1030, has also conducted widespread reconnaissance activities targeting government-related infrastructure in 155 countries between November and […]

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government and Infrastructure Organizations Read More »

Infy Hackers Restart Operations Using New C2 Servers After Iran’s Internet Blackout Ends

The Iranian state-linked threat group known as Infy, also tracked as Prince of Persia, has resumed cyber operations after a temporary pause that coincided with Iran’s nationwide internet shutdown in early January 2026. Researchers say the group reappeared with new command-and-control (C2) servers, reinforcing assessments that Infy operates with state backing. According to a report released by SafeBreach, the

Infy Hackers Restart Operations Using New C2 Servers After Iran’s Internet Blackout Ends Read More »

APT28 Leverages Microsoft Office CVE-2026-21509 in Espionage Oriented Malware Attacks

A Russia-linked state-sponsored hacking group known as APT28, also tracked as UAC-0001, has been linked to a new cyber espionage campaign that abuses a recently disclosed Microsoft Office vulnerability. The operation, internally referred to as Operation Neusploit, leverages CVE-2026-21509 to deliver sophisticated malware payloads against targeted regions. Exploitation Observed Shortly After Disclosure According to Zscaler ThreatLabz,

APT28 Leverages Microsoft Office CVE-2026-21509 in Espionage Oriented Malware Attacks Read More »

Notepad++ Hosting Breach Linked to China Linked Lotus Blossom Hacking Group

A China linked cyber espionage group tracked as Lotus Blossom has been attributed with medium confidence to the recent compromise of infrastructure used to host the Notepad++ project. The attribution comes from new technical findings released by cybersecurity firm Rapid7. According to the investigation, the intrusion allowed the state sponsored threat actor to deliver a

Notepad++ Hosting Breach Linked to China Linked Lotus Blossom Hacking Group Read More »

Iran Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists

Cybersecurity researchers have uncovered a new cyber espionage campaign, dubbed RedKitten, that is believed to be linked to Iranian state aligned threat actors. The operation is targeting non governmental organizations, human rights defenders, and individuals documenting recent abuses linked to Iran’s internal unrest. The campaign was identified by French cybersecurity firm HarfangLab in January 2026 and appears to coincide with

Iran Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists Read More »

China Linked UAT 8099 Targets IIS Servers in Asia Using BadIIS SEO Malware

Cybersecurity researchers have uncovered a new malicious campaign attributed to a China linked threat actor tracked as UAT 8099. The activity, observed between late 2025 and early 2026, targeted vulnerable Microsoft Internet Information Services servers across multiple Asian countries. The campaign was identified by Cisco Talos, which reported that the attacks primarily focused on IIS

China Linked UAT 8099 Targets IIS Servers in Asia Using BadIIS SEO Malware Read More »

China Linked Hackers Have Been Using the PeckBirdy JavaScript C2 Framework Since 2023

Cybersecurity analysts have uncovered a JavaScript based command and control framework known as PeckBirdy, which has been actively used by China-aligned advanced persistent threat groups since 2023 to compromise diverse environments. According to research published by Trend Micro, the framework has been deployed in attacks against Chinese online gambling platforms as well as targeted operations aimed

China Linked Hackers Have Been Using the PeckBirdy JavaScript C2 Framework Since 2023 Read More »

Konni Hackers Deploy AI Generated PowerShell Backdoor Targeting Blockchain Developers

North Korea-linked threat actor Konni has been observed launching a new cyber campaign that uses an AI-generated PowerShell backdoor to target blockchain developers and engineering teams. The operation highlights an increasing use of artificial intelligence to accelerate malware development while maintaining stealth. According to Check Point Research, the phishing activity has targeted organizations and individuals

Konni Hackers Deploy AI Generated PowerShell Backdoor Targeting Blockchain Developers Read More »

North Korean PurpleBravo Campaign Targets 3,136 IP Addresses Using Fake Job Interviews

Recorded Future’s Insikt Group has uncovered that the North Korean-linked PurpleBravo campaign targeted 3,136 IP addresses connected to potential victims across multiple industries, including artificial intelligence, cryptocurrency, financial services, IT services, marketing, and software development. The campaign, also known under aliases such as CL-STA-0240, DeceptiveDevelopment, DEV#POPPER, Famous Chollima, Gwisin Gang, Tenacious Pungsan, UNC5342, Void Dokkaebi, and WaterPlum, has been active since

North Korean PurpleBravo Campaign Targets 3,136 IP Addresses Using Fake Job Interviews Read More »

North Korea Linked Hackers Target Developers Through Malicious VS Code Projects

Threat actors linked to North Korea’s long-running Contagious Interview campaign have been observed abusing Microsoft Visual Studio Code (VS Code) projects to compromise developer systems and deploy stealthy backdoors. According to Jamf Threat Labs, this activity reflects a continued evolution of a technique first identified in December 2025. The campaign relies on social engineering and developer workflows,

North Korea Linked Hackers Target Developers Through Malicious VS Code Projects Read More »