APT

Russia Linked Hackers Abuse Microsoft 365 Device Code Phishing for Account Takeovers

A suspected Russia-aligned threat group has been identified for a phishing campaign targeting Microsoft 365 users by exploiting device code authentication flows to steal credentials and conduct account takeovers. The campaign, active since September 2025, is tracked by Proofpoint under the designation UNK_AcademicFlare. Attackers have primarily targeted email accounts associated with government and military organizations, […]

Russia Linked Hackers Abuse Microsoft 365 Device Code Phishing for Account Takeovers Read More »

North Korea Linked Hackers Steal 2.02 Billion Dollars in 2025 to Lead Global Crypto Theft

Threat actors associated with the Democratic People’s Republic of Korea, also known as North Korea, have emerged as the leading force behind global cryptocurrency theft in 2025. According to a new report released by blockchain intelligence firm Chainalysis, North Korea linked groups are responsible for stealing at least 2.02 billion dollars out of more than

North Korea Linked Hackers Steal 2.02 Billion Dollars in 2025 to Lead Global Crypto Theft Read More »

China Aligned Threat Group Abuses Windows Group Policy to Deploy Espionage Malware

A previously undocumented China-aligned threat cluster, tracked as LongNosedGoblin, has been linked to a series of cyber espionage operations targeting government organizations in Southeast Asia and Japan. The activity, uncovered by Slovak cybersecurity firm ESET, has been assessed to be active since at least September 2023, with intelligence collection identified as the primary objective. According

China Aligned Threat Group Abuses Windows Group Policy to Deploy Espionage Malware Read More »

Kimsuky Spreads DocSwap Android Malware Through QR Phishing Posing as Delivery App

A new Android malware campaign linked to the North Korean threat actor Kimsuky has been uncovered, using QR code based phishing techniques to distribute an updated variant of malware known as DocSwap. The activity was analyzed by South Korean cybersecurity firm ENKI, which reported that the attackers are impersonating a major logistics provider in South

Kimsuky Spreads DocSwap Android Malware Through QR Phishing Posing as Delivery App Read More »

APT28 Targets Ukrainian UKR net Users in Long Running Credential Phishing Campaign

The Russian state sponsored cyber threat actor widely known as APT28 has been linked to a long running credential harvesting campaign aimed at users of UKR[.]net, a popular Ukrainian webmail and news service. The activity was uncovered by the Insikt Group, the threat intelligence division of Recorded Future, and was observed between June 2024 and

APT28 Targets Ukrainian UKR net Users in Long Running Credential Phishing Campaign Read More »

China Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware

A China aligned cyber espionage group tracked as Ink Dragon has intensified its operations against government organizations, with a noticeable focus on European targets since July 2025. The campaign remains active and continues to impact entities across Southeast Asia and South America. Security researchers at Check Point Research are monitoring the activity cluster, which is

China Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware Read More »

Amazon Exposes Years Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure

Amazon has released new threat intelligence findings detailing a years long cyber campaign linked to a Russian state sponsored actor that targeted Western critical infrastructure between 2021 and 2025. The activity primarily affected energy sector organizations, critical infrastructure providers in North America and Europe, and companies operating cloud hosted network environments. According to Amazon, the

Amazon Exposes Years Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure Read More »

WIRTE Uses AshenLoader Sideloading to Deploy the AshTag Espionage Backdoor

An advanced persistent threat (APT) group known as WIRTE has been linked to cyberattacks targeting government and diplomatic entities across the Middle East since 2020. The group deploys a previously undocumented malware suite called AshTag, designed for espionage and intelligence collection. Palo Alto Networks Unit 42 is tracking this cluster under the codename Ashen Lepus.

WIRTE Uses AshenLoader Sideloading to Deploy the AshTag Espionage Backdoor Read More »

North Korea Linked Actors Exploit React2Shell to Deliver New EtherRAT Malware

A threat group linked to North Korea has begun exploiting the critical React2Shell security flaw in React Server Components to distribute a previously undocumented remote access trojan named EtherRAT. According to a new report from Sysdig, this malware uses Ethereum smart contracts for command and control resolution, deploys five separate persistence methods on Linux systems,

North Korea Linked Actors Exploit React2Shell to Deliver New EtherRAT Malware Read More »

Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure

Cybersecurity researchers have identified four separate threat clusters using a malware loader called CastleLoader, reinforcing earlier assessments that this tool operates under a malware-as-a-service (MaaS) model, providing capabilities to multiple cybercriminal groups. The operator behind CastleLoader has been designated GrayBravo by Recorded Future’s Insikt Group, previously tracked as TAG-150. According to an analysis published by

Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure Read More »