APT

China Linked UAT 8099 Targets IIS Servers in Asia Using BadIIS SEO Malware

Cybersecurity researchers have uncovered a new malicious campaign attributed to a China linked threat actor tracked as UAT 8099. The activity, observed between late 2025 and early 2026, targeted vulnerable Microsoft Internet Information Services servers across multiple Asian countries. The campaign was identified by Cisco Talos, which reported that the attacks primarily focused on IIS […]

China Linked UAT 8099 Targets IIS Servers in Asia Using BadIIS SEO Malware Read More »

China Linked Hackers Have Been Using the PeckBirdy JavaScript C2 Framework Since 2023

Cybersecurity analysts have uncovered a JavaScript based command and control framework known as PeckBirdy, which has been actively used by China-aligned advanced persistent threat groups since 2023 to compromise diverse environments. According to research published by Trend Micro, the framework has been deployed in attacks against Chinese online gambling platforms as well as targeted operations aimed

China Linked Hackers Have Been Using the PeckBirdy JavaScript C2 Framework Since 2023 Read More »

Konni Hackers Deploy AI Generated PowerShell Backdoor Targeting Blockchain Developers

North Korea-linked threat actor Konni has been observed launching a new cyber campaign that uses an AI-generated PowerShell backdoor to target blockchain developers and engineering teams. The operation highlights an increasing use of artificial intelligence to accelerate malware development while maintaining stealth. According to Check Point Research, the phishing activity has targeted organizations and individuals

Konni Hackers Deploy AI Generated PowerShell Backdoor Targeting Blockchain Developers Read More »

North Korean PurpleBravo Campaign Targets 3,136 IP Addresses Using Fake Job Interviews

Recorded Future’s Insikt Group has uncovered that the North Korean-linked PurpleBravo campaign targeted 3,136 IP addresses connected to potential victims across multiple industries, including artificial intelligence, cryptocurrency, financial services, IT services, marketing, and software development. The campaign, also known under aliases such as CL-STA-0240, DeceptiveDevelopment, DEV#POPPER, Famous Chollima, Gwisin Gang, Tenacious Pungsan, UNC5342, Void Dokkaebi, and WaterPlum, has been active since

North Korean PurpleBravo Campaign Targets 3,136 IP Addresses Using Fake Job Interviews Read More »

North Korea Linked Hackers Target Developers Through Malicious VS Code Projects

Threat actors linked to North Korea’s long-running Contagious Interview campaign have been observed abusing Microsoft Visual Studio Code (VS Code) projects to compromise developer systems and deploy stealthy backdoors. According to Jamf Threat Labs, this activity reflects a continued evolution of a technique first identified in December 2025. The campaign relies on social engineering and developer workflows,

North Korea Linked Hackers Target Developers Through Malicious VS Code Projects Read More »

LOTUSLITE Backdoor Targets U.S. Policy Entities Through Venezuela-Themed Spear Phishing

Cybersecurity researchers have revealed a new malware campaign aimed at U.S. government and policy organizations, using politically themed lures to deliver a backdoor called LOTUSLITE. The campaign exploits geopolitical tensions between the U.S. and Venezuela. Attackers distributed a ZIP archive named “US now deciding what’s next for Venezuela.zip”, which contains a malicious DLL. This DLL is executed

LOTUSLITE Backdoor Targets U.S. Policy Entities Through Venezuela-Themed Spear Phishing Read More »

Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways

Cisco has released security updates to address a critical remote code execution vulnerability affecting Cisco AsyncOS Software used in Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. The patches arrive nearly one month after Cisco confirmed that the flaw was actively exploited as a zero day by a China linked advanced persistent

Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways Read More »

MuddyWater Launches RustyWater RAT Through Spear-Phishing Targeting Middle East Sectors

Cybersecurity researchers have uncovered a new spear phishing campaign linked to the Iranian threat actor MuddyWater, also known by multiple aliases, targeting critical sectors across the Middle East. The operation delivers a Rust based remote access trojan called RustyWater, signaling a continued shift toward more advanced and stealthy malware frameworks. Campaign Overview According to a

MuddyWater Launches RustyWater RAT Through Spear-Phishing Targeting Middle East Sectors Read More »

China-Linked Hackers Exploit VMware ESXi Zero-Day Flaws to Escape Virtual Machines

Chinese-speaking threat actors are believed to have abused a compromised SonicWall VPN appliance to gain initial access and deploy a sophisticated VMware ESXi virtual machine escape exploit. According to cybersecurity firm Huntress, the exploit may have been under development as early as February 2024. Huntress detected the malicious activity in December 2025 and successfully disrupted

China-Linked Hackers Exploit VMware ESXi Zero-Day Flaws to Escape Virtual Machines Read More »

Russian APT28 Launches Credential-Stealing Campaign Targeting Energy and Policy Organizations

Russian state-sponsored threat actors linked to APT28, also known as BlueDelta, have been identified running an ongoing credential-harvesting operation aimed at energy research and policy-related organizations across multiple regions. According to findings, the campaign primarily targeted individuals connected to a Turkish energy and nuclear research body, employees of a European policy think tank, and organizations operating in North

Russian APT28 Launches Credential-Stealing Campaign Targeting Energy and Policy Organizations Read More »