APT

China-Linked UAT-7290 Targets Telecom Companies with Linux Malware and ORB Nodes

Cybersecurity researchers have attributed a series of espionage driven cyber intrusions to a China linked threat actor tracked as UAT 7290, which has been actively targeting organizations across South Asia and Southeastern Europe. According to a new report published by Cisco Talos, the activity cluster has been operational since at least 2022 and is known […]

China-Linked UAT-7290 Targets Telecom Companies with Linux Malware and ORB Nodes Read More »

Transparent Tribe Initiates New RAT Attacks Targeting Indian Government and Academic Institutions

Cybersecurity researchers have attributed a new wave of targeted cyber espionage activity to the threat group known as Transparent Tribe, also tracked as APT36, aimed at Indian government bodies, academic institutions, and strategically significant organizations. According to a technical analysis published by CYFIRMA, the campaign relies on deceptive delivery methods, most notably a malicious Windows shortcut (LNK)

Transparent Tribe Initiates New RAT Attacks Targeting Indian Government and Academic Institutions Read More »

Mustang Panda Uses Signed Kernel Mode Rootkit to Load TONESHELL Backdoor

Cybersecurity researchers have uncovered a sophisticated attack by the Chinese threat actor Mustang Panda, which utilized a previously unknown kernel-mode rootkit driver to deploy the TONESHELL backdoor. The campaign, detected in mid-2025, primarily targeted government organizations in Southeast and East Asia, including Myanmar and Thailand. According to Kaspersky, the malicious driver, named ProjectConfiguration.sys, is digitally signed

Mustang Panda Uses Signed Kernel Mode Rootkit to Load TONESHELL Backdoor Read More »

China Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware

A China-linked advanced persistent threat group has been linked to a sophisticated cyber espionage campaign that relied on Domain Name System (DNS) poisoning to distribute the MgBot backdoor. The attacks targeted selected victims across Türkiye, China, and India, according to new findings from Kaspersky. Kaspersky researchers observed the activity between November 2022 and November 2024

China Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware Read More »

Iranian Infy APT Resurfaces with New Malware Activity After Years of Silence

Threat intelligence researchers have identified renewed cyber activity linked to an Iranian advanced persistent threat group known as Infy, also referred to as Prince of Persia, nearly five years after the group was last observed conducting attacks in Sweden, the Netherlands, and Turkey. Security experts now believe the scope and persistence of Infy’s operations were

Iranian Infy APT Resurfaces with New Malware Activity After Years of Silence Read More »

Russia Linked Hackers Abuse Microsoft 365 Device Code Phishing for Account Takeovers

A suspected Russia-aligned threat group has been identified for a phishing campaign targeting Microsoft 365 users by exploiting device code authentication flows to steal credentials and conduct account takeovers. The campaign, active since September 2025, is tracked by Proofpoint under the designation UNK_AcademicFlare. Attackers have primarily targeted email accounts associated with government and military organizations,

Russia Linked Hackers Abuse Microsoft 365 Device Code Phishing for Account Takeovers Read More »

North Korea Linked Hackers Steal 2.02 Billion Dollars in 2025 to Lead Global Crypto Theft

Threat actors associated with the Democratic People’s Republic of Korea, also known as North Korea, have emerged as the leading force behind global cryptocurrency theft in 2025. According to a new report released by blockchain intelligence firm Chainalysis, North Korea linked groups are responsible for stealing at least 2.02 billion dollars out of more than

North Korea Linked Hackers Steal 2.02 Billion Dollars in 2025 to Lead Global Crypto Theft Read More »

China Aligned Threat Group Abuses Windows Group Policy to Deploy Espionage Malware

A previously undocumented China-aligned threat cluster, tracked as LongNosedGoblin, has been linked to a series of cyber espionage operations targeting government organizations in Southeast Asia and Japan. The activity, uncovered by Slovak cybersecurity firm ESET, has been assessed to be active since at least September 2023, with intelligence collection identified as the primary objective. According

China Aligned Threat Group Abuses Windows Group Policy to Deploy Espionage Malware Read More »

Kimsuky Spreads DocSwap Android Malware Through QR Phishing Posing as Delivery App

A new Android malware campaign linked to the North Korean threat actor Kimsuky has been uncovered, using QR code based phishing techniques to distribute an updated variant of malware known as DocSwap. The activity was analyzed by South Korean cybersecurity firm ENKI, which reported that the attackers are impersonating a major logistics provider in South

Kimsuky Spreads DocSwap Android Malware Through QR Phishing Posing as Delivery App Read More »

APT28 Targets Ukrainian UKR net Users in Long Running Credential Phishing Campaign

The Russian state sponsored cyber threat actor widely known as APT28 has been linked to a long running credential harvesting campaign aimed at users of UKR[.]net, a popular Ukrainian webmail and news service. The activity was uncovered by the Insikt Group, the threat intelligence division of Recorded Future, and was observed between June 2024 and

APT28 Targets Ukrainian UKR net Users in Long Running Credential Phishing Campaign Read More »