APT

Researchers Reveal GhostCall and GhostHire, New Malware Chains Linked to BlueNoroff APT

Security researchers have exposed two coordinated malware campaigns, GhostCall and GhostHire, linked to the North Korea-associated Lazarus sub-group BlueNoroff, also tracked under names like APT38, CryptoCore, Genie Spider, Nickel Gladstone, Sapphire Sleet, and Stardust Chollima. The campaigns focus on the Web3 and blockchain ecosystem, and together they form part of a larger, long-running operation Kaspersky […]

Researchers Reveal GhostCall and GhostHire, New Malware Chains Linked to BlueNoroff APT Read More »

SideWinder APT Uses ClickOnce Based Attack Chain to Target South Asian Diplomats

A new cyber espionage campaign has been uncovered, showing the continuous evolution of the SideWinder advanced persistent threat (APT) group. The operation, which took place in September 2025, targeted a European embassy in New Delhi and multiple organizations across Sri Lanka, Pakistan, and Bangladesh. Researchers from Trellix, Ernesto Fernández Provecho and Pham Duy Phuc, have

SideWinder APT Uses ClickOnce Based Attack Chain to Target South Asian Diplomats Read More »

APT36 Targets Indian Government Using Golang-Based DeskRAT Malware

A Pakistan-linked threat actor, identified as Transparent Tribe (APT36), has been observed launching spear-phishing attacks against Indian government entities using a Golang-based remote access trojan (RAT) called DeskRAT. The campaign, active during August and September 2025, continues a series of operations first highlighted by CYFIRMA in August 2025 and now monitored by Sekoia. Attack MethodologyThe

APT36 Targets Indian Government Using Golang-Based DeskRAT Malware Read More »

North Korean Hackers Use Fake Job Offers to Lure Defense Engineers and Steal Drone Secrets

A persistent North Korean cyber campaign, known as Operation Dream Job, has resurfaced with a focused wave of attacks against European companies in the defense and aerospace sectors. ESET researchers Peter Kálnai and Alexis Rapin report the activity appears aimed at harvesting proprietary data and manufacturing know-how, especially tied to unmanned aerial vehicle, UAV, development.

North Korean Hackers Use Fake Job Offers to Lure Defense Engineers and Steal Drone Secrets Read More »

Iran-Linked MuddyWater Targets Over 100 Organizations in Global Espionage Campaign

Iranian-affiliated cyber group MuddyWater has launched a large-scale espionage campaign targeting more than 100 organizations, mainly across the Middle East and North Africa (MENA) region. The group has reportedly used a compromised email account to distribute a backdoor malware called Phoenix, aiming to infiltrate high-value targets and gather intelligence, according to a technical report by

Iran-Linked MuddyWater Targets Over 100 Organizations in Global Espionage Campaign Read More »

Chinese Threat Actors Exploit ToolShell SharePoint Flaw Shortly After Microsoft’s July Patch

Chinese-linked threat actors have quickly exploited the ToolShell security vulnerability in Microsoft SharePoint, targeting multiple organizations across the globe shortly after Microsoft patched the flaw in July 2025. This series of attacks highlights the speed and sophistication of threat actors in leveraging newly disclosed vulnerabilities for espionage and cybercrime. The initial breach affected a telecommunications

Chinese Threat Actors Exploit ToolShell SharePoint Flaw Shortly After Microsoft’s July Patch Read More »

Cavalry Werewolf APT Targets Multiple Industries Using FoalShell and StallionRAT Malware

Between May and August 2025, a technically advanced threat campaign targeted Russia’s public sector and several critical industries, focusing primarily on energy, mining, and manufacturing, [SEO keywords: Cavalry Werewolf APT, cyber threat, FoalShell, StallionRAT]. Analysts attribute the operations to the group known as Cavalry Werewolf, also tracked as YoroTrooper and Silent Lynx. The attackers used

Cavalry Werewolf APT Targets Multiple Industries Using FoalShell and StallionRAT Malware Read More »

Researchers Uncover PassiveNeuron APT Using Neursite and NeuralExecutor Malware

Cybersecurity analysts at Kaspersky have identified a sophisticated cyber espionage operation called PassiveNeuron, targeting government, financial, and industrial sectors across Asia, Africa, and Latin America. The campaign uses two previously unseen malware families named Neursite and NeuralExecutor, indicating a well-organized threat group focused on stealthy, long-term access. Discovery of PassiveNeuron Campaign Kaspersky first detected traces

Researchers Uncover PassiveNeuron APT Using Neursite and NeuralExecutor Malware Read More »

Hackers Exploit Citrix Flaw and Deploy Snappybee Malware to Breach European Telecom Network

A European telecommunications company has reportedly fallen victim to a cyberattack linked to a China-based espionage group known as Salt Typhoon. The incident, uncovered by Darktrace, occurred in early July 2025 when the attackers exploited a Citrix NetScaler Gateway vulnerability to gain unauthorized access to the organization’s internal network. Salt Typhoon: A Persistent and Evolving

Hackers Exploit Citrix Flaw and Deploy Snappybee Malware to Breach European Telecom Network Read More »

Google Uncovers Three New Russian Malware Families Developed by COLDRIVER Hackers

Google’s Threat Intelligence Group (GTIG) has revealed new details about the Russian-linked hacking group known as COLDRIVER, uncovering three newly developed malware families that reflect the group’s increasing cyber activity since May 2025. According to GTIG’s research, COLDRIVER has significantly expanded its malware arsenal just days after its previously known malware, LOSTKEYS, was publicly exposed.

Google Uncovers Three New Russian Malware Families Developed by COLDRIVER Hackers Read More »