APT

APT24 Deploys BADAUDIO in Long Running Espionage Targeting Taiwan and Over 1,000 Domains

A suspected China-linked cyber threat group known as APT24 has been actively deploying a previously undocumented malware called BADAUDIO as part of a prolonged espionage campaign. The operation, ongoing for nearly three years, has targeted organizations in Taiwan and compromised over 1,000 domains. Google Threat Intelligence Group (GTIG) researchers Harsh Parashar, Tierra Duncan, and Dan […]

APT24 Deploys BADAUDIO in Long Running Espionage Targeting Taiwan and Over 1,000 Domains Read More »

Iran Linked Hackers Tracked Ship AIS Data Days Before an Attempted Real World Missile Strike

Recent findings indicate that Iranian-linked threat actors are increasingly combining cyber operations with real-world military objectives, a practice Amazon calls cyber-enabled kinetic targeting. By using digital reconnaissance to support physical attacks, these groups are demonstrating a significant evolution in modern warfare where cyber and kinetic domains are no longer separate. Blurring the Lines Between Cyber

Iran Linked Hackers Tracked Ship AIS Data Days Before an Attempted Real World Missile Strike Read More »

Iranian Hackers Deploy DEEPROOT and TWOSTROKE Malware in Targeted Aerospace and Defense Attacks

A sophisticated Iran associated threat group has been observed conducting extensive espionage activity against organizations in the aerospace, aviation, and defense sectors across the Middle East. The attackers have used custom backdoors, including TWOSTROKE and DEEPROOT, to maintain long term access and gather sensitive information. Mandiant has linked this campaign to a cluster known as

Iranian Hackers Deploy DEEPROOT and TWOSTROKE Malware in Targeted Aerospace and Defense Attacks Read More »

Dragon Breath Deploys RONINGLOADER to Disable Security Tools and Install Gh0st RAT

A threat actor known as Dragon Breath has launched a sophisticated operation using a multi layered tool called RONINGLOADER. This loader is designed to disable major endpoint security products, evade modern defenses, and ultimately deploy a modified version of Gh0st RAT. The campaign mainly targets Chinese speaking victims and relies on trojanized installers that appear

Dragon Breath Deploys RONINGLOADER to Disable Security Tools and Install Gh0st RAT Read More »

North Korean Hackers Abuse JSON Services to Deliver Malware Covertly

Researchers have uncovered that North Korean threat actors behind the Contagious Interview campaign are increasingly leveraging JSON storage services to host and deploy malicious payloads. These platforms allow attackers to operate covertly while blending in with normal traffic. Tactics and Techniques According to NVISO researchers Bart Parys, Stef Collart, and Efstratios Lontzetidis, the actors now

North Korean Hackers Abuse JSON Services to Deliver Malware Covertly Read More »

Iranian Hackers Launch SpearSpecter Spy Operation Targeting Defense and Government

A state backed Iranian cyber espionage group, commonly known as APT42, has been observed conducting a new intelligence collection campaign aimed at individuals and organizations connected to national security. The Israel National Digital Agency (INDA) has named this ongoing operation SpearSpecter after identifying its activity in early September 2025. Highly Targeted Social Engineering Operations INDA

Iranian Hackers Launch SpearSpecter Spy Operation Targeting Defense and Government Read More »

Konni Hackers Turn Google Find Hub into Remote Data Wiping Tool

A North Korea linked actor known as Konni, also tracked as Earth Imp, Opal Sleet, Osmium, TA406, and Vedalia, has run targeted campaigns that compromise Android and Windows systems, steal credentials, and gain remote control of victims’ devices. Researchers at the Genians Security Center say the group used social engineering to distribute malware disguised as

Konni Hackers Turn Google Find Hub into Remote Data Wiping Tool Read More »

China’s Hackers Repurpose Legacy Flaws, from Log4j to IIS, into Global Espionage Tools

Chinese state aligned hacking groups continue to rely on long standing software vulnerabilities to conduct stealthy cyber operations across the globe. A recent incident involving a U.S. based non profit organization shows how older flaws such as Log4j, Atlassian, Struts, and IIS weaknesses are still being reused to gain long term access for intelligence gathering.

China’s Hackers Repurpose Legacy Flaws, from Log4j to IIS, into Global Espionage Tools Read More »

SonicWall Confirms State Sponsored Hackers Behind September Cloud Backup Breach

Network security giant SonicWall has officially confirmed that a sophisticated state-sponsored threat actor was responsible for a September security incident. The breach resulted in the unauthorized access of firewall configuration backup files from a specific cloud environment, though the company has assured customers that its core products and firmware remain unaffected. Isolated Breach in a

SonicWall Confirms State Sponsored Hackers Behind September Cloud Backup Breach Read More »

Mysterious ‘SmudgedSerpent’ Hackers Target U.S. Policy Experts Amid Rising Iran–Israel Tensions

A previously unknown hacking group, codenamed “SmudgedSerpent,” has been uncovered targeting American academics and foreign policy specialists. This cyber espionage campaign, which occurred between June and August 2025, aligns with a period of significantly heightened tensions between Iran and Israel, pointing to a clear intelligence-gathering motive. Deceptive Lures and Established Playbooks The threat actor, identified

Mysterious ‘SmudgedSerpent’ Hackers Target U.S. Policy Experts Amid Rising Iran–Israel Tensions Read More »