Cyber Espionage

UAT-9921 Deploys VoidLink Malware Against Technology and Financial Sectors

A previously unknown threat actor, tracked as UAT-9921, has been linked to sophisticated campaigns targeting technology and financial services organizations. The adversary employs a modular malware framework named VoidLink, capable of long term, stealthy access across Linux and Windows systems, according to findings by Cisco Talos. VoidLink demonstrates advanced capabilities, including kernel level rootkits, on-demand plugin compilation, and […]

UAT-9921 Deploys VoidLink Malware Against Technology and Financial Sectors Read More »

Google Reports State-Backed Hackers Leveraging Gemini AI for Reconnaissance and Attack Support

Google has reported that the North Korea-linked threat actor UNC2970 is using its generative AI model Gemini for reconnaissance, highlighting a growing trend of hacking groups weaponizing AI to accelerate cyber attack operations. These capabilities include information gathering, model extraction, and enhancing attack efficiency. According to the Google Threat Intelligence Group (GTIG), UNC2970 leveraged Gemini

Google Reports State-Backed Hackers Leveraging Gemini AI for Reconnaissance and Attack Support Read More »

APT36 and SideCopy Conduct Cross-Platform RAT Campaigns Targeting Indian Organizations

Indian government-linked entities and defense sector organizations are facing a new wave of cyber espionage operations attributed to Pakistan-aligned threat groups APT36, also known as Transparent Tribe, and its suspected sub-cluster SideCopy. The coordinated campaigns are designed to infiltrate both Windows and Linux systems using advanced Remote Access Trojans, RATs, capable of stealing sensitive information

APT36 and SideCopy Conduct Cross-Platform RAT Campaigns Targeting Indian Organizations Read More »

North Korea-Linked UNC1069 Uses AI Lures to Target Cryptocurrency Organizations

The North Korea-associated threat group UNC1069 has intensified its cyber operations against the cryptocurrency sector, leveraging advanced social engineering and artificial intelligence techniques to compromise Windows and macOS systems. The campaign is primarily designed to extract sensitive credentials and enable large-scale financial theft. According to findings from Google Mandiant researchers Ross Inman and Adrian Hernandez, the operation

North Korea-Linked UNC1069 Uses AI Lures to Target Cryptocurrency Organizations Read More »

DPRK Operatives Impersonate Professionals on LinkedIn to Infiltrate Organizations

Security researchers have revealed that North Korean cyber operatives are increasingly targeting global companies by impersonating legitimate professionals on LinkedIn. The threat actors are applying for remote roles using real LinkedIn accounts, often tied to verified email addresses and identity badges, to make their applications appear authentic. This long-running campaign, tracked as Jasper Sleet, PurpleDelta, and Wagemole,

DPRK Operatives Impersonate Professionals on LinkedIn to Infiltrate Organizations Read More »

China-Linked UNC3886 Targets Singapore Telecom Sector in Cyber Espionage Operations

Singapore’s Cyber Security Agency (CSA) has confirmed that a China linked cyber espionage group known as UNC3886 carried out a coordinated and targeted campaign against the country’s telecommunications sector. According to CSA, the operation was deliberate, highly organized, and carefully executed. All four major telecommunications providers in Singapore, M1, SIMBA Telecom, Singtel, and StarHub, were

China-Linked UNC3886 Targets Singapore Telecom Sector in Cyber Espionage Operations Read More »

Bloody Wolf Targets Uzbekistan and Russia with NetSupport RAT via Spear-Phishing Campaign

Cybersecurity researchers have linked a targeted cyber campaign to the threat actor known as Bloody Wolf, which is actively infecting systems in Uzbekistan and Russia through spear-phishing emails that deliver the NetSupport Remote Access Trojan. The activity is being monitored by cybersecurity firm Kaspersky under the tracking name Stan Ghouls. The group has been operational

Bloody Wolf Targets Uzbekistan and Russia with NetSupport RAT via Spear-Phishing Campaign Read More »

China-Linked DKnife AitM Framework Targets Routers to Hijack Traffic and Deliver Malware

Cybersecurity researchers have uncovered a sophisticated adversary-in-the-middle framework named DKnife, which has been operated by China-linked threat actors since at least 2019. The framework is designed to compromise routers and edge devices, enabling large-scale traffic interception, credential theft, and targeted malware distribution. According to a report published by Cisco Talos, DKnife consists of multiple Linux-based implants

China-Linked DKnife AitM Framework Targets Routers to Hijack Traffic and Deliver Malware Read More »

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government and Infrastructure Organizations

Cybersecurity researchers at Palo Alto Networks Unit 42 have uncovered a previously unknown state-backed cyber espionage group that has compromised at least 70 government and critical infrastructure organizations across 37 countries within the last year. The threat actor, tracked as TGR-STA-1030, has also conducted widespread reconnaissance activities targeting government-related infrastructure in 155 countries between November and

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government and Infrastructure Organizations Read More »

Infy Hackers Restart Operations Using New C2 Servers After Iran’s Internet Blackout Ends

The Iranian state-linked threat group known as Infy, also tracked as Prince of Persia, has resumed cyber operations after a temporary pause that coincided with Iran’s nationwide internet shutdown in early January 2026. Researchers say the group reappeared with new command-and-control (C2) servers, reinforcing assessments that Infy operates with state backing. According to a report released by SafeBreach, the

Infy Hackers Restart Operations Using New C2 Servers After Iran’s Internet Blackout Ends Read More »