APT Archives

Malware & Threats

Iranian APT Targets Aviation, Software Companies With Updated Tools

Nimbus Manticore has continued its operations during and after the US military campaign against Iran.

Ionut ArghireMay 26, 2026

Malware & Threats

US Disrupts Russian Espionage Operation Involving Hacked Routers and DNS Hijacking

The APT28 threat group exploited vulnerable TP-Link and MikroTik routers to conduct adversary-in-the-middle (AitM) attacks.

Eduard KovacsApril 8, 2026

Mobile & Wireless

Russian APT Star Blizzard Adopts DarkSword iOS Exploit Kit

The state-sponsored group’s campaign has targeted government, higher education, financial, and legal entities, as well as think tanks.

Ionut ArghireMarch 30, 2026

Cyberwarfare

Iran Readied Cyberattack Capabilities for Response Prior to Epic Fury

Analysis reveals a six-month buildup of Iran-linked cyber infrastructure, including US-based shell companies, designed to weather kinetic strikes and ensure the resilience of its...

Kevin TownsendMarch 19, 2026

Nation-State

Iranian APT Hacked US Airport, Bank, Software Company

The attacks, observed since February, show that Iranian hackers already have a presence in the networks of US organizations.

Ionut ArghireMarch 6, 2026

Malware & Threats

Russia’s APT28 Rapidly Weaponizes Newly Patched Office Vulnerability

The attacks targeting Europe were analyzed by Ukraine’s CERT-UA and the cybersecurity company Zscaler.

Eduard KovacsFebruary 3, 2026

Malware & Threats

Amazon: Russian Hackers Now Favor Misconfigurations in Critical Infrastructure Attacks

After years of exploiting zero-day and n-day vulnerabilities, Russian state-sponsored threat actors are shifting to misconfigured devices.

Eduard KovacsDecember 16, 2025

Malware & Threats

Reporters Without Borders Targeted by Russian Hackers

The state-sponsored hackers relied on phishing emails to deliver a malicious payload to Reporters Without Borders (RSF).

Ionut ArghireDecember 4, 2025

Malware & Threats

Chinese Cyberspies Deploy ‘BadAudio’ Malware via Supply Chain Attacks

APT24 has been relying on various techniques to drop the BadAudio downloader and then deploy additional payloads.

Ionut ArghireNovember 21, 2025

Nation-State

Russian APT Switches to New Backdoor After Malware Exposed by Researchers

Star Blizzard started using the NoRobot (BaitSwitch) and MaybeRobot (SimpleFix) malware after public reporting on the LostKeys malware.

Ionut ArghireOctober 22, 2025

Nation-State

Chinese APT ‘Phantom Taurus’ Targeting Organizations With Net-Star Malware

Focused on espionage, the threat actor shares infrastructure with Chinese APTs, but uses different TTPs in attacks.

Ionut ArghireOctober 1, 2025

Nation-State

Pakistani Hackers Back at Targeting Indian Government Entities

Pakistani state-sponsored hacking group APT36 is targeting Linux systems in a fresh campaign aimed at Indian government entities.

Ionut ArghireAugust 25, 2025

Nation-State

Russian APT Exploiting 7-Year-Old Cisco Vulnerability: FBI

Russian state-sponsored hackers tracked as Static Tundra continue to target Cisco devices affected by CVE-2018-0171.

Ionut ArghireAugust 21, 2025

Nation-State

Russian Cyberspies Target Foreign Embassies in Moscow via AitM Attacks: Microsoft

Russian state-sponsored APT Secret Blizzard has used ISP-level AitM attacks to infect diplomatic devices with malware.

Ionut ArghireAugust 1, 2025

Government

UK Sanctions Russian Hackers Tied to Assassination Attempts

The UK government has sanctioned three Russian APTs and 18 individuals for their involvement in cyber operations against Ukraine, NATO allies, and EU.

Ionut ArghireJuly 22, 2025