Malware & Threats Chinese Hackers Target Chinese Users With RAT, Rootkit China-linked Silver Fox hacking group is targeting Chinese users with fake installers carrying a RAT and a rootkit. Ionut ArghireJune 27, 2025
Nation-State Chinese APT Hacking Routers to Build Espionage Infrastructure A Chinese APT has been infecting SOHO routers with the ShortLeash backdoor to build stealthy espionage infrastructure. Ionut ArghireJune 24, 2025
Ransomware Fog Ransomware Attack Employs Unusual Tools Multiple legitimate, unusual tools were used in a Fog ransomware attack, including one employed by Chinese hacking group APT41. Ionut ArghireJune 13, 2025
Malware & Threats Microsoft, CrowdStrike Lead Effort to Map Threat Actor Names Microsoft and CrowdStrike are running a project that aims to align threat actor names, and Google and Palo Alto Networks will also contribute. Eduard KovacsJune 3, 2025
Nation-State Chinese APT Mustang Panda Updates, Expands Arsenal The Chinese state-sponsored group Mustang Panda has used new and updated malicious tools in a recent attack. Ionut ArghireApril 17, 2025
Malware & Threats Chinese APT Weaver Ant Targeting Telecom Providers in Asia Weaver Ant, a cyberespionage-focused APT operating out of China, is targeting telecom providers for persistent access. Ionut ArghireMarch 25, 2025
Nation-State Chinese I-Soon Hackers Hit 7 Organizations in Operation FishMedley The FishMonger APT group, a subdivision of Chinese cybersecurity firm I-Soon, compromised seven organizations in a 2022 campaign. Ionut ArghireMarch 21, 2025
Malware & Threats 11 State-Sponsored APTs Exploiting LNK Files for Espionage, Data Theft ZDI has uncovered 1,000 malicious .lnk files used by state-sponsored and cybercrime threat actors to execute malicious commands. Eduard KovacsMarch 18, 2025
Mobile & Wireless North Korean Hackers Distributed Android Spyware via Google Play The North Korea-linked APT37 has been observed targeting Android users with spyware distributed via Google Play. Ionut ArghireMarch 13, 2025
Nation-State 1,600 Victims Hit by South American APT’s Malware South American cyberespionage group Blind Eagle has infected over 1,600 organizations in Colombia in a recent campaign. Ionut ArghireMarch 11, 2025
Artificial Intelligence Can AI Early Warning Systems Reboot the Threat Intel Industry? News analysis: The big AI platforms are emerging as frontline early warning systems, detecting nation-state hackers at the outset of their campaigns. Can this... Ryan NaraineFebruary 10, 2025
Incident Response Chinese Hackers Accessed US Treasury Workstations in ‘Major’ Cybersecurity Incident Chinese hackers remotely accessed US Treasury Department workstations after compromising a cloud-based service operated by BeyondTrust. SecurityWeek NewsDecember 31, 2024
Endpoint Security Sophos Used Custom Implants to Surveil Chinese Hackers Targeting Firewall Zero-Days British EDR vendor Sophos details a years-long “cat-and-mouse” tussle with sophisticated Chinese government-backed hackers. Ryan NaraineOctober 31, 2024
Malware & Threats Indian APT Targeting Mediterranean Ports and Maritime Facilities The SideWinder APT has been targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea in recent attacks. Ionut ArghireJuly 30, 2024
Email Security US Says North Korean Hackers Exploiting Weak DMARC Settings The US government warns of a North Korean threat actor abusing weak email DMARC settings to hide spear-phishing attacks. Ionut ArghireMay 3, 2024
Cyberwarfare Cyberespionage Campaign Targets Government, Energy Entities in India Threat intelligence firm EclecticIQ documents the delivery of malware phishing lures to government and private energy organizations in India. Ionut ArghireMarch 28, 2024
Government Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon Government agencies in the Five Eyes countries warn critical infrastructure entities of Chinese state-sponsored hacking group Volt Typhoon. Ionut ArghireMarch 20, 2024
Cloud Security New Open Source Tool Hunts for APT Activity in the Cloud The CloudGrappler open source tool can detect the presence of known threat actors in cloud environments. Ionut ArghireMarch 11, 2024
Incident Response Microsoft Says Russian Gov Hackers Stole Source Code After Spying on Executive Emails Microsoft says the Midnight Blizzard APT group may still be poking around its internal network after stealing source code, spying on emails. Ryan NaraineMarch 8, 2024
Malware & Threats ‘YoroTrooper’ Espionage Group Linked to Kazakhstan Cisco links the espionage-focused ‘YoroTrooper’ threat actor to Kazakhstan. Ionut ArghireOctober 25, 2023