Showing 10 threats (week)
APT24, a long-running China-linked hacking group also tracked as G0011, PITTY PANDA and Temp.Pittytiger, has conducted a three-year espionage campaign targeting Taiwanese organizations using a custom …
Category: Threat Actors & Campaigns / Nation-State Espionage
UNC1549 is an Iran-nexus espionage group conducting multi-year campaigns against aerospace, aviation and defense organizations in the Middle East and Europe, with Mandiant observing a surge in activit…
Category: Threat Actors & Campaigns / Nation-State Espionage
The newly discovered Sturnus Android banking malware is a privately operated threat that combines classic overlay fraud with advanced accessibility abuse to capture banking credentials and read encryp…
Category: Threat Actors & Campaigns / Mobile Banking Malware
A new Group-IB report reveals that the UNC2891 threat group has been conducting a multi-year ATM fraud operation targeting banks across Indonesia. The campaign encompasses physical ATM infiltration, c…
Category: Threat Actors & Campaigns / Financial Cybercrime
A persistent malware distribution campaign tracked as STAC3150 is targeting WhatsApp users—primarily in Brazil—using multi-stage infection flows that ultimately deploy the Astaroth (Guildma) banking t…
Category: Threat Actors & Campaigns / Malware
The Everest ransomware group has claimed responsibility for a significant breach of Brazilian energy giant Petrobras, signaling a potentially severe compromise within national critical infrastructure.…
Category: Threat Actors & Campaigns / Ransomware
The ShinyHunters cybercrime group, associated with UNC6395 and the broader Scattered Lapsus$ Hunters coalition, has claimed responsibility for hacking Gainsight applications and accessing Salesforce i…
Category: Threat Actors & Campaigns / Supply Chain Attacks
Ransomware activity in the healthcare sector shows increasing resilience according to a new Sophos report, with significant reductions in ransom payments and shortened recovery windows. Although the s…
Category: Threat Actors & Campaigns / Ransomware Trends
A new malware strain named Vamps has emerged, leveraging Shadow AI tactics to hide command-and-control traffic within legitimate LLM service calls. The malware routes exfiltration and C2 through stand…
Category: Threat Actors & Campaigns / Malware
CVE-tracked Iranian backdoor malware operations were identified in a new Google Threat Analysis Group investigation, revealing advanced persistence techniques along with stealthy command-and-control c…
Category: Threat Actors & Campaigns / State-Aligned Operations