Threat Research

UNC2814 is a PRC-aligned cyber espionage group active since at least 2017. It targets telecom and government sectors to steal communications intelligence and PII. The group has operated in 42 confirmed countries and over 70 suspected across multiple regions Africa, Asia, and the Americas....

Since at least 2020, we have observed a cluster of activity targeting high-value organizations across South, Southeast, and East Asia. The attacks focus on critical sectors including aviation, energy, government, law enforcement, pharmaceutical, technology, and telecommunications. This ongoing and previously undocumented activity is being tracked as CL-UNK-1068....

Team has disclosed UAT-9244, assessed with high confidence as a China-nexus APT actor linked to Famous Sparrow. Since 2024, the group has targeted critical telecommunications infrastructure in South America. Its attacks impact Windows and Linux endpoints as well as network edge devices....

On 28 February 2026, U.S. and Israeli forces launched combined air and cyber attacks that disrupted Iranian communications networks and critical systems....

UNC2814, a suspected PRC-linked cyber espionage group active since 2017, conducted a large-scale global campaign targeting telecommunications and government organizations across 42 countries, impacting at least 53 confirmed victims....

The Muddy Water APT has launched a spearphishing campaign targeting diplomatic, maritime, financial, and telecom sectors across the Middle East, delivering malicious Word documents with icon spoofing....

UAT-7290 is a sophisticated threat actor active since at least 2022, focused on gaining initial access and conducting espionage against high-value telecommunications and critical infrastructure targets in South Asia....

BlackForce is an actively evolving phishing kit first observed in August 2025, designed to conduct advanced Man-in-the-Browser (MitB) attacks that enable real-time bypass of multi-factor authentication (MFA). It has been used to impersonate over 11 major brands, including Disney, Netflix, DHL, and UPS....

The report explores the growing collaboration between China-aligned APT groups, particularly Earth Estries and Earth Naga, in a trend dubbed “Premier Pass-as-a-Service.” This model involves one group, like Earth Estries, acting as an access broker for another, such as Earth Naga, to enable continued exploitation of targets....

A major botnet campaign, dubbed RondoDox, is actively exploiting over 50 known vulnerabilities in routers, DVRs, NVRs, CCTV systems, and web servers from more than 30 vendors. Organizations with internet-facing infrastructure face heightened risks of data theft, persistent access, and operational disruption....