Threat Research

Operation Dragon Weave is a suspected China-linked cyberespionage campaign targeting government officials and citizens in the Czech Republic and Taiwan through spearphishing emails containing malicious ZIP attachments....

A threat cluster tracked as UAT-10362 APT is conducting spear-phishing campaigns targeting Taiwanese NGOs and academic institutions, delivering a newly identified malware family called LucidRook. The malware uses a DLL-based stager embedding Lua and Rust components to execute staged payloads, with region-specific checks to target Traditional Chinese environments....

APT28, a Russian state-sponsored threat group also known as Fancy Bear or UAC-0001, is conducting a sophisticated espionage campaign against European military and government entities. The operation primarily targets maritime and transportation organizations in Poland, Slovenia, Turkey, Greece, the UAE, and Ukraine....

The Muddy Water APT has launched a spearphishing campaign targeting diplomatic, maritime, financial, and telecom sectors across the Middle East, delivering malicious Word documents with icon spoofing....

BlindEagle launched a spear-phishing campaign targeting a Colombian government agency under the Ministry of Commerce, Industry and Tourism (MCIT), using emails sent from a compromised internal account to bypass security controls....

UNC1549 often gained initial access by blending targeted social engineering with the use of compromised third-party accounts. Using credentials stolen from vendors or partners, the group took advantage of legitimate trust relationships to enter victim environments....

Silent Lynx is an espionage-driven APT group known for spear-phishing campaigns impersonating government officials to target Central Asian, Russian, and Southeast Asian entities. Recent analysis shows the group’s slow tactical evolution, using fake RAR archives and malicious .NET implants, while making operational errors that exposed new infrastructure....

Between July and August 2025, TA415 conducted spearphishing campaigns targeting U.S. government, think tanks, and academic institutions using U.S.-China economic-themed lures. The group impersonated prominent entities like the Select Committee on Strategic Competition and the US-China Business Council to target individuals focused on U.S.-China relations....

The Gonepostal malware has been observed in an espionage campaign linked to KTA007 (aka Fancy Bear/APT28), a Russian state-sponsored group tied to GRU Unit 26165. The malware consists of a dropper DLL and a password-protected Outlook macro file (VbaProject.OTM) that enables backdoor access via email-based C2....

A research center uncovered a DPRK-linked espionage campaign targeting diplomatic missions in South Korea in early 2025. Between March and July, at least 19 spear-phishing attacks impersonated trusted contacts to lure embassy staff. Attackers used GitHub for covert C2 communications and cloud platforms like Dropbox to deliver XenoRAT malware....