Threat Research

Gamaredon, a Russian APT (Advanced Persistent Threat) group operated by the FSB, continues to conduct long-term cyberespionage campaigns targeting Ukrainian government, military, and critical infrastructure organizations....

A newly identified set of China-aligned campaigns is targeting government entities and critical infrastructure across South, East, and Southeast Asia, plus one NATO member state. This activity is being tracked as SHADOW-EARTH-053....

A threat cluster tracked as UAT-10362 APT is conducting spear-phishing campaigns targeting Taiwanese NGOs and academic institutions, delivering a newly identified malware family called LucidRook. The malware uses a DLL-based stager embedding Lua and Rust components to execute staged payloads, with region-specific checks to target Traditional Chinese environments....

Iran-linked advanced persistent threat (APT) actors are exploiting internet-facing operational technology (OT) devices, including Rockwell/Allen-Bradley PLCs. Their actions have disrupted PLC operations across multiple U.S. critical infrastructure sectors. Attacks involve tampering with project files and altering data on HMI and SCADA systems....

Pawn Storm, a Russia-aligned APT group, is targeting Ukraine’s defense supply chain and allied nations. It deploys PRISMEX, a modular malware suite using steganography, COM hijacking, and cloud-based C2. The group exploited multiple flaws, including a Windows zero-day (CVE-2026-21513). Malicious .lnk files via CVE-2026-21509 may chain with CVE-2026-21513, per Akamai findings....

Boggy Serpens (also known as MuddyWater), an Iranian state-linked threat group associated with MOIS, continues to conduct cyberespionage campaigns targeting diplomatic entities and critical infrastructure sectors such as energy, maritime, and finance....

Since at least 2020, we have observed a cluster of activity targeting high-value organizations across South, Southeast, and East Asia. The attacks focus on critical sectors including aviation, energy, government, law enforcement, pharmaceutical, technology, and telecommunications. This ongoing and previously undocumented activity is being tracked as CL-UNK-1068....

A dramatic and dangerous phase in Middle Eastern geopolitics has begun with open conflict between Iran, Israel, and the United States. Last week, U.S. and Israeli forces launched Operation Lion’s Roar, targeting Iranian military and nuclear facilities. Iran responded with retaliation, escalating the conflict across the region....

On 28 February 2026, U.S. and Israeli forces launched combined air and cyber attacks that disrupted Iranian communications networks and critical systems....

The Shadow Campaigns reveal a highly sophisticated, state-aligned cyberespionage group tracked as TGR-STA-1030, assessed to operate out of Asia and responsible for extensive compromises of government and critical infrastructure organizations worldwide....