Threat Research

    The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors

    DarkSword is a sophisticated iOS full-chain exploit leveraging multiple zero-day vulnerabilities to fully compromise devices running iOS 18.4 to 18.7. Since late 2025, it has been used by commercial surveillance vendors and state-sponsored actors across campaigns targeting regions including Saudi Arabia, Turkey, Malaysia, and Ukraine....
    3/19/2026  0
    Read More »

    APT28’s Stealthy Multi-Stage Campaign Leveraging CVE‑2026‑21509 and Cloud C2 Infrastructure

    APT28, a Russian state-sponsored threat group also known as Fancy Bear or UAC-0001, is conducting a sophisticated espionage campaign against European military and government entities. The operation primarily targets maritime and transportation organizations in Poland, Slovenia, Turkey, Greece, the UAE, and Ukraine....
    2/5/2026  0
    Read More »

    GRU-Linked BlueDelta Evolves Credential Harvesting

    Between February and September 2025, multiple credential-harvesting campaigns were attributed to BlueDelta, a Russian state-sponsored threat group linked to the GRU. These operations expand on BlueDelta’s ongoing credential-theft activity previously documented in Insikt Group’s December 2025 report. During 2025, BlueDelta targeted a limited but distinct set of victims....
    1/23/2026  0
    Read More »

    From Scripts to Systems: A Comprehensive Look at Tangerine Turkey Operations

    Tangerine Turkey utilizes VBScript-based worms that propagate laterally through removable media such as USB drives. The group relies on living-off-the-land binaries (LOLBins), including wscript.exe and printui.exe, to execute payloads and maintain persistence. To evade detection, they alter registry settings and disguise malicious executables as legitimate system files....
    1/6/2026  0
    Read More »

    UDPGangster Campaigns Target Multiple Countries

    UDPGangster is a UDP-based backdoor linked to the MuddyWater threat group, active in cyber-espionage across the Middle East. It enables remote control of infected systems, supporting command execution, file exfiltration, and payload delivery over stealthy UDP channels. Recent campaigns have targeted users in Turkey, Israel, and Azerbaijan....
    12/8/2025  0
    Read More »

    Hidden in Plain Sight: TA397’s New Attack Chain Delivers Espionage RATs

    On November 18, 2024, TA397 (also known as Bitter) targeted a defense sector organization in Turkey with a spearphishing email. The email included a RAR archive containing a decoy PDF (~tmp.pdf), a malicious LNK file disguised as a PDF (PUBLIC INVESTMENTS PROJECTS 2025.pdf.lnk), and an Alternate Data Stream (ADS) file with embedded PowerShell code....
    12/18/2024  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.