Threat Research

Team has disclosed UAT-9244, assessed with high confidence as a China-nexus APT actor linked to Famous Sparrow. Since 2024, the group has targeted critical telecommunications infrastructure in South America. Its attacks impact Windows and Linux endpoints as well as network edge devices....

Operation highlights how the Chinese-linked threat actor Ink Dragon is expanding and refining its cyber-espionage campaigns. The group has shifted increased attention toward European government targets while maintaining activity in Southeast Asia and South America....

As of mid-September 2025, GOLD SALEM has named 60 victims, placing it mid-tier among active ransomware groups. Its targets range from small entities to major multinational firms across North America, Europe, and South America. Consistent with typical ransomware behavior, the group has mostly avoided victims in China and Russia....

Since early August 2025, a sophisticated malvertising campaign has been observed where attackers abuse GitHub’s repository forking system to deliver a fake GitHub Desktop client. The attackers create dangling commits by forking legitimate repositories, injecting malicious commits, and then deleting the fake user accounts....

In March 2025, activity from APT-C-36, also known as Blind Eagle, was detected following similar tactics used in previous campaigns. The group, believed to be a South American threat actor, initiates attacks with .url files that download an initial downloader from a WebDAV server....

"SpyLoan: A Global Threat Exploiting Social Engineering" highlights the surge in predatory loan apps, known as SpyLoan, targeting Android users worldwide. These potentially unwanted programs (PUPs) use social engineering tactics to deceive users into providing sensitive information and granting excessive app permissions, leading to financial loss, harassment, and extortion....