Threat Research

UNC2814 is a PRC-aligned cyber espionage group active since at least 2017. It targets telecom and government sectors to steal communications intelligence and PII. The group has operated in 42 confirmed countries and over 70 suspected across multiple regions Africa, Asia, and the Americas....

Phantom Taurus is a newly identified Chinese nation-state APT group focused on espionage. Active for over two years, it targets government and telecom sectors in Africa, the Middle East, and Asia, especially ministries, embassies, and military operations. Known for its stealth and adaptive TTPs, the group uses a custom malware tool called NET-STAR....

On May 15th, email security tools detected a sophisticated spear-phishing campaign targeting CFOs and finance executives at banks, energy firms, insurance companies, and investment groups across Europe, Africa, Canada, the Middle East, and South Asia. This multi-stage attack aimed to deliver NetBird, a legitimate WireGuard-based remote access tool, onto victims’ systems....

Researchers have analyzed the infrastructure tactics of two state-sponsored groups: Gamaredon (linked to Russia) and RedFoxtrot/ShadowPad (linked to China). Gamaredon targets Ukrainian, Western, African, and NATO entities, using low-frequency DNS techniques, rapidly changing IPs, and a reusable TLS certificate for its .ru domains, making takedown difficult....

"SpyLoan: A Global Threat Exploiting Social Engineering" highlights the surge in predatory loan apps, known as SpyLoan, targeting Android users worldwide. These potentially unwanted programs (PUPs) use social engineering tactics to deceive users into providing sensitive information and granting excessive app permissions, leading to financial loss, harassment, and extortion....