Threat Research

Boggy Serpens (also known as MuddyWater), an Iranian state-linked threat group associated with MOIS, continues to conduct cyberespionage campaigns targeting diplomatic entities and critical infrastructure sectors such as energy, maritime, and finance....

Seedworm (also known as MuddyWater) has been observed conducting cyber espionage activities against multiple organizations in the United States and Canada since early 2026. Targeted entities include a U.S. bank, airport, defense-related software company, and non-profit organizations....

The Muddy Water APT has launched a spearphishing campaign targeting diplomatic, maritime, financial, and telecom sectors across the Middle East, delivering malicious Word documents with icon spoofing....

A renewed RTO/e-Challan phishing wave is actively targeting Indian vehicle owners through SMS-based lures that link to fake, browser-based portals mimicking official government services....

Cybercriminals are targeting trucking and freight companies through complex attack chains to steal cargo shipments. Cargo theft has become a multi-million-dollar industry, with digital transformation fueling a surge in cyber-enabled theft. Attackers infiltrate logistics firms and exploit their access to bid on shipments, which they then steal and resell....

Since early August 2025, a sophisticated malvertising campaign has been observed where attackers abuse GitHub’s repository forking system to deliver a fake GitHub Desktop client. The attackers create dangling commits by forking legitimate repositories, injecting malicious commits, and then deleting the fake user accounts....

Chinese state-sponsored APT (Advanced Persistent Threat) actors are conducting global cyber espionage operations targeting key infrastructure sectors such as telecommunications, government, transportation, and military networks....

A Russian state-sponsored cyber campaign has been targeting Western logistics and technology companies, particularly those supporting the coordination, transportation, and delivery of foreign aid to Ukraine....

This report examines the tools used by threat group TGR-CRI-0045, which appears to operate opportunistically. The group has targeted organizations in Europe and the U.S. across sectors like finance, manufacturing, tech, and logistics. They used leaked keys to sign malicious payloads via ASP.NET View State deserialization, enabling in-memory execution with minimal artifacts....

A China-nexus threat actor is actively exploiting a critical vulnerability (CVE-2025-4428) in Ivanti Endpoint Manager Mobile (EPMM) version 12.5.0.0 and earlier. The flaw, when chained with CVE-2025-4427, enables unauthenticated remote code execution on vulnerable systems. Exploitation has been observed since May 15, 2025, targeting internet-facing Ivanti EPMM instances....