Threat Research

The Agenda ransomware group (Qilin) has been observed deploying Linux-based binaries on Windows hosts using legitimate remote management and file transfer tools. This cross-platform technique evades traditional Windows-focused detections, including many EDR solutions....

Chinese state-sponsored APT (Advanced Persistent Threat) actors are conducting global cyber espionage operations targeting key infrastructure sectors such as telecommunications, government, transportation, and military networks....

The DragonForce ransomware group has shifted its focus from politically motivated attacks to high-profile financial extortion campaigns, recently targeting UK retailers like Harrods, Marks and Spencer, and the Co-Op, causing significant disruptions to critical operations like payment systems and inventory management....

Our researchers have observed a rise in campaigns and malicious domains impersonating tax agencies and financial organizations. This trend aligns with the annual surge in tax-related threats typically seen from December to April, coinciding with tax deadlines in the U.K. and U.S....

XWorm Malware Targets United Kingdom’s Hospitality Sector refers to the use of XWorm, a versatile Malware-as-a-Service (MaaS) available on darknet forums, which is being deployed to target businesses within the UK’s hospitality sector. XWorm primarily functions as a Remote Access Tool (RAT), giving attackers control over compromised systems....