Researchers have analyzed the infrastructure tactics of two state-sponsored groups: Gamaredon (linked to Russia) and RedFoxtrot/ShadowPad (linked to China). Gamaredon targets Ukrainian, Western, African, and NATO entities, using low-frequency DNS techniques, rapidly changing IPs, and a reusable TLS certificate for its .ru domains, making takedown difficult....