Threat Actors
Explore detailed profiles of cyber threat actors — from state-sponsored groups to independent hacker collectives — including their motives, methods, and operations.
-
ToddyCat’s New Hacking Tools Steal Outlook Emails and Microsoft 365 Access Tokens
The threat actor ToddyCat is using new hacking tools to steal corporate email data, including a custom tool called TCSectorCopy. They aim to obtain OAuth 2.0 authorization tokens from user browsers for accessing corporate mail. According to Kaspersky, this allows them to access emails outside the compromised infrastructure. ToddyCat has been active since 2020, targeting…
-
Kimsuky and Lazarus Join Forces in Coordinated Attacks
North Korean hacking groups Kimsuky and Lazarus combine forces. They exploit zero-day vulnerabilities in coordinated attacks, targeting critical sectors worldwide. This marks a shift in state-sponsored threat operations.
-
North Korea’s ‘Contagious Interview’ Malware Delivery
North Korean threat actors in the “Contagious Interview” campaign are now using JSON storage services to host and deliver malicious payloads, signaling an evolving strategy to evade detection and maintain persistence.
-
North Korean Konni Group Leverages Google’s Find Hub to Wipe Android Devices in Latest Campaigns
North Korea’s Konni Group has escalated its cyber espionage tactics by leveraging Google’s legitimate Find Hub service to remotely wipe Android devices. This sophisticated campaign targets Android and Windows users with data theft and remote control objectives, initiating with spear-phishing emails and deploying the Lilith Remote Access Trojan (RAT).
-
Chinese State-Backed Hackers Weaponize Old Software Flaws for Global Espionage
Chinese state-backed hackers are exploiting old software vulnerabilities like Log4j and Microsoft IIS for global espionage, bypassing advanced defenses. This highlights the critical need for rigorous patch management against seemingly dated flaws.
-
Mysterious ‘SmudgedSerpent’ Hackers Target U.S. Policy Experts Amid Iran–Israel Tensions
A previously unidentified threat cluster, codenamed UNK_SmudgedSerpent, has been linked to a series of cyberattacks targeting academics and foreign policy experts in the U.S. during June-August 2025.
-
U.S. Prosecutors Indict Cybersecurity Insiders Accused of BlackCat Ransomware Attacks
Federal prosecutors in the United States have indicted three individuals, including cybersecurity professionals, for allegedly hacking into the networks of five U.S. companies using BlackCat (also known as ALPHV) ransomware between May and November 2023. The group is accused of deploying the ransomware and extorting victims for cryptocurrency payments.
-
U.S. Prosecutors Indict Three in BlackCat Ransomware Scheme
Federal prosecutors in the United States have indicted three individuals for allegedly operating as part of a BlackCat (ALPHV) ransomware operation, targeting five U.S. companies and extorting significant sums.
-
Microsoft Discloses “SesameOp” Backdoor Abusing OpenAI API for Stealthy Command and Control
Microsoft has identified a novel backdoor, designated “SesameOp,” that employs OpenAI’s Assistants API for its command-and-control (C2) infrastructure. This technique allows threat actors to stealthily manage compromised systems and orchestrate malicious activities by using the API as a communication relay.
-
SleepyDuck Malware Evolves with Ethereum C2 Resilience
A new sophisticated remote access trojan, dubbed “SleepyDuck,” has been discovered in the Open VSX registry, a marketplace for IDE extensions. Initially published as a benign extension on October 31, 2025, it was updated on November 1, 2025, to include malicious capabilities and has since garnered over 14,000 downloads.