Threat Actors
Explore detailed profiles of cyber threat actors — from state-sponsored groups to independent hacker collectives — including their motives, methods, and operations.
-
D-Knife Spyware: China-Linked APT Hijacks Routers for Cyber Espionage
Unveiling the D-Knife spyware campaign, a sophisticated China-linked APT operation hijacking internet routers for persistent surveillance and data exfiltration. Discover its techni
·
·
1–2 minutes -
China-Linked UNC3886 Cyber Espionage Targets Singapore Telecom
China-linked APT UNC3886’s sophisticated cyber espionage against Singapore’s telecom sector highlights evolving nation-state threats to critical infrastructure, demanding executive
·
·
2–3 minutes -
German Security Agencies Warn of State-Sponsored Phishing Attacks via Messenger Services
German security agencies issue a joint warning about state-sponsored phishing attacks targeting high-profile individuals via Signal and other messenger services, posing significant
·
·
2–3 minutes -
Transparent Tribe APT36: Weaponized Shortcuts and Adaptive Persistence Target Indian Government Entities
Transparent Tribe (APT36) launches a sophisticated multi-stage malware campaign using weaponized Windows shortcut files embedded with PDF content, targeting Indian government and academic institutions. The RAT adapts its persistence mechanisms…
·
·
5–7 minutes -
ToddyCat’s New Hacking Tools Steal Outlook Emails and Microsoft 365 Access Tokens
The threat actor ToddyCat is using new hacking tools to steal corporate email data, including a custom tool called TCSectorCopy. They aim to obtain OAuth 2.0 authorization tokens from user…
·
·
2–3 minutes -
Kimsuky and Lazarus Join Forces in Coordinated Attacks
North Korean hacking groups Kimsuky and Lazarus combine forces. They exploit zero-day vulnerabilities in coordinated attacks, targeting critical sectors worldwide. This marks a shift in state-sponsored threat operations.
·
·
1–2 minutes -
North Korea’s ‘Contagious Interview’ Malware Delivery
North Korean threat actors in the “Contagious Interview” campaign are now using JSON storage services to host and deliver malicious payloads, signaling an evolving strategy to evade detection and maintain…
·
·
1–2 minutes -
North Korean Konni Group Leverages Google’s Find Hub to Wipe Android Devices in Latest Campaigns
North Korea’s Konni Group has escalated its cyber espionage tactics by leveraging Google’s legitimate Find Hub service to remotely wipe Android devices. This sophisticated campaign targets Android and Windows users…
·
·
2–3 minutes -
Chinese State-Backed Hackers Weaponize Old Software Flaws for Global Espionage
Chinese state-backed hackers are exploiting old software vulnerabilities like Log4j and Microsoft IIS for global espionage, bypassing advanced defenses. This highlights the critical need for rigorous patch management against seemingly…
·
·
2–3 minutes -
Mysterious ‘SmudgedSerpent’ Hackers Target U.S. Policy Experts Amid Iran–Israel Tensions
A previously unidentified threat cluster, codenamed UNK_SmudgedSerpent, has been linked to a series of cyberattacks targeting academics and foreign policy experts in the U.S. during June-August 2025.
·
·
1–2 minutes
