Threat Actors
Explore detailed profiles of cyber threat actors — from state-sponsored groups to independent hacker collectives — including their motives, methods, and operations.
-
Chinese State-Backed Hackers Weaponize Old Software Flaws for Global Espionage
Chinese state-backed hackers are exploiting old software vulnerabilities like Log4j and Microsoft IIS for global espionage, bypassing advanced defenses. This highlights the critical need for rigorous patch management against seemingly dated flaws.
-
Mysterious ‘SmudgedSerpent’ Hackers Target U.S. Policy Experts Amid Iran–Israel Tensions
A previously unidentified threat cluster, codenamed UNK_SmudgedSerpent, has been linked to a series of cyberattacks targeting academics and foreign policy experts in the U.S. during June-August 2025.
-
U.S. Prosecutors Indict Cybersecurity Insiders Accused of BlackCat Ransomware Attacks
Federal prosecutors in the United States have indicted three individuals, including cybersecurity professionals, for allegedly hacking into the networks of five U.S. companies using BlackCat (also known as ALPHV) ransomware between May and November 2023. The group is accused of deploying the ransomware and extorting victims for cryptocurrency payments.
-
U.S. Prosecutors Indict Three in BlackCat Ransomware Scheme
Federal prosecutors in the United States have indicted three individuals for allegedly operating as part of a BlackCat (ALPHV) ransomware operation, targeting five U.S. companies and extorting significant sums.
-
Microsoft Discloses “SesameOp” Backdoor Abusing OpenAI API for Stealthy Command and Control
Microsoft has identified a novel backdoor, designated “SesameOp,” that employs OpenAI’s Assistants API for its command-and-control (C2) infrastructure. This technique allows threat actors to stealthily manage compromised systems and orchestrate malicious activities by using the API as a communication relay.
-
SleepyDuck Malware Evolves with Ethereum C2 Resilience
A new sophisticated remote access trojan, dubbed “SleepyDuck,” has been discovered in the Open VSX registry, a marketplace for IDE extensions. Initially published as a benign extension on October 31, 2025, it was updated on November 1, 2025, to include malicious capabilities and has since garnered over 14,000 downloads.
-
Malicious VSX Extension “SleepyDuck” Leverages Ethereum for Command and Control
A malicious VSX extension dubbed “SleepyDuck” has been discovered in the Open VSX registry, utilizing the Ethereum blockchain for its command and control (C2) infrastructure. Initially distributed as a legitimate Solidity development tool, the extension was updated to include malicious functionalities, posing a significant threat to developers.
-
Remote Monitoring Tools Weaponized in Escalating Cargo Freight Hijacks
Threat actors are increasingly weaponizing legitimate remote monitoring and management (RMM) tools to hijack cargo freight, leading to significant disruptions in global supply chains. This sophisticated cyber-physical attack strategy involves compromising broker load boards, deploying phishing campaigns, and leveraging RMM tools to orchestrate the physical theft of goods, often in collaboration with organized crime groups.…
-
Alleged Jabber Zeus Coder ‘MrICQ’ Extradited to U.S.
Yuriy Igorevich Rybtsov, known online as “MrICQ” and an alleged developer for the Jabber Zeus cybercrime group, has been arrested in Italy and extradited to the United States. He faces charges related to a scheme that allegedly stole tens of millions of dollars from U.S. businesses.
-
North Korean APT Utilizes AI Deepfakes in Remote Job Interview Infiltrations
North Korean state-sponsored hackers, identified as the Famous Chollima APT group, are employing real-time AI-powered facial filters during video job interviews to conceal their identities, targeting cryptocurrency and Web3 companies.