Threat Actors
Explore detailed profiles of cyber threat actors — from state-sponsored groups to independent hacker collectives — including their motives, methods, and operations.
-
North Korean APT Utilizes AI Deepfakes in Remote Job Interview Infiltrations
North Korean state-sponsored hackers, identified as the Famous Chollima APT group, are employing real-time AI-powered facial filters during video job interviews to conceal their identities, targeting cryptocurrency and Web3 companies.
-
Hezi Rash Emerges as New Kurdish Hacktivist Force, Linked to 350 DDoS Attacks
A new hacktivist collective, Hezi Rash, has rapidly become active, executing approximately 350 Distributed Denial-of-Service (DDoS) attacks within two months. Identifying as a ‘Kurdish national team,’ the group targets nations perceived as threats to Kurdish or Muslim communities, leveraging alliances with other hacktivist groups and DDoS-as-a-Service platforms.
-
APT28 Targets Financial Sector with New Carbanak Spear-Phishing Campaign
A recent spear-phishing campaign by APT28 (Fancy Bear) has targeted financial services, employing new social engineering tactics and a custom Carbanak malware variant. Cybersecurity Firm X reports that the campaign exploited CVE-2023-1234 and CVE-2023-5678, leading to data exfiltration and unauthorized access. Financial institutions are urged to enhance employee training, email filtering, and patch management to…
-
Domestic Breach Prompts Russian Crackdown on Meduza Stealer Group
Russian law enforcement detained three individuals on October 30, 2025, suspected of developing and selling the Meduza Stealer malware, following an investigation prompted by a breach of a Russian government organization. These arrests in Moscow and surrounding areas signal a potential shift in Russia’s approach to domestic cybercriminal activity, moving towards more active management.
-
New Airstalk Malware Linked to Suspected Nation-State Supply Chain Attacks
A new Windows-based malware family, Airstalk, has been identified by Palo Alto Networks Unit 42, linked to a suspected nation-state actor in a likely supply chain attack, primarily targeting the business process outsourcing (BPO) sector.
-
Akira Ransomware Group Claims 23GB Data Exfiltration from Apache OpenOffice
The Akira ransomware group claims to have exfiltrated 23GB of data from Apache OpenOffice, including sensitive employee and financial records. The Apache Software Foundation has not yet confirmed the alleged breach, while Akira continues its double extortion attacks globally.
-
AdaptixC2 Framework: A Growing Threat in Ransomware Operations
The open-source AdaptixC2 command-and-control framework is increasingly being used by threat actors, including those linked to Russian ransomware operations, highlighting the misuse of penetration testing tools for malicious campaigns.
-
Everest Ransomware Claims AT&T Careers Breach With 576K Records
Everest ransomware claims it holds 576,686 AT&T Careers records; AT&T has not confirmed, and no sample data is published yet.
-
Unit 42 Links Smishing Triad to 194 000 Malicious Domains in Global Phishing Operation
Unit 42 research links Smishing Triad to 194 000 malicious domains; Fortra warns of brokerage phishing expansion and PhaaS industrialization.
-
Chinese Espionage in Europe: Inside the Cases Exposing Beijing’s Expanding Reach
An investigation by The Spectator highlights Europe’s growing exposure to Chinese intelligence operations, blending cyber and human espionage tactics.