Threat Actors
Explore detailed profiles of cyber threat actors — from state-sponsored groups to independent hacker collectives — including their motives, methods, and operations.
-
Malicious VSX Extension “SleepyDuck” Leverages Ethereum for Command and Control
A malicious VSX extension dubbed “SleepyDuck” has been discovered in the Open VSX registry, utilizing the Ethereum blockchain for its command and control (C2) infrastructure. Initially distributed as a legitimate Solidity development tool, the extension was updated to include malicious functionalities, posing a significant threat to developers.
-
Remote Monitoring Tools Weaponized in Escalating Cargo Freight Hijacks
Threat actors are increasingly weaponizing legitimate remote monitoring and management (RMM) tools to hijack cargo freight, leading to significant disruptions in global supply chains. This sophisticated cyber-physical attack strategy involves compromising broker load boards, deploying phishing campaigns, and leveraging RMM tools to orchestrate the physical theft of goods, often in collaboration with organized crime groups.…
-
Alleged Jabber Zeus Coder ‘MrICQ’ Extradited to U.S.
Yuriy Igorevich Rybtsov, known online as “MrICQ” and an alleged developer for the Jabber Zeus cybercrime group, has been arrested in Italy and extradited to the United States. He faces charges related to a scheme that allegedly stole tens of millions of dollars from U.S. businesses.
-
North Korean APT Utilizes AI Deepfakes in Remote Job Interview Infiltrations
North Korean state-sponsored hackers, identified as the Famous Chollima APT group, are employing real-time AI-powered facial filters during video job interviews to conceal their identities, targeting cryptocurrency and Web3 companies.
-
Hezi Rash Emerges as New Kurdish Hacktivist Force, Linked to 350 DDoS Attacks
A new hacktivist collective, Hezi Rash, has rapidly become active, executing approximately 350 Distributed Denial-of-Service (DDoS) attacks within two months. Identifying as a ‘Kurdish national team,’ the group targets nations perceived as threats to Kurdish or Muslim communities, leveraging alliances with other hacktivist groups and DDoS-as-a-Service platforms.
-
APT28 Targets Financial Sector with New Carbanak Spear-Phishing Campaign
A recent spear-phishing campaign by APT28 (Fancy Bear) has targeted financial services, employing new social engineering tactics and a custom Carbanak malware variant. Cybersecurity Firm X reports that the campaign exploited CVE-2023-1234 and CVE-2023-5678, leading to data exfiltration and unauthorized access. Financial institutions are urged to enhance employee training, email filtering, and patch management to…
-
Domestic Breach Prompts Russian Crackdown on Meduza Stealer Group
Russian law enforcement detained three individuals on October 30, 2025, suspected of developing and selling the Meduza Stealer malware, following an investigation prompted by a breach of a Russian government organization. These arrests in Moscow and surrounding areas signal a potential shift in Russia’s approach to domestic cybercriminal activity, moving towards more active management.
-
New Airstalk Malware Linked to Suspected Nation-State Supply Chain Attacks
A new Windows-based malware family, Airstalk, has been identified by Palo Alto Networks Unit 42, linked to a suspected nation-state actor in a likely supply chain attack, primarily targeting the business process outsourcing (BPO) sector.
-
Akira Ransomware Group Claims 23GB Data Exfiltration from Apache OpenOffice
The Akira ransomware group claims to have exfiltrated 23GB of data from Apache OpenOffice, including sensitive employee and financial records. The Apache Software Foundation has not yet confirmed the alleged breach, while Akira continues its double extortion attacks globally.
-
AdaptixC2 Framework: A Growing Threat in Ransomware Operations
The open-source AdaptixC2 command-and-control framework is increasingly being used by threat actors, including those linked to Russian ransomware operations, highlighting the misuse of penetration testing tools for malicious campaigns.