Verticals Targeted: Business Process Outsourcing (BPO)
Regions Targeted: Not Specified
Related Families: None
Verticals Targeted: Government
Regions Targeted: Middle East, North Africa
Related Families: Phoenix, FakeUpdate
Executive Summary
A sophisticated phishing operation has been attributed to the Iran-linked APT MuddyWater, deploying an updated Phoenix backdoor to conduct espionage against government and international entities. The campaign leverages compromised mailboxes and macro-enabled Word documents to deliver custom injectors and persistence mechanisms, highlighting the group's reliance on trusted channels for initial access.
Verticals Targeted: NGOs, Policy Advisors, Dissidents
Regions Targeted: Not Specified
Related Families: LOSTKEYS, COLDCOPY, YESROBOT, MAYBEROBOT
Executive Summary
Industry researchers have identified new malware families, including NOROBOT, YESROBOT, and MAYBEROBOT, deployed by the Russian state-sponsored group COLDRIVER, targeting high-value individuals in NGOs, policy advisors, and dissidents. This rapid retooling, observed after the May 2025 disclosure of LOSTKEYS, showcases COLDRIVER’s evolving tactics to evade detection while maintaining aggressive intelligence collection.
Verticals Targeted: Telecommunications
Regions Targeted: Europe
Related Families: SNAPPYBEE (Deed RAT)
Executive Summary
Salt Typhoon, a China-linked advanced persistent threat (APT) group, has been targeting global critical infrastructure using sophisticated tactics like DLL sideloading and zero-day exploits. Recent activity targeted a European telecommunications entity.
Verticals Targeted: Not specified
Regions Targeted: Sri Lanka
Related Families: BeaverTail, OtterCookie, InvisibleFerret
Executive Summary
Famous Chollima, a DPRK-aligned threat group, has evolved its arsenal, with BeaverTail and OtterCookie increasingly merging functionalities to steal credentials and cryptocurrency via deceptive job offers. A recent campaign involved a trojanized Node.js application distributed through a malicious NPM package, highlighting the group's adaptation in delivery methods.
Verticals Targeted: Financial
Regions Targeted: Asia
Related Families: Fog Ransomware
Executive Summary
AdaptixC2, an open-source command-and-control framework, has emerged as a potent tool for threat actors, enabling file manipulation, data exfiltration, and covert network communication in attacks. Its modular design and AI-assisted deployment methods underscore the need for robust defenses to counter its evolving tactics.
Verticals Targeted: None specified
Regions Targeted: Russia
Related Families: None
Executive Summary
ClayRAT, a sophisticated Android spyware campaign targeting Russian users, leverages Telegram channels and phishing sites to distribute malicious APKs disguised as popular apps. Its rapid evolution, extensive surveillance capabilities, and self-propagation via SMS make it a significant threat to mobile security.
Verticals Targeted: Manufacturing, Government, Healthcare, Technology, Retail, Education, Financial, Construction
Regions Targeted: India, US, Europe, Brazil, Canada
Related Families: None
Executive Summary
The EvilAI malware campaign leverages AI-generated code and deceptive applications with valid digital signatures to infiltrate systems globally, targeting critical industries like manufacturing, government, and healthcare. By mimicking legitimate software and employing sophisticated obfuscation, EvilAI evades detection, exfiltrates sensitive data, and maintains persistent control via encrypted C2 communications, posing a significant threat to organizations worldwide.