Verticals Targeted: Enterprise Networks
Regions Targeted: US, UK, Germany
Related Families: SystemBC, Cobalt Strike
Verticals Targeted: Water, Critical Infrastructure
Regions Targeted: Israel
Executive Summary
ZionSiphon is an OT-focused malware sample designed to identify and interact with water treatment and desalination environments. It was used to target water treatment systems in Israel. Although the analyzed version appears partially non-functional, it demonstrates ICS-aware targeting, industrial protocol interaction, and politically motivated intent. The sample provides insight into evolving adversary interest in manipulating systems that underpin critical infrastructure operations.
Verticals Targeted: Critical Infrastructure, ONG, Electricity, Water, Government
Regions Targeted: US
Related Threat Actors: CyberAv3ngers, Static Kitten, Refined Kitten, Helix Kitten, Banished Kitten
Executive Summary
A joint US government advisory confirmed that Iran-affiliated cyber actors are actively exploiting internet-facing industrial control systems, particularly Rockwell Automation/Allen-Bradley PLCs, across US critical infrastructure. The activity has resulted in operational disruption, manipulation of HMI/SCADA data, and financial loss in sectors including water, energy, and government facilities. The campaign reflects a continuation of Iran’s established OT targeting playbook, prioritizing exposed industrial assets over sophisticated intrusion chains. Recent activity indicates a shift from defacement and signaling toward direct process interference, increasing the risk of real-world operational impact during periods of geopolitical tension.
Verticals Targeted: Cryptocurrency, Gaming, Social Messaging, Enterprise Systems
Regions Targeted: Russia
Related Families: WebRAT (aka Salat Stealer)
Executive Summary
CrystalX RAT is a newly identified malware-as-a-service (MaaS) platform combining traditional remote access, credential theft, and surveillance capabilities with disruptive prankware features, signaling a shift toward multi-purpose, user-impacting cybercrime tooling. It has been observed targeting consumer endpoints, cryptocurrency users, gaming and messaging platforms, and general enterprise users across Russia, with the potential for global reach.
Verticals Targeted: Healthcare
Regions Targeted: US
Executive Summary
Iran-linked cyber threats have elevated risk across the US healthcare sector, driven by the disruptive March 11 attack on Stryker, increased geopolitical tensions, and explicit warning signals from government and industry. A CISA acting director threat brief identifies healthcare as an actively targeted and highly exposed civilian sector, while vendor reporting links recent disruptive activity to MOIS-affiliated actors operating under personas such as Handala. Although widespread direct intrusions into hospitals have not been publicly confirmed, the convergence of supplier disruption, proxy activity, and sector vulnerabilities creates a credible near-term threat environment for healthcare entities and their supporting ecosystem.
Verticals Targeted: Software, Technology, Cloud, Enterprise IT environments
Regions Targeted: Global
Related Families: WAVESHAPER.V2
Executive Summary
A supply chain compromise of the widely used Axios npm package introduced a malicious dependency delivering cross-platform remote access trojans, now linked with high confidence to a North Korea–aligned threat cluster UNC1069. The campaign leveraged maintainer account takeover, npm publishing abuse, and install-time execution to target developer environments and CI/CD pipelines during a short but high-risk exposure window.
Verticals Targeted: Semiconductors, Artificial Intelligence, Cloud, Biotechnology, Healthcare, Critical Infrastructure, Telecommunications, Aerospace, Defense
Regions Targeted: US, Taiwan, Japan, South Korea, UK, Germany, France, Israel, Singapore, Australia
Related Families: CanisterWorm