Verticals Targeted: Gaming, Cryptocurrency
Regions Targeted: US, Germany, India, UK, Italy, Vietnam, Canada, Norway, Sweden, Finland, Spain
Related Families: Weedhack
Verticals Targeted: Healthcare, Children’s Hospitals
Regions Targeted: US, Europe, Canada
Related Threat Actors: Iranian Threat Actors, Vanilla Tempest, Vice Society
Related Families: Rhysida, LockBit, INC
Executive Summary
Children's hospitals face a unique convergence of cyber risks involving ransomware, data theft, identity fraud, and emotionally motivated targeting. Unlike adult healthcare records, compromised pediatric identities may retain criminal value for decades, supporting synthetic identity fraud, financial abuse, and long-term impersonation. At the same time, children's hospitals operate in highly sensitive environments where disruptions can directly impact patient care and generate significant public pressure. Documented incidents demonstrate that pediatric healthcare organizations remain attractive targets for ransomware groups, nation-state actors, and hacktivists seeking operational, financial, or ideological objectives.
Verticals Targeted: Aviation, Defense, Telecommunications, Software Development, Government
Regions Targeted: US, Israel, UAE, Saudi Arabia, Western Europe, Middle East, Africa
Related Threat Actors: Nimbus Manticore
Related Families: MiniJunk, MiniFast
Executive Summary
IRGC-affiliated threat actor Nimbus Manticore significantly expanded its operational capabilities during the ongoing 2026 Middle East conflict, introducing a new backdoor dubbed MiniFast alongside advanced delivery mechanisms including AppDomain Hijacking, scheduled task abuse, and SEO poisoning. The campaign has targeted aviation, software, defense, and telecommunications organizations across the US, Europe, and the Middle East using phishing lures, Trojanized software installers, and stealth-focused persistence techniques designed to blend into legitimate enterprise activity.
Verticals Targeted: Financial, Cryptocurrency
Related Threat Actors: Lazarus
Related Families: DPAPILoader, RemotePELoader, RemotePE
Executive Summary
Researchers identified a sophisticated Lazarus-linked malware ecosystem composed of DPAPILoader, RemotePELoader, and RemotePE, a chained toolset designed for stealth, persistence, and long-term access in high-value financial and cryptocurrency environments. The malware leverages DPAPI-based environmental keying, direct syscall techniques, ETW suppression, and memory-only payload execution to minimize forensic visibility and evade modern endpoint defenses.
Verticals Targeted: Government, Defense, Diplomatic Organizations, Research Institutions
Regions Targeted: Europe, Central Asia, Ukraine
Related Threat Actors: Secret Blizzard (aka Turla, Venomous Bear)
Related Families: Kazuar, Pelmeni
Verticals Targeted: Technology, Artificial Intelligence, Cloud, Software Development
Regions Targeted: US, Europe, Global
Related Threat Actors: TeamPCP
Related Families: Mini Shai-Hulud
Executive Summary
A coordinated software supply chain campaign linked to TeamPCP has demonstrated how modern CI/CD ecosystems can be weaponized to distribute malicious code, harvest developer credentials, and potentially enable broader downstream compromise. Recent operations tied to the actor targeted trusted software distribution infrastructure across GitHub Actions, PyPI, Docker Hub, VS Code/OpenVSX, and npm ecosystems through poisoned packages, malicious workflows, and compromised release mechanisms.
Verticals Targeted: Government, Defense, Technology, Transportation, Critical Infrastructure
Regions Targeted: South Asia, Southeast Asia, East Asia
Related Families: ShadowPad, GODZILLA, NOODLERAT, IOX, GOST, Wstunnel, RingQ, VShell
Executive Summary
A newly identified China-aligned cyberespionage campaign tracked as SHADOW-EARTH-053 is targeting government agencies, defense-adjacent contractors, and critical infrastructure organizations across Asia through exploitation of unpatched Microsoft Exchange and IIS vulnerabilities. The operation relies heavily on legacy Exchange flaws, web shell persistence, ShadowPad malware deployment, credential theft, and covert tunneling infrastructure to maintain long-term access within victim environments. The campaign demonstrates that older but still-exploitable enterprise infrastructure continues to provide reliable access opportunities for state-aligned espionage operators and reinforces the operational importance of proactive detection, behavioral monitoring, and layered telemetry visibility.
Verticals Targeted: Government, Scientific Research, Manufacturing, Retail, Education
Regions Targeted: Russia, Belarus, Thailand, Brazil, Turkey, Spain, Germany, France, Italy, China
Related Families: QUIC RAT