Verticals Targeted: Cloud Computing
Regions Targeted: United Arab Emirates, Bahrain
Executive Summary
On February 28th, US and Israeli military forces conducted a coordinated and multifaceted attack on Iran. Known as Operation Epic Fury by the Americans and Operation Lion’s Roar by the Israelis, the objective was to neutralize a long-term threat and prevent the Iranian regime from obtaining nuclear missiles. As with any conflict involving Iran, practitioners monitoring the cybersecurity threat landscape expect kinetic warfare to spill over into the cyber realm and wait with bated breath to see what retaliatory attacks may occur. As of early March 2026, the conflict remains active, with ongoing strikes, regional disruptions, and uncertain regime stability.
Verticals Targeted: Financial
Regions Targeted: Argentina
Related Families: VNCSpy
Executive Summary
PromptSpy is the first documented Android malware family to integrate generative AI, specifically Google's Gemini, into its execution flow for dynamic, context-aware persistence. Primarily functioning as a remote access trojan with a built-in VNC module, this malware demonstrates how large language models can enhance adaptability in mobile threats, particularly for UI manipulation resistant to device variations.
Verticals Targeted: Cryptocurrency, Corporations, Social Media, Finance, Developers
Regions Targeted: Not Specified
Related Families: Trojan/OpenClaw.PolySkill, Atomic Stealer (AMOS)
Executive Summary
Threat actors conducted a widespread supply chain poisoning operation, named ClawHavoc, by uploading hundreds of malicious Skills to the ClawHub marketplace for the OpenClaw AI agent framework, employing social engineering to induce users to execute payloads that install information stealers and backdoors. The campaign leverages over 900 malicious skills to target high-value users across cryptocurrency, productivity, and social media categories to steal credentials, wallet data, and bot configurations.
Verticals Targeted: Financial, Government
Regions Targeted: Southern Europe
Related Families: None
Executive Summary
Massiv represents an emerging Android banking Trojan family capable of overlay-based credential theft, keylogging, message interception, and full device takeover via remote control features, enabling fraudulent transactions and account manipulations. Distributed primarily through fake IPTV applications sideloaded outside official stores, it has facilitated confirmed fraud in southern Europe, particularly exploiting Portuguese government digital identity tools for bypassing security verifications.
Verticals Targeted: Cryptocurrency, Financial
Regions Targeted: Not specified
Related Families: SUGARLOADER, WAVESHAPER, HYPERCALL, HIDDENCALL, SILENCELIFT, DEEPBREATH, CHROMEPUSH
Executive Summary
A targeted intrusion into a FinTech entity in the cryptocurrency sector was attributed to UNC1069, a North Korea-nexus financially motivated threat actor. The operation deployed seven unique malware families on a macOS host through sophisticated social engineering involving a compromised Telegram account, a spoofed Zoom meeting, a reported deepfake video, and a ClickFix technique to initiate infection.
Verticals Targeted: Government, Telecommunications, Finance, Aerospace
Regions Targeted: North America, South America, Africa, Europe, Asia
Related Families: Diaoyu Loader, ShadowGuard, Cobalt Strike, VShell
Executive Summary
A sophisticated state-aligned cyberespionage operation attributed to TGR-STA-1030 (also tracked as UNC6619) has been discovered, operating from Asia. It has compromised government and critical infrastructure entities across 37 countries over the past year while conducting reconnaissance against government infrastructure in 155 countries. The group's “Shadow Campaigns” leverage phishing, N-day exploitations, and advanced tooling to prioritize intelligence collection on economic partnerships, trade, and diplomatic activities.
Verticals Targeted: Not specified
Regions Targeted: Central and Eastern Europe
Related Families: MiniDoor, Covenant Grunt, PixyNetLoader