Verticals Targeted: Banking, Aviation, Defense, Healthcare
Regions Targeted: US, Canada
Related Families: Dindoor, Fakeset, Stagecomp, Darkcomp
Verticals Targeted: Maritime, Shipping
Regions Targeted: Middle East
Executive Summary
Recent maritime navigation anomalies in the Persian Gulf and Strait of Hormuz suggest the use of GNSS spoofing and other electronic warfare techniques disrupting vessel positioning systems and AIS tracking data. Ships have reported GPS positions drifting or appearing in multiple locations across maritime telemetry platforms. The activity coincides with radio warnings broadcast to ships transiting the Strait and may reflect Iran’s asymmetric strategy to influence maritime traffic while avoiding direct escalation. It may also indicate a temporary shift toward electronic warfare while Iranian cyber operators rebuild infrastructure following recent strikes.
Verticals Targeted: Cloud Computing
Regions Targeted: United Arab Emirates, Bahrain
Executive Summary
Iranian drone strikes damaging multiple Amazon Web Services (AWS) data centers in the United Arab Emirates and Bahrain demonstrate how modern conflicts increasingly target digital infrastructure that underpins global computing. The incident disrupted multiple AWS services and highlights the growing strategic importance and vulnerability of hyperscale cloud infrastructure.
Executive Summary
On February 28th, US and Israeli military forces conducted a coordinated and multifaceted attack on Iran. Known as Operation Epic Fury by the Americans and Operation Lion’s Roar by the Israelis, the objective was to neutralize a long-term threat and prevent the Iranian regime from obtaining nuclear missiles. As with any conflict involving Iran, practitioners monitoring the cybersecurity threat landscape expect kinetic warfare to spill over into the cyber realm and wait with bated breath to see what retaliatory attacks may occur. As of early March 2026, the conflict remains active, with ongoing strikes, regional disruptions, and uncertain regime stability.
Verticals Targeted: Financial
Regions Targeted: Argentina
Related Families: VNCSpy
Executive Summary
PromptSpy is the first documented Android malware family to integrate generative AI, specifically Google's Gemini, into its execution flow for dynamic, context-aware persistence. Primarily functioning as a remote access trojan with a built-in VNC module, this malware demonstrates how large language models can enhance adaptability in mobile threats, particularly for UI manipulation resistant to device variations.
Verticals Targeted: Cryptocurrency, Corporations, Social Media, Finance, Developers
Regions Targeted: Not Specified
Related Families: Trojan/OpenClaw.PolySkill, Atomic Stealer (AMOS)
Executive Summary
Threat actors conducted a widespread supply chain poisoning operation, named ClawHavoc, by uploading hundreds of malicious Skills to the ClawHub marketplace for the OpenClaw AI agent framework, employing social engineering to induce users to execute payloads that install information stealers and backdoors. The campaign leverages over 900 malicious skills to target high-value users across cryptocurrency, productivity, and social media categories to steal credentials, wallet data, and bot configurations.
Verticals Targeted: Financial, Government
Regions Targeted: Southern Europe
Related Families: None
Executive Summary
Massiv represents an emerging Android banking Trojan family capable of overlay-based credential theft, keylogging, message interception, and full device takeover via remote control features, enabling fraudulent transactions and account manipulations. Distributed primarily through fake IPTV applications sideloaded outside official stores, it has facilitated confirmed fraud in southern Europe, particularly exploiting Portuguese government digital identity tools for bypassing security verifications.
Verticals Targeted: Cryptocurrency, Financial
Regions Targeted: Not specified
Related Families: SUGARLOADER, WAVESHAPER, HYPERCALL, HIDDENCALL, SILENCELIFT, DEEPBREATH, CHROMEPUSH