Verticals Targeted: Critical Infrastructure, ONG, Electricity, Water, Government
Regions Targeted: US
Related Threat Actors: CyberAv3ngers, Static Kitten, Refined Kitten, Helix Kitten, Banished Kitten
A joint US government advisory confirmed that Iran-affiliated cyber actors are actively exploiting internet-facing industrial control systems, particularly Rockwell Automation/Allen-Bradley PLCs, across US critical infrastructure. The activity has resulted in operational disruption, manipulation of HMI/SCADA data, and financial loss in sectors including water, energy, and government facilities. The campaign reflects a continuation of Iran’s established OT targeting playbook, prioritizing exposed industrial assets over sophisticated intrusion chains. Recent activity indicates a shift from defacement and signaling toward direct process interference, increasing the risk of real-world operational impact during periods of geopolitical tension.
Verticals Targeted: Cryptocurrency, Gaming, Social Messaging, Enterprise Systems
Regions Targeted: Russia
Related Families: WebRAT (aka Salat Stealer)
Executive Summary
CrystalX RAT is a newly identified malware-as-a-service (MaaS) platform combining traditional remote access, credential theft, and surveillance capabilities with disruptive prankware features, signaling a shift toward multi-purpose, user-impacting cybercrime tooling. It has been observed targeting consumer endpoints, cryptocurrency users, gaming and messaging platforms, and general enterprise users across Russia, with the potential for global reach.
Verticals Targeted: Healthcare
Regions Targeted: US
Executive Summary
Iran-linked cyber threats have elevated risk across the US healthcare sector, driven by the disruptive March 11 attack on Stryker, increased geopolitical tensions, and explicit warning signals from government and industry. A CISA acting director threat brief identifies healthcare as an actively targeted and highly exposed civilian sector, while vendor reporting links recent disruptive activity to MOIS-affiliated actors operating under personas such as Handala. Although widespread direct intrusions into hospitals have not been publicly confirmed, the convergence of supplier disruption, proxy activity, and sector vulnerabilities creates a credible near-term threat environment for healthcare entities and their supporting ecosystem.
Verticals Targeted: Software, Technology, Cloud, Enterprise IT environments
Regions Targeted: Global
Related Families: WAVESHAPER.V2
Executive Summary
A supply chain compromise of the widely used Axios npm package introduced a malicious dependency delivering cross-platform remote access trojans, now linked with high confidence to a North Korea–aligned threat cluster UNC1069. The campaign leveraged maintainer account takeover, npm publishing abuse, and install-time execution to target developer environments and CI/CD pipelines during a short but high-risk exposure window.
Verticals Targeted: Semiconductors, Artificial Intelligence, Cloud, Biotechnology, Healthcare, Critical Infrastructure, Telecommunications, Aerospace, Defense
Regions Targeted: US, Taiwan, Japan, South Korea, UK, Germany, France, Israel, Singapore, Australia
Related Families: CanisterWorm
Executive Summary
Using PolySwarm’s knowledge graph, PolyKG, PolySwarm analysts have identified previously unreported OilRig activity leveraging a stolen Entrust Extended Validation (EV) code signing certificate issued to Thai IT vendor MOSCII Corporation. The certificate was used to sign multiple malware samples, including the Karkoff backdoor, alongside additional undetected payloads with minimal antivirus coverage. The use of a legitimate vendor certificate and EGAT-themed naming potentially suggests a supply chain intrusion targeting Thailand’s energy sector. This activity highlights a continued evolution in OilRig tradecraft, combining trusted infrastructure abuse with low-detection tooling to enable stealthy, persistent access.
Verticals Targeted: Defense
Regions Targeted: Southeast Asia
Related Families: AppleChris, MemFun, Getpass
Executive Summary