Verticals Targeted: Government, Scientific Research, Manufacturing, Retail, Education
Regions Targeted: Russia, Belarus, Thailand, Brazil, Turkey, Spain, Germany, France, Italy, China
Related Families: QUIC RAT
Executive Summary
65% of organizations report experiencing at least one AI agent-related security incident in the past year. That’s not a projection. It’s a warning about the future. And it’s already happening.
Verticals Targeted: Healthcare
Regions Targeted: US, Global
Related Families & Threat Actors: Lynx, ANUBIS, Rhysida, LockBit, ALPHV/BlackCat, Qilin, Medusa, The Gentleman, Payload, NetRunner, Genesis, ShinyHunters, Pay2Key, Handala
Executive Summary
Healthcare remains the most targeted critical infrastructure sector for cyberattacks, driven by ransomware, large-scale data theft, and increasing geopolitical activity. In 2026, threat activity reflects a convergence of ransomware operators, data extortion groups, and Iran-linked cyber operations, significantly increasing risk to healthcare delivery, patient safety, and supply chain stability.
Verticals Targeted: Aviation, Aerospace
Regions Targeted: US, Global
Related Threat Actors: Scattered Spider, Refined Kitten, Wicked Panda, Fancy Bear
Related Families: Qilin, LockBit, Cl0p
Executive Summary
Cyber risk in the aviation and aerospace sector is evolving toward ransomware, identity-based intrusion, platform-level disruption, and potential impacts to navigation and satellite-dependent services. Recent reporting on airport disruption in April 2026, combined with the confirmed 2025 Collins Aerospace/MUSE ransomware incident, shows how cyber incidents can rapidly affect passenger processing, baggage handling, scheduling, and broader aviation continuity.
Verticals Targeted: Enterprise Networks
Regions Targeted: US, UK, Germany
Related Families: SystemBC, Cobalt Strike
Executive Summary
The Gentlemen ransomware-as-a-service (RaaS) operation has rapidly scaled in early 2026, leveraging multi-platform encryption capabilities and enterprise-focused intrusion techniques. Recent DFIR analysis shows affiliates using tools such as SystemBC and Cobalt Strike to establish covert access, pivot laterally, and deploy ransomware at scale via Group Policy, enabling rapid domain-wide encryption events. The Gentlemen has been observed targeting enterprise networks primarily in the US, UK, and Germany.
Verticals Targeted: Water, Critical Infrastructure
Regions Targeted: Israel
Executive Summary
ZionSiphon is an OT-focused malware sample designed to identify and interact with water treatment and desalination environments. It was used to target water treatment systems in Israel. Although the analyzed version appears partially non-functional, it demonstrates ICS-aware targeting, industrial protocol interaction, and politically motivated intent. The sample provides insight into evolving adversary interest in manipulating systems that underpin critical infrastructure operations.
Verticals Targeted: Critical Infrastructure, ONG, Electricity, Water, Government
Regions Targeted: US
Related Threat Actors: CyberAv3ngers, Static Kitten, Refined Kitten, Helix Kitten, Banished Kitten
Executive Summary
A joint US government advisory confirmed that Iran-affiliated cyber actors are actively exploiting internet-facing industrial control systems, particularly Rockwell Automation/Allen-Bradley PLCs, across US critical infrastructure. The activity has resulted in operational disruption, manipulation of HMI/SCADA data, and financial loss in sectors including water, energy, and government facilities. The campaign reflects a continuation of Iran’s established OT targeting playbook, prioritizing exposed industrial assets over sophisticated intrusion chains. Recent activity indicates a shift from defacement and signaling toward direct process interference, increasing the risk of real-world operational impact during periods of geopolitical tension.
Verticals Targeted: Cryptocurrency, Gaming, Social Messaging, Enterprise Systems
Regions Targeted: Russia
Related Families: WebRAT (aka Salat Stealer)