Verticals Targeted: Government
Regions Targeted: Not specified
Related Families: VOLDEMORT, DUSTTRAP
Verticals Targeted: Government, Utilities
Regions Targeted: US
Related Families: TetraLoader, Cobalt Strike, VShell, AntSword, chinatso/Chopper, Behinder
Verticals Targeted: Finance, Construction, Manufacturing, Technology
Regions Targeted: US, UK, Canada
Related Families: Cobalt Strike, Meterpreter
Verticals Targeted: Government, Defense
Regions Targeted: Ukraine, Bulgaria, Romania, Africa, EU, South America
Related Families: None specified
Executive Summary
Operation RoundPress, a Russia-aligned cyberespionage campaign attributed to Fancy Bear, deploys SpyPress malware via cross-site scripting (XSS) vulnerabilities to steal sensitive email data from high-value webmail servers. Active since 2023 and expanding in 2024, the campaign primarily targets Ukrainian government entities and Eastern European defense contractors, exploiting zero-day and known vulnerabilities across platforms like Roundcube, Horde, MDaemon, and Zimbra.
Verticals Targeted: NGOs, Diplomats, Government
Regions Targeted: Western countries, Eastern Europe, Ukraine
Related Families: Spica
Executive Summary
Star Blizzard, a Russian state-sponsored threat actor, has deployed a malware family named LOSTKEYS to steal sensitive documents and system information from NGOs, diplomats, and government officials in Western countries and Eastern Europe.
Verticals Targeted: E-commerce
Regions Targeted: Not specified
Related Families: None identified
Executive Summary
PupkinStealer, a .NET-based infostealer written in C#, targets sensitive data such as browser credentials and desktop files, exfiltrating it via Telegram’s Bot API. First observed in April 2025, its simplicity and reliance on legitimate platforms make it a notable threat.
Related Families: Amadey