Verticals Targeted: Food & Beverage
Regions Targeted: Southeast Asia
Related Families: Inc
Verticals Targeted: Government, Policy-Focused Organizations
Regions Targeted: US
Related Families: None
Executive Summary
China nexus threat actors launched a targeted espionage campaign against US government and policy-related entities, delivering a custom backdoor named LOTUSLITE via politically themed spear-phishing lures centered on US-Venezuela relations. The campaign prioritizes reliable espionage capabilities over technical sophistication, with moderate-confidence attribution to Mustang Panda based on shared delivery patterns, infrastructure, and operational behaviors.
Verticals Targeted: None specified
Regions Targeted: None specified
Related Families: None
Executive Summary
SolyxImmortal is a Python-based information-stealing malware that functions as a persistent implant on Windows systems. It combines multiple surveillance capabilities into a single continuously running process. Collected data stages locally, compresses, and exfiltrates to Discord webhooks using HTTPS, with cleanup to reduce forensic traces while maintaining long-term access.
Verticals Targeted: None confirmed
Regions Targeted: None confirmed
Related Families: None
Executive Summary
VoidLink represents an advanced, modular Linux malware framework developed with apparent Chinese affiliation, emphasizing cloud and container environments for stealthy, persistent access. Designed as a comprehensive post-exploitation tool with adaptive evasion and a plugin-based architecture, it remains in active development with no observed real-world deployments to date.
Verticals Targeted: Diplomatic, Maritime, Financial, Telecom
Regions Targeted: Middle East
Related Families: Archer RAT / RUSTRIC
Executive Summary
A spear-phishing campaign linked to the Muddy Water APT group was observed deploying a new Rust-based implant called RustyWater against organizations in the Middle East. This evolution from legacy PowerShell and VBS tooling introduces enhanced modularity, anti-analysis features, and asynchronous command-and-control capabilities.
Verticals Targeted: Government, Academia
Regions Targeted: India
Related Families: None
Executive Summary
APT36, also known as Transparent Tribe, a Pakistan-aligned threat actor, has launched a targeted cyber espionage campaign against Indian governmental, academic, and strategic entities using sophisticated deception techniques. The operation delivers a multi-stage Remote Access Trojan (RAT) through a weaponized LNK file disguised as a PDF, enabling persistent access, surveillance, and data exfiltration with minimal detection risk. The campaign has targeted government, academic, and strategic entities in India.
Verticals Targeted: Consumer Electronics, Residential Networks
Regions Targeted: Brazil, India, United States, Vietnam, Saudi Arabia, Russia, Argentina, South Africa, Philippines, Mexico, Thailand, Indonesia, Morocco, Turkey, Iraq, Pakistan, China
Related Families: Aisuru
Executive Summary
Security researchers have detailed the Kimwolf botnet, a massive Android-based network exceeding 1.8 million infected devices, primarily TV boxes, enabling DDoS attacks, proxy services, and other malicious activities through exploitation of residential proxy networks and device vulnerabilities. This threat demonstrates rapid growth and resilience, leveraging advanced evasion techniques to maintain control and monetize infections.
Verticals Targeted: Multiple
Regions Targeted: Multiple
Related Families: Cl0p, Qilin, SocGholish, Akira, AsyncRAT, LummaStealer, RedLineStealer, VShell
Executive Summary
PolySwarm's 2025 Year in Review spotlights resilient malware that dominated the threat landscape and nation-state espionage from the Big Four. React2Shell (CVE-2025-55182) emerged as the top vulnerability, while AI-driven attacks defined the year's paradigm shift.