Verticals Targeted: Government
Regions Targeted: Middle East, North Africa
Related Families: Phoenix, FakeUpdate
Verticals Targeted: NGOs, Policy Advisors, Dissidents
Regions Targeted: Not Specified
Related Families: LOSTKEYS, COLDCOPY, YESROBOT, MAYBEROBOT
Executive Summary
Industry researchers have identified new malware families, including NOROBOT, YESROBOT, and MAYBEROBOT, deployed by the Russian state-sponsored group COLDRIVER, targeting high-value individuals in NGOs, policy advisors, and dissidents. This rapid retooling, observed after the May 2025 disclosure of LOSTKEYS, showcases COLDRIVER’s evolving tactics to evade detection while maintaining aggressive intelligence collection.
Verticals Targeted: Telecommunications
Regions Targeted: Europe
Related Families: SNAPPYBEE (Deed RAT)
Executive Summary
Salt Typhoon, a China-linked advanced persistent threat (APT) group, has been targeting global critical infrastructure using sophisticated tactics like DLL sideloading and zero-day exploits. Recent activity targeted a European telecommunications entity.
Verticals Targeted: Not specified
Regions Targeted: Sri Lanka
Related Families: BeaverTail, OtterCookie, InvisibleFerret
Executive Summary
Famous Chollima, a DPRK-aligned threat group, has evolved its arsenal, with BeaverTail and OtterCookie increasingly merging functionalities to steal credentials and cryptocurrency via deceptive job offers. A recent campaign involved a trojanized Node.js application distributed through a malicious NPM package, highlighting the group's adaptation in delivery methods.
Verticals Targeted: Financial
Regions Targeted: Asia
Related Families: Fog Ransomware
Executive Summary
AdaptixC2, an open-source command-and-control framework, has emerged as a potent tool for threat actors, enabling file manipulation, data exfiltration, and covert network communication in attacks. Its modular design and AI-assisted deployment methods underscore the need for robust defenses to counter its evolving tactics.
Verticals Targeted: None specified
Regions Targeted: Russia
Related Families: None
Executive Summary
ClayRAT, a sophisticated Android spyware campaign targeting Russian users, leverages Telegram channels and phishing sites to distribute malicious APKs disguised as popular apps. Its rapid evolution, extensive surveillance capabilities, and self-propagation via SMS make it a significant threat to mobile security.
Verticals Targeted: Real Estate, Insurance, Energy, Manufacturing, Legal Services, Healthcare, Construction, Retail, Agriculture, Finance, Business Services, Transportation, Software, Hospitality, Government, Telecommunications
Regions Targeted: US, Europe, South America, Australia, Canada, India, Africa
Executive Summary
A surge in Akira ransomware attacks since July 2025 exploits SonicWall VPNs via CVE-2024-40766, enabling rapid credential-based intrusions with dwell times as short as 55 minutes. Threat actors leverage stolen credentials, bypass MFA, and deploy tools such as Impacket and WinRAR for lateral movement and data exfiltration, targeting organizations across various sectors.
Verticals Targeted: Legal Services, Software, Business Services, Technology
Regions Targeted: US
Related Families: BRICKSTEAL, SLAYSTYLE