Verticals Targeted: Government, Diplomatic Organizations, Software Development
Regions Targeted: Indonesia, Taiwan, Hong Kong, Lebanon, Syria, Colombia, North Macedonia, Nepal, Serbia
Related Families: SharkLoader, Cobalt Strike
SharkLoader Emerges as Stealthy Cobalt Strike Delivery Framework
Jul 2, 2026 9:31:24 AM / by The Hivemind posted in Threat Bulletin, Cobalt Strike, malware loader, DLL sideloading, SharkLoader, StrikeShark
Mustang Panda’s LotusLite Backdoor
Jan 26, 2026 2:03:02 PM / by The Hivemind posted in Threat Bulletin, Mustang Panda, DLL sideloading, LOTUSLITE backdoor, espionage campaign, custom C++ implant, geopolitical lure, US government targeting
Verticals Targeted: Government, Policy-Focused Organizations
Regions Targeted: US
Related Families: None
Executive Summary
China nexus threat actors launched a targeted espionage campaign against US government and policy-related entities, delivering a custom backdoor named LOTUSLITE via politically themed spear-phishing lures centered on US-Venezuela relations. The campaign prioritizes reliable espionage capabilities over technical sophistication, with moderate-confidence attribution to Mustang Panda based on shared delivery patterns, infrastructure, and operational behaviors.
Salt Typhoon Targets European Telecom
Oct 28, 2025 12:48:06 PM / by The Hivemind posted in Threat Bulletin, Telecommunications, Salt Typhoon, DLL sideloading, zero-day exploits, SNAPPYBEE, Citrix NetScaler, cyber espionage
Verticals Targeted: Telecommunications
Regions Targeted: Europe
Related Families: SNAPPYBEE (Deed RAT)
Executive Summary
Salt Typhoon, a China-linked advanced persistent threat (APT) group, has been targeting global critical infrastructure using sophisticated tactics like DLL sideloading and zero-day exploits. Recent activity targeted a European telecommunications entity.
Nimbus Manticore’s Evolving Cyberespionage Campaign
Sep 29, 2025 2:53:45 PM / by The Hivemind posted in Threat Bulletin, Telecommunications, Spear Phishing, malware obfuscation, DLL sideloading, Iranian APT, Nimbus Manticore, MiniJunk, MiniBrowse, defense manufacturing
Verticals Targeted: Defense Manufacturing, Telecommunications, Aerospace
Regions Targeted: Western Europe, Middle East
Related Families: MiniJunk, MiniBrowse
Executive Summary
Nimbus Manticore, an Iranian APT group, has intensified its cyberespionage campaign targeting defense, telecommunications, and aerospace sectors in Western Europe and the Middle East, deploying advanced malware such as MiniJunk and MiniBrowse via sophisticated spear-phishing and DLL sideloading techniques. The group’s focus on stealth, obfuscation, and resilient infrastructure underscores its alignment with IRGC strategic priorities.
Charon Ransomware Targets Middle East
Aug 18, 2025 1:56:06 PM / by The Hivemind posted in Threat Bulletin, Emerging Threat, Charon ransomware, Earth Baxia, APT techniques, process injection, anti-EDR, DLL sideloading, Middle East cyber attacks, public sector malware, aviation industry threats, ransomware defense
Verticals Targeted: Public Sector, Aviation
Regions Targeted: Middle East
Related Families: None