Forest Blizzard is a apt_group tracked across 11 threat clusters and 30 intelligence report mentions on ThreatCluster. First observed December 17, 2025; most recent activity July 14, 2026.
The FBI and partners disrupted a covert network of compromised TP-Link and MikroTik routers exploited by the Russian GRU (APT28) to steal Outlook credentials. This operation, known as Operation Masquerade, revealed that…
A joint advisory from 21 global cybersecurity agencies warns that Russian state hackers from the FSB's Center 16 are exploiting poorly configured routers to infiltrate critical infrastructure networks worldwide. The…
The European Union has condemned and sanctioned Russia for a prolonged cyber espionage campaign targeting its member states. The campaign, orchestrated by the 16th Centre of the FSB, has involved infiltrating government…
Russian cyber group APT28, also known as Fancy Bear, has been exploiting vulnerabilities in TP-Link and MikroTik routers to conduct large-scale DNS hijacking operations. This campaign, which has affected over 18,000…
ESET's latest APT Activity Report reveals that from October 2025 to March 2026, China-aligned threat actors engaged in extensive espionage campaigns, particularly in Venezuela and the Gulf region. Following U.S.…
A Russian cyber campaign has been identified targeting Ukrainian organizations using new malware families, BadPaw and MeowMeow, delivered via phishing emails. The operation begins with emails containing links to ZIP…
Recent identity-based attacks have exploited vulnerabilities in authentication systems, targeting credentials and identity infrastructure. Notable incidents include the compromise of over 18,000 routers by APT28 to…
ESET researchers have identified the resurgence of the Sednit group, a notorious Russian cybercriminal organization, linked to the deployment of a keylogger named SlimAgent in Ukraine. This activity is traced back to a…
A series of fraudulent apps named CallPhantom were discovered on Google Play, promising access to call histories for any phone number. Users were tricked into paying for subscriptions, only to receive fabricated data.…
Between February and September 2025, BlueDelta, a Russian state-sponsored group, conducted multiple credential-harvesting campaigns. These operations targeted users of UKR.NET, a popular Ukrainian webmail and news…