Strontium is a apt_group tracked across 7 threat clusters and 11 intelligence report mentions on ThreatCluster. First observed February 3, 2026; most recent activity May 14, 2026.
Russian state-backed hackers from APT28 are actively exploiting a high-severity stored cross-site scripting vulnerability (CVE-2025-66376) in the Zimbra Collaboration Suite (ZCS) to target Ukrainian government entities.…
A Russian state-linked advanced persistent threat (APT) has targeted a Ukrainian government agency through a cross-site scripting (XSS) vulnerability in the Zimbra Collaboration Suite, identified as CVE-2025-66376. The…
Russian cyber group APT28, also known as Fancy Bear, has been exploiting vulnerabilities in TP-Link and MikroTik routers to conduct large-scale DNS hijacking operations. This campaign, which has affected over 18,000…
The Belarus-aligned cyber group FrostyNeighbor has launched a targeted campaign against government organizations in Ukraine and Poland since March 2026. Utilizing spearphishing techniques, the group delivers malicious…
APT28, a Russian threat actor, has reactivated its malware development team and deployed a modern espionage toolkit that includes a customized version of the Covenant open-source tool. This resurgence indicates a…
APT28, a Russia-linked advanced persistent threat group, conducted a cyberespionage campaign named Operation MacroMaze from September 2025 to January 2026. The campaign involved deploying macro malware embedded in…
CERT-UA has reported a new wave of cyberattacks targeting Ukrainian government agencies and EU organizations, exploiting the Microsoft Office vulnerability CVE-2026-21509. Attackers are using malicious emails disguised…