T1027 - Obfuscated Files Or Information is a mitre_attack tracked across 50 threat clusters and 137 intelligence report mentions on ThreatCluster. First observed February 10, 2026; most recent activity July 17, 2026.
On June 18, 2026, international law enforcement agencies launched Operation Endgame, disrupting the SocGholish malware infrastructure linked to the Russian cybercrime group Evil Corp. The operation resulted in the…
A phishing campaign targeting Ukrainian government organizations has been attributed to the Belarus-aligned Ghostwriter group, also known as UAC-0057. The campaign involves sending emails with PDF attachments that lead…
From mid-2024 to early 2026, the Vietnam-aligned APT group OceanLotus has intensified its focus on domestic espionage, utilizing the SPECTRALVIPER backdoor in two major campaigns. The first campaign targeted a…
The Google Threat Intelligence Group (GTIG) reports that North Korean threat actor UNC5342 has adopted a new technique called EtherHiding to deliver malware and facilitate cryptocurrency theft. This method embeds…
On March 12, 2026, Zscaler ThreatLabz reported a campaign by the Tropic Trooper APT targeting Chinese-speaking individuals in Taiwan, Japan, and South Korea. The attack involved a malicious ZIP archive containing…
A new cyberespionage campaign has been identified, targeting Ukrainian organizations with a backdoor named DRILLAPP, attributed to Russian threat actors, specifically the Laundry Bear group. The campaign employs…
Void Dokkaebi, a North Korean threat actor, has escalated its malware distribution tactics by using fake job interviews to compromise software developers. This campaign, known as the 'Contagious Interview,' targets…
A months-long espionage campaign linked to the Chinese group Mustang Panda has been identified, utilizing an updated variant of the FDMTP backdoor. This campaign, tracked by Darktrace, began in late September 2025 and…
In 2026, Iranian APT groups, notably Cavern Manticore and OilRig, have intensified cyber operations against Israeli organizations, primarily in the IT and government sectors. Cavern Manticore employs a modular…
A malicious version of the Bitwarden CLI password manager was distributed via npm, affecting version 2026.4.0 for a brief window on April 22, 2026. The attack exploited a compromised GitHub Action in Bitwarden's CI/CD…