T1113 - Screen Capture is a mitre_attack tracked across 49 threat clusters and 68 intelligence report mentions on ThreatCluster. First observed December 4, 2025; most recent activity July 16, 2026.
The Chinese-speaking threat group CL-STA-1062 has been actively deploying a new .NET backdoor named TinyRCT against government and critical energy infrastructure in Southeast Asia throughout 2025. This campaign utilizes…
Bauman Moscow State Technical University is revealed to host a secret department training students for the GRU, Russia's military intelligence. Leaked documents show that over 2,000 students have been trained in…
ESET researchers reported a supply-chain attack by the North Korean APT group ScarCruft, targeting a gaming platform in the Yanbian region of China. The attack, ongoing since late 2024, involved trojanizing both Windows…
A new malware named NarwhalRAT has been discovered targeting Korean users through phishing emails impersonating the Microsoft security team. The malware, linked to the North Korean hacking group APT37, can perform over…
A new Linux malware family named Showboat has been discovered, targeting telecommunications firms primarily in the Middle East and Central Asia since mid-2022. Researchers from Lumen's Black Lotus Labs and PwC…
In 2026, Iranian APT groups, notably Cavern Manticore and OilRig, have intensified cyber operations against Israeli organizations, primarily in the IT and government sectors. Cavern Manticore employs a modular…
In 2024, ESET identified a new China-aligned APT group named LongNosedGoblin, which targets governmental entities in Southeast Asia and Japan. The group employs a custom toolset, primarily using C#/.NET applications, to…
A Russian threat actor known as UAT-11795 has been deploying the Starland RAT and WLDR agent since June 2025, primarily targeting users in the U.S., Germany, Romania, and Venezuela. The group uses trojanized installers…
Microsoft's Threat Intelligence unit has issued a warning about a cyber campaign targeting cryptocurrency investors and software developers through compromised npm packages. The malware, embedded in two specific…
Microsoft has revealed GigaWiper, a destructive Windows backdoor that integrates components from three malware families, including Crucio and FlockWiper. This Golang-based malware is designed for post-initial access…