T1566 - Spearphishing is a mitre_attack tracked across 36 threat clusters and 40 intelligence report mentions on ThreatCluster. First observed October 29, 2025; most recent activity January 30, 2026.
T1566, Spearphishing, is a MITRE ATT&CK technique in which attackers target specific individuals or organizations with crafted emails containing links or attachments to steal credentials or deploy malware. It remains a primary initial access vector across ransomware, espionage, and APT campaigns, with evolving variants such as quishing (QR code-based phishing) that exploit messaging channels beyond traditional attachments.
The Akira ransomware group has been identified as a significant threat to critical infrastructure, with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI warning of its active ransomware…
The Russian state-backed hacking group Sandworm has intensified its operations against Ukrainian organizations by deploying data-wiping malware. This campaign targets critical sectors, including the grain industry, and…
The Prince of Persia APT, also known as APT-C-07, has been active since 2007 and is linked to Iranian cyber-espionage efforts. This group employs various malware families, including Infy, Foudre, and Tonnerre, to target…
The Russian state-backed hacker group Sandworm has launched a campaign using data-wiping malware against Ukrainian organizations, particularly focusing on the grain sector. This attack aims to disrupt critical…
In September 2025, advanced persistent threat actors from Pakistan launched coordinated cyberattacks against Indian government organizations using the GOGITTER tool and GITSHELLPAD malware. This campaign, known as…
An operational security failure by the INC ransomware gang allowed researchers to recover data stolen from twelve U.S. organizations. Cyber Centaurs, a digital forensics firm, discovered the gang's cloud storage…
APT24, a China-linked hacking group, has been utilizing a previously undocumented malware named BadAudio in a three-year espionage campaign. This malware has been delivered through various methods, including…
The FBI has issued a warning regarding the North Korea-linked APT group Kimsuky, which is conducting quishing attacks targeting governments, think tanks, and academic institutions. These attacks involve spear-phishing…
Higher education institutions are facing significant cybersecurity threats, including ransomware, phishing, and data breaches. These challenges are exacerbated by the shift to digital learning and insufficient budgets,…
Between December 25–28, 2025, a threat actor executed a scanning campaign targeting internet-facing systems, testing over 240 different exploits. This operation, linked to CTG Server Limited, aimed to identify and…