Telegram is a technology platform tracked across 50 threat clusters and 507 intelligence report mentions on ThreatCluster. First observed October 29, 2025; most recent activity July 17, 2026.
Gamaredon, a Russian state-backed APT group, is actively exploiting a WinRAR vulnerability (CVE-2025-8088) to deploy malware against Ukrainian government and military targets. The attack begins with a spearphishing…
The GhostShell malware cluster is actively targeting Ukraine’s UAV operations and defense supply chain. Utilizing advanced techniques such as mTLS-authenticated implants and Telegram-based loaders, the attackers gain…
On June 25, 2026, Ukraine's Security Service (SBU) and the FBI announced a coordinated cyber campaign by Russian intelligence targeting messaging accounts of officials, military personnel, politicians, and activists in…
Two Russia-aligned cyber campaigns are exploiting the WinRAR vulnerability CVE-2025-8088 against Ukrainian targets nearly a year after it was patched. The flaw, a path traversal vulnerability, allows attackers to write…
The Gamaredon group, a Russian-aligned APT, has significantly upgraded its cyber capabilities in 2025, focusing on spear-phishing campaigns against Ukrainian targets. ESET Research reports that Gamaredon conducted 35…
The European Union has condemned and sanctioned Russia for a prolonged cyber espionage campaign targeting its member states. The campaign, orchestrated by the 16th Centre of the FSB, has involved infiltrating government…
The Lazarus Group, a North Korea-linked cybercrime organization, has intensified its operations against financial and cryptocurrency sectors using a sophisticated fileless Remote Access Trojan (RAT) called RemotePE.…
The FBI has issued a warning regarding Iranian cyber actors deploying malware through the Telegram messaging app to target dissidents, journalists, and opposition figures globally. This operation, attributed to Iran's…
The FBI has seized two websites linked to the Iranian hacktivist group Handala following their cyberattack on Stryker Corporation, a U.S. medical technology firm. The attack, which occurred on March 11, 2026, involved…
The UK government has sanctioned Xinbi, a Chinese cryptocurrency marketplace, for its role in facilitating large-scale online scams and human trafficking in Southeast Asia. Xinbi is accused of processing over $19.7…