PSExec is a tool tracked across 18 threat clusters and 28 intelligence report mentions on ThreatCluster. First observed November 10, 2025; most recent activity July 18, 2026.
PSExec is a Windows Sysinternals utility that enables remote command execution on Windows hosts. While legitimate for administrative tasks, it is frequently abused by threat actors to move laterally, deploy payloads, and automate post-compromise actions. Its capability to run processes remotely with elevated privileges makes it a significant tool in breach campaigns and incident response challenges.
Operation Escaneo is a coordinated cyberattack attributed to the MexicanMafia group, targeting critical infrastructure across Latin America, primarily Mexico. The campaign, which spanned from 2025 to 2026, utilized…
FamousSparrow, a China-aligned APT group, launched a multi-wave cyberespionage campaign against an Azerbaijani oil and gas company from late December 2025 to February 2026. The attackers employed an evolved DLL…
The Cloud Atlas APT group has been observed employing a sophisticated cyber espionage campaign targeting government and commercial entities in Russia and Belarus. This campaign, active since 2025 and continuing into…
Cloud Atlas, an advanced persistent threat group, has intensified its cyberespionage activities against government and commercial entities in Russia and Belarus since late 2025. The group employs phishing emails…
In 2026, Iranian APT groups, notably Cavern Manticore and OilRig, have intensified cyber operations against Israeli organizations, primarily in the IT and government sectors. Cavern Manticore employs a modular…
The Warlock ransomware group, also known as Water Manaul, has escalated its attack methods by exploiting unpatched Microsoft SharePoint servers and employing new tactics for persistence and lateral movement. Recent…
In June 2026, a new ransomware family named Spirals executed a double extortion attack against an IT services company in South Asia, completing the operation in under 24 hours. The attackers gained initial access by…
The Gentlemen ransomware, a Go-based RaaS, has been active since mid-2025 and employs aggressive propagation methods. It utilizes 21 remote execution techniques, including PsExec, WMIC, and PowerShell Remoting, to…
The GodDamn ransomware, a rebrand of the Beast and Monster strains, has emerged as a significant threat, primarily targeting American organizations across various sectors. The threat group Hyadina utilized a malicious…
LeakNet, a ransomware group, has adopted new tactics involving ClickFix social engineering and a Deno-based fileless loader. This shift allows them to gain initial access through compromised websites, prompting users to…