UNC1549 Recently, Mandiant released a research report on UNC1549, a suspected Iranian threat actor targeting the aerospace, aviation, and defense sectors in the Middle East, particularly Israel and the UAE. UNC1549 has been active since at least June 2022 and continues to operate as of February …

A recent leak of internal documents GitHub from a Chinese spyware vendor has exposed the extent of their capabilities and products. The documents, which were posted on GitHub by an unknown source, reveal a range of spyware tools that target various platforms, including Windows, Mac, Linux, iOS, …

ESET researchers have identified twelve Android espionage apps that share the same malicious code. All the observed applications were advertised as messaging tools apart from one that posed as a news app. In the background, these apps covertly execute remote access trojan code called VajraSpy, used …

Cluster25 Threat Intel Team has uncovered a sophisticated cyber espionage campaign targeting Russian opposition and entities critical of the Russian government. Dubbed “The Bear and The Shell,” this operation is linked to a Russian APT group, employing highly advanced techniques to …

SecurityScorecard Threat Research has produced a report that reveals how a Chinese state-sponsored group, known as Volt Typhoon, compromised about 30% of Cisco RV320/325 devices in 37 days, using a botnet of end-of-life small office and home office (SOHO) equipment. Who is Volt Typhoon and what do …

A recent blog post by Hunt & Hackett reveals the details of a series of cyberattacks in the Netherlands, attributed to a Turkish state-sponsored threat actor known as Sea Turtle. The research provides valuable insights into the group’s motivations, targets, tactics, techniques, and …