Verticals Targeted: Government Regions Targeted: Middle East, North Africa Related Families: Phoenix, FakeUpdate Executive Summary A sophisticated phishing operation has been attributed to the Iran-linked APT MuddyWater, deploying an updated Phoenix backdoor to conduct espionage against government and international entities. The campaign leverages compromised mailboxes and macro-enabled Word documents to deliver custom injectors and persistence mechanisms, highlighting the group's reliance on...| PolySwarm Main Blog
Verticals Targeted: Telecommunications Regions Targeted: Europe Related Families: SNAPPYBEE (Deed RAT) Executive Summary Salt Typhoon, a China-linked advanced persistent threat (APT) group, has been targeting global critical infrastructure using sophisticated tactics like DLL sideloading and zero-day exploits. Recent activity targeted a European telecommunications entity.| PolySwarm Main Blog
The attacks, which involved fake job offers as a social engineering lure, were likely aimed at stealing proprietary information about drone manufacturing, ESET said in a report. The post North Korea’s Lazarus group attacked three companies involved in drone development appeared first on CyberScoop.| CyberScoop
Salt Typhoon is a Chinese state-sponsored cyber threat group aligned with the Ministry of State Security (MSS), specializing in long-term espionage operations targeting global telecommunications infrastructure. Active since at least 2019, Salt Typhoon has demonstrated advanced capabilities in exploiting network edge devices, establishing deep persistence, and harvesting sensitive communications metadata, VoIP configurations, lawful intercept data, and subscriber profiles from telecom provider...| DomainTools Investigations | DTI
This report on cybercrime, hacktivist and APT groups targeting primarily Russian organizations provides an analysis and comparison of their TTPs and divides them into three clusters.| securelist.com
In 2024, threat actors exploited 75 zero-days - i.e., unknown vulnerabilities without an available patch - in a wide variety of attacks.| Help Net Security
In the first timeline of March 2025, I collected 127 events with a threat landscape dominated by malware and ransomware...| HACKMAGEDDON
After the cyber attacks timelines, it’s time to publish the statistics for February 2025 where I collected and analyzed 231 events. In February 2025, Cyber Crime continued to lead the Motivations chart with 64% down from 75%, of February. Operations driven by Cyber Espionage ranked at number two with 20%, an important increase from 12% and once again ahead of Hacktivism slightly down to 3% from 4%. Only a single event was attributed to Cyber Warfare that closes the chart.| HACKMAGEDDON
In the second timeline of February 2025, I collected 116 events (8.92 events/day) with a threat landscape dominated by malware with 29%, a value very close to 30% of the previous timeline, ahead of ransomware, back at number two with 21%, from 8% of the previous fortnight, and targeted attacks with 17%, very close to 16% of H1.| HACKMAGEDDON
In the first timeline of February 2025, I collected 115 events (7.67 events/day) with a threat landscape dominated by malware with 30%, the same value of the previous timeline.| HACKMAGEDDON
After the cyber attacks timelines, it’s time to publish the statistics for January 2025 where I collected and analyzed 216 events.In January 2025, Cyber Crime continued to lead the Motivations chart.| HACKMAGEDDON
In the second timeline of January 2025, I collected 107 events with a threat landscape dominated by malware with 30%, up from 18% of the previous timeline, and very close to the values of December 2024, ahead of ransomware with 19%.| HACKMAGEDDON
In the first timeline of January 2025, I collected 109 events with a threat landscape dominated by malware with 18%, down from 33% of the previous timeline, and once again ahead of account takeovers with 17% (it was 20% in the previous timeline), and ransomware with 14%.| HACKMAGEDDON
I aggregated the statistics created from the cyber attacks timelines published in Q4 2024. In this period, I collected a total of 694 events dominated by Cyber Crime with 70%, slightly up from 65.5% of Q3.| HACKMAGEDDON
After the cyber attacks timelines, it’s time to publish the statistics for December 2024 where I collected and analyzed 209 events primarily driven by Cyber Crime.| HACKMAGEDDON
Kaspersky researchers analyze EAGERBEE backdoor modules, revealing a possible connection to the CoughingDown APT actor.| securelist.com
Mandiant says the primary motive for the operation appears to be helping the Iranian government identify Iranians who may cooperate with Israel.| CyberScoop
Learn about the advanced capabilities and tactics of APT44. Find out how they execute cyber espionage and protect your network.| Govindhtech
Kaspersky analysis of the backdoor recently found in XZ, which is used in many popular Linux distributions and in OpenSSH server process.| securelist.com
