Executive Summary EclecticIQ analysts assess with high confidence that ShinyHunters is expanding its operations by combining AI-enabled voice phishing, supply chain compromises, and leveraging malicious insiders, such as employees or contractors, who can provide direct access to enterprise networks.| EclecticIQ Blog
Executive summary On June 2, 2025, EclecticIQ analysts observed the emergence of GLOBAL GROUP, a new Ransomware-as-a-Service (RaaS) brand promoted on the Ramp4u forum by the threat actor known as “$$$”. The same actor controls the Black Lock RaaS [1] and previously managed Mamona [2] ransomware operations. GLOBAL GROUP targets a wide range of sectors across the United States and Europe. EclecticIQ assesses with medium confidence that GLOBAL GROUP was likely established as a rebranding...| EclecticIQ Blog
Executive Summary On May 7, 2025, during the active military escalation between Pakistan and India—specifically in the context of India's military campaign 'Operation Sindoor'—, EclecticIQ analysts observed that Bitter APT (also known as TA397)[1] very likely targeted the Pakistan Telecommunication Company Limited (PTCL) workers[2] in a spear phishing campaign very likely to deliver malware. Analysts assess that, Bitter APT is very likely a South Asian state-sponsored actor, conducting cy...| EclecticIQ Blog
Executive Summary On Thursday, May 15, 2025, Ivanti disclosed two critical vulnerabilities - CVE-2025-4427 and CVE-2025-4428 - affecting Ivanti Endpoint Manager Mobile (EPMM) version 12.5.0.0 and earlier. [1] These vulnerabilities can be chained to achieve unauthenticated remote code execution (RCE) on exposed systems.| EclecticIQ Blog
Executive Summary EclecticIQ analysts assess with high confidence that on May 11, 2025, pro-Kremlin disinformation group Storm-1516 [1] amplified a fabricated story on X, falsely claiming European leaders used drugs while traveling by train to Kyiv for peace talks, aiming to undermine the European support for Ukraine [2]. Independent fact-checkers quickly debunked the false rumour, which was based on a photo of a paper napkin likely deliberately misidentified as a “bag of cocaine.”[3]| EclecticIQ Blog
Sandworm APT targets Ukrainian users with Trojanized Microsoft KMS tools for cyber espionage, leveraging pirated software to exfiltrate sensitive data and compromise critical infrastructure.| blog.eclecticiq.com
EclecticIQ analysts discovered ransomware operations by SCATTERED SPIDER targeting cloud infrastructures within the insurance and financial sectors.| blog.eclecticiq.com
EclecticIQ analysts discovered phishing campaigns targeting financial institutions driven by a Phishing-as-a-Service (PhaaS) platform called ONNX Store.| blog.eclecticiq.com
