News • Insights • Analysis
In March 2025, we discovered Operation ForumTroll, a series of sophisticated cyberattacks exploiting the CVE-2025-2783 vulnerability in Google Chrome. Kaspersky researchers previously detailed the malicious implants used in the operation: the LeetAgent backdoor and the complex spyware Dante, developed by Read More …
Russia’s Main Intelligence Directorate (GRU) is behind a years-long campaign targeting energy, telecommunications, and tech providers, stealing credentials and compromising misconfigured devices hosted on AWS to give the Kremlin’s snoops persistent access to sensitive networks, according to Amazon’s security boss. Read More …
The French Interior Ministry has confirmed recently suffering a cyberattack, but the consequences are still being determined. The French Minister of Interior said the attack took place at night, between December 11 and December 12. Email servers were compromised, allowing Read More …
The North Korean hacking group Lazarus, affiliated with the Reconnaissance General Bureau, is strongly suspected to be behind a 4.45 billion Korean won hacking incident at the virtual asset exchange Upbit. It has been confirmed that Lazarus carried out at Read More …
In October and November 2025, campaigns targeting sectors such as energy, defence, pharmaceuticals, and cybersecurity shared characteristics with older campaigns attributed to Void Rabisuopen on a new tab (also known as ROMCOM, Tropical Scorpius, Storm-0978). Void Rabisu is known to Read More …
Threat actors frequently employ post-exploitation frameworks in cyberattacks to maintain control over compromised hosts and move laterally within the organization’s network. While they once favored closed-source frameworks, such as Cobalt Strike and Brute Ratel C4, open-source projects like Mythic, Sliver, Read More …
A security researcher specializing in tracking China threats claims two of Salt Typhoon’s members were former attendees of a training scheme run by Cisco. SentinelLabs’ Dakota Cary linked Yu Yang and Qiu Daibing, two alleged members of the Chinese state Read More …
An Iranian-aligned hacking group tracked as ‘MuddyWater’ has dramatically shifted tactics in attacks against Israeli and Egyptian critical infrastructure. Previous campaigns by the group, observed by ESET Research, were characteristically noisy in their tactics, techniques, and procedures (TTPs) making them Read More …
While tracking the activities of the Tomiris threat actor, Kaspersky researchers identified new malicious operations that began in early 2025. These attacks targeted foreign ministries, intergovernmental organizations, and government entities, demonstrating a focus on high-value political and diplomatic infrastructure. In Read More …
A hacking group believed to have ties to Iran has claimed responsibility for a massive cyberattack that exposed information linked to Australia’s $7 billion Land 400 defence program. The group, known as Cyber Toufan, says it accessed the data after Read More …