Advertisement

China-Linked APT Targets Southeast Asia Critical Systems with New Backdoor
A China-linked APT group has compromised ten organizations, including state-owned entities in Southeast Asia, deploying a new backdoor. Defenders must prioritize C2

Mustang Panda Exploits Zoho WorkDrive for C2 in Indian Govt Attacks
Mustang Panda, a China-aligned APT, targets Indian government and hydropower entities, leveraging Zoho WorkDrive as a C2 channel and deploying new malware.
Turla APT Deploys StockStay Backdoor in Ukraine Espionage Campaign
Russian APT Turla targets Ukrainian government and military entities with the custom StockStay backdoor for persistent access and cyber espionage.

Turla Deploys New STOCKSTAY Backdoor in Ukraine Espionage Operations
Google identifies STOCKSTAY, a new .NET backdoor by Russian actor Turla targeting Ukrainian military and Italian foreign policy interests via Windows systems.
UNC6508 Targets REDCap Servers: Espionage via INFINITERED Malware
PRC-nexus threat actor UNC6508 exploits REDCap servers in North America's medical and military research sectors, deploying INFINITERED malware for long-term espionage

China-Nexus Actor: Year-Long Espionage Against US Researchers
A China-nexus actor spied on US researchers for a year, stealing RedCAP credentials and exfiltrating sensitive data from numerous institutions, discovered by Google.
China-Linked Espionage Targets REDCap Servers, Stealing Medical Data
China-linked threat actors breached exposed REDCap servers, deploying InfiniteRed malware to steal sensitive medical research from a North American institution.
China's Strategic Threat: Analyzing the 2026 Tech Landscape
Analysis of China-linked cyber espionage trends and the strategic targeting of global technology sectors driven by the 15th Five-Year Plan.
Chinese APT UNC5221 Deploys New Malware for M365 Persistence
Chinese APT UNC5221 leverages new malware, Plenet and AgentPSD, alongside Brickstorm backdoor to maintain persistent access in compromised Microsoft 365 environments for

OP-512: Analyzing the Custom Web Shell Framework Targeting Microsoft IIS
Security researchers have identified OP-512, a China-nexus threat cluster targeting Microsoft IIS servers with a bespoke web shell framework for espionage.

Handala Brand Evolution: Iran MOIS Shifts to Hybrid Physical Attacks
Iran’s MOIS expands the Handala brand into hybrid operations, combining cyber espionage with physical sabotage targeting U.S. and Israeli interests.

FrostyNeighbor APT Targets Poland/Ukraine Gov with Spear-Phishing
Belarussian APT 'FrostyNeighbor' is deploying spear-phishing campaigns against Polish and Ukrainian government entities after unique victim fingerprinting, aiming for