ALL POSTS

Key Findings Polish authorities have arrested a 47-year-old man accused of being an affiliate for the Phobos ransomware group. The suspect faces up to five years in prison for producing, obtaining, and sharing computer programs used to conduct cyberattacks. The arrest was part of a larger Europol-led operation called "Phobos Aetor" that targeted individuals involved with Phobos ransomware attacks. Background Phobos ransomware has claimed over 1,000 victims globally and receiv

Key Findings DKnife is a gateway-monitoring and adversary-in-the-middle (AitM) framework operated by China-nexus threat actors since at least 2019 It comprises seven Linux-based implants designed for deep packet inspection, traffic manipulation, and malware delivery via routers and edge devices The framework's primary targets appear to be Chinese-speaking users, based on the presence of credential harvesting phishing pages for Chinese email services and exfiltration modules f

Key Findings: Between 2024 and 2025, the China-linked advanced persistent threat (APT) group APT31 conducted targeted cyber attacks on the Russian IT sector, particularly companies working as contractors and integrators for government agencies. The attacks were characterized by the use of legitimate cloud services, mainly prevalent in Russia, like Yandex Cloud, for command-and-control (C2) and data exfiltration, in an attempt to blend in with normal traffic and evade detectio

Key Findings Nation-states are increasingly using cyber operations to enable and amplify the impact of kinetic military operations The boundaries between cyberattacks and physical, real-world attacks are blurring quickly Cyber-enabled kinetic targeting employs advanced tactics like compromising CCTV systems, maritime platforms, and accessing real-time data streams This represents a fundamental evolution in warfare, where the traditional boundaries between cyber and kinetic op