ALL POSTS

Key Findings UAC-0247 conducted a targeted campaign against Ukrainian government agencies and municipal healthcare facilities between March and April 2026 Attack chain begins with phishing emails posing as humanitarian aid proposals, using either AI-generated fake sites or legitimate sites compromised via XSS vulnerabilities Malware payload steals sensitive data from Chromium-based browsers and WhatsApp through multiple custom and open-source tools Evidence suggests Ukrainian

Key Findings Three China-linked threat clusters targeted a Southeast Asian government organization throughout 2025 in a sophisticated, well-resourced cyber campaign Mustang Panda (Stately Taurus) deployed PUBLOAD malware via USB-infected drives between June and August 2025 CL-STA-1048 cluster operated from March to September 2025, using multiple espionage tools including EggStremeFuel, MASOL RAT, and TrackBak Stealer CL-STA-1049 cluster active in April and August 2025 used th

Key Findings DKnife is a Linux-based toolkit used since 2019 to hijack router traffic and deliver malware in cyber-espionage attacks The toolkit is designed for deep packet inspection, traffic manipulation, credential harvesting, and malware delivery DKnife has been linked to China-nexus threat actors with high confidence The toolkit targets Chinese-speaking users, stealing credentials from Chinese services and popular Chinese apps DKnife hijacks software downloads and Androi

Key Findings: Ongoing campaign targeting Indian users with a multi-stage backdoor as part of a suspected cyber espionage operation Phishing emails impersonating the Income Tax Department of India to trick victims into downloading a malicious archive Malware known as Blackmoon (aka KRBanker) and a legitimate enterprise tool called SyncFuture TSM used as the final payload Sophisticated attack involving anti-analysis, privilege escalation, DLL sideloading, commercial-tool repurp