top of page
ALL POSTS
Italy Moves to Extradite Chinese National to U.S. on Hacking Charges
Key Findings Italian authorities extradited Chinese national Xu Zewei to the U.S. on Monday after his arrest in Milan in July 2025 Xu is accused of being part of HAFNIUM (also known as Silk Typhoon), a state-backed hacking group directed by China's Ministry of State Security The group targeted COVID-19 research at universities, exploiting Microsoft Exchange Server zero-day vulnerabilities to compromise over 12,700 U.S. organizations Xu allegedly worked for Shanghai Powerock N
Apr 272 min read
UAC-0247's Expanding Cyber Campaign: Ukrainian Clinics and Government in Data-Theft Malware Crosshairs
Key Findings UAC-0247 conducted a targeted campaign against Ukrainian government agencies and municipal healthcare facilities between March and April 2026 Attack chain begins with phishing emails posing as humanitarian aid proposals, using either AI-generated fake sites or legitimate sites compromised via XSS vulnerabilities Malware payload steals sensitive data from Chromium-based browsers and WhatsApp through multiple custom and open-source tools Evidence suggests Ukrainian
Apr 163 min read
China-Linked APT Clusters Launch Coordinated Cyber Campaign Against Southeast Asian Government in 2025
Key Findings Three China-linked threat clusters targeted a Southeast Asian government organization throughout 2025 in a sophisticated, well-resourced cyber campaign Mustang Panda (Stately Taurus) deployed PUBLOAD malware via USB-infected drives between June and August 2025 CL-STA-1048 cluster operated from March to September 2025, using multiple espionage tools including EggStremeFuel, MASOL RAT, and TrackBak Stealer CL-STA-1049 cluster active in April and August 2025 used th
Mar 303 min read
DKnife Linux toolkit abuses routers to spy and deliver malware since 2019
Key Findings DKnife is a Linux-based toolkit used since 2019 to hijack router traffic and deliver malware in cyber-espionage attacks The toolkit is designed for deep packet inspection, traffic manipulation, credential harvesting, and malware delivery DKnife has been linked to China-nexus threat actors with high confidence The toolkit targets Chinese-speaking users, stealing credentials from Chinese services and popular Chinese apps DKnife hijacks software downloads and Androi
Feb 82 min read
Targeted Indian Users in Tax Phishing Campaign Delivering Blackmoon Malware
Key Findings: Ongoing campaign targeting Indian users with a multi-stage backdoor as part of a suspected cyber espionage operation Phishing emails impersonating the Income Tax Department of India to trick victims into downloading a malicious archive Malware known as Blackmoon (aka KRBanker) and a legitimate enterprise tool called SyncFuture TSM used as the final payload Sophisticated attack involving anti-analysis, privilege escalation, DLL sideloading, commercial-tool repurp
Jan 262 min read
bottom of page
