ALL POSTS

Key Findings: Several state-sponsored actors, hacktivist entities, and criminal groups from China, Iran, North Korea, and Russia have targeted the defense industrial base (DIB) sector. The adversarial targeting is centered around four key themes: striking defense entities in the Russia-Ukraine War, approaching employees and exploiting the hiring process, using edge devices/appliances for initial access, and supply chain risk from manufacturing breaches. Notable threat actors

Key Findings The AISURU/Kimwolf botnet hit a record-breaking 31.4 Tbps DDoS attack that lasted just 35 seconds in November 2025. Cloudflare automatically detected and blocked the attack as part of a surge in hyper-volumetric HTTP DDoS attacks observed in late 2025. The number and size of DDoS attacks increased significantly in 2025, with a 40% rise in hyper-volumetric attacks in Q4 2025 compared to the previous quarter. The largest attacks targeted Cloudflare customers in the

Key Findings The Russian nation-state hacking group known as Sandworm attempted a significant cyber attack targeting Poland's power sector in late December 2025. The attack involved the deployment of a previously undocumented wiper malware called DynoWiper. The attack was ultimately unsuccessful, with no evidence of successful disruption to Poland's energy infrastructure. This activity occurred on the 10th anniversary of Sandworm's 2015 attack against the Ukrainian power grid

Key Findings Iranian APT group Infy (aka Prince of Persia) has resurfaced with new malware campaigns after nearly 5 years of dormancy The scale of Infy's current activity is significantly larger than previously assessed The group has targeted victims across Iran, Iraq, Turkey, India, Canada, and parts of Europe Infy's malware arsenal includes updated versions of the Foudre downloader and Tonnerre implant Attack chains have evolved from macro-laced documents to embedded execut

Background Google's Threat Intelligence Group (GTIG) has identified a new generation of malware that is using AI during execution to mutate, adapt, and collect data in real-time, helping it evade detection more effectively. Cybercriminals are increasingly using AI to build malware, plan attacks, and craft phishing lures. Recent research shows AI-driven ransomware like PromptLock can adapt during execution. Malware with Novel AI Capabilities GTIG has identified malware familie