APT Archives • Daily CyberSecurity

OceanLotus Hijacks PyPI to Deploy “ZiChatBot” via Enterprise Chat APIs Acreed Infostealer, BNB Smart Chain CVE-2023-20269 exploit

OceanLotus Hijacks PyPI to Deploy “ZiChatBot” via Enterprise Chat APIs

Do Son May 7, 2026

In a calculated move that signals the expansion of state-sponsored threats into open-source repositories, researchers at Kaspersky...

Cisco Talos Unmasks UAT-8302’s Global Government Espionage Network UAT-8302 APT NetDraft Malware

Cisco Talos Unmasks UAT-8302’s Global Government Espionage Network

Do Son May 6, 2026

Cisco Talos has exposured the curtain on UAT-8302, a sophisticated, China-nexus advanced persistent threat (APT) group that...

Beyond Stuxnet: Uncovering fast16, the Apex Saboteur That Rewrites Mathematical Reality fast16 Malware Cyber Sabotage IronWind malware Stealc

fast16 Malware Cyber Sabotage IronWind malware Stealc

Beyond Stuxnet: Uncovering fast16, the Apex Saboteur That Rewrites Mathematical Reality

Do Son April 24, 2026

For decades, the cybersecurity world believed Stuxnet was the undisputed pioneer of state-grade cyber sabotage. SentinelLABS has...

Harvester APT Goes Cross-Platform: New Linux Backdoor Abuses Microsoft Graph API Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm

Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm

Harvester APT Goes Cross-Platform: New Linux Backdoor Abuses Microsoft Graph API

Do Son April 24, 2026

The sophisticated threat actor known as Harvester is expanding its horizons. Traditionally known for targeting Windows environments,...

The Lotus Evolves: Mustang Panda Targets Indian Banks in a New Espionage Pivot Mustang Panda LOTUSLITE Financial Cyber-Espionage

The Lotus Evolves: Mustang Panda Targets Indian Banks in a New Espionage Pivot

Do Son April 23, 2026

The Acronis Threat Research Unit (TRU) has identified a significant shift in the operations of Mustang Panda,...

The Triple-Headed Dragon: Inside the Three-Cluster Chinese Cyberespionage Campaign Targeting SE Asia UNC5221 HAFNIUM Extradition PRC State Espionage

UNC5221 HAFNIUM Extradition PRC State Espionage

The Triple-Headed Dragon: Inside the Three-Cluster Chinese Cyberespionage Campaign Targeting SE Asia

Do Son April 2, 2026

A recent investigation by Unit 42 researchers has exposed a massive, persistent cyberespionage campaign targeting a high-value...

Takedown-Proof: Inside the Ethereum-Powered “EtherRAT” and North Korea’s New Blockchain Backdoor

Do Son April 1, 2026

In a sophisticated blend of social engineering and decentralized technology, eSentire’s Threat Response Unit (TRU) recently detected...

Unit 42 Unmasks CL-STA-1087’s Years-Long Cyber Espionage Against Asian Militaries UNC5221 HAFNIUM Extradition PRC State Espionage

Unit 42 Unmasks CL-STA-1087’s Years-Long Cyber Espionage Against Asian Militaries

Do Son March 13, 2026

Security researchers at Unit 42 have pulled back the curtain on a sophisticated espionage cluster they’ve dubbed...

Torrent of Threats: China-Nexus APT UAT-9244 Hijacks South American Telecoms with PeerTime Backdoor BingX cyberattack FortiGate SSO Attacks Firewall Config Theft

BingX cyberattack FortiGate SSO Attacks Firewall Config Theft

Torrent of Threats: China-Nexus APT UAT-9244 Hijacks South American Telecoms with PeerTime Backdoor

Do Son March 9, 2026

Cybersecurity investigators at Cisco Talos have pulled back the curtain on a relentless espionage campaign targeting critical...

The BurrowShell Threat: Inside ‘Sloppy Lemming’s’ Stealthy Cyber Espionage Campaign in South Asia Sloppy Lemming BurrowShell Malware

The BurrowShell Threat: Inside ‘Sloppy Lemming’s’ Stealthy Cyber Espionage Campaign in South Asia

Do Son March 4, 2026

Cybersecurity researchers at Arctic Wolf have released a comprehensive analysis of a massive, year-long cyber espionage operation...

Supply Chain Poison: Lotus Blossom Hits Notepad++ to Deploy “Chrysalis” Lotus Blossom Chrysalis Notepad++ Compromise

Supply Chain Poison: Lotus Blossom Hits Notepad++ to Deploy “Chrysalis”

Do Son February 5, 2026

The notorious Chinese state-sponsored threat group Lotus Blossom has resurfaced with a dangerous new toolkit, compromising the...

Hydra Tactics: North Korea’s LABYRINTH CHOLLIMA Splits to Hunt Crypto & Secrets Iranian Hacktivists Operation Epic Fury Cyber New Generation Warfare Russian Hybrid Escalation Plex data breach Water Systems Cybersecurity - Threat Actor Naming Standard

Iranian Hacktivists Operation Epic Fury Cyber New Generation Warfare Russian Hybrid Escalation Plex data breach Water Systems Cybersecurity - Threat Actor Naming Standard

Hydra Tactics: North Korea’s LABYRINTH CHOLLIMA Splits to Hunt Crypto & Secrets

Do Son February 3, 2026

One of North Korea’s most aggressive cyber units has undergone a major strategic evolution, splitting into three...

HoneyMyte Evolved: Spies Use Pixeldrain & CoolClient for Real-Time Surveillance HoneyMyte Espionage CoolClient Backdoor

HoneyMyte Evolved: Spies Use Pixeldrain & CoolClient for Real-Time Surveillance

Do Son January 28, 2026

The persistent and sophisticated espionage group known as HoneyMyte (also tracked as Mustang Panda or Bronze President)...

“Nomad Leopard” Spotted in the Wild: Cyber Espionage Campaign Targets Afghan Government Nomad Leopard Afghanistan Cyber Espionage

“Nomad Leopard” Spotted in the Wild: Cyber Espionage Campaign Targets Afghan Government

Do Son January 20, 2026

A new cyber espionage campaign targeting the heart of Afghanistan’s administration has been uncovered, revealing a mix...

Operation Poseidon: Konni APT Hijacks Google & Naver Ads for Malware Operation Poseidon Konni APT

Operation Poseidon: Konni APT Hijacks Google & Naver Ads for Malware

Do Son January 20, 2026

In a deep-dive analysis released by Genians Security Center, researchers have exposed “Operation Poseidon,” a sophisticated campaign...

KnownSec Data Leak Exposes State-Aligned Cyber Espionage Pipeline Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

KnownSec Data Leak Exposes State-Aligned Cyber Espionage Pipeline

Do Son January 19, 2026

A massive data leak from KnownSec, a prominent Beijing-based cybersecurity firm, has exposed the inner workings of...

New “LOTUSLITE” Backdoor Targets U.S. Government in Suspected Mustang Panda Campaign Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm

New “LOTUSLITE” Backdoor Targets U.S. Government in Suspected Mustang Panda Campaign

Do Son January 19, 2026

A new espionage campaign targeting U.S. government entities has been uncovered, utilizing a custom backdoor dubbed LOTUSLITE....

Zero-Day Threat: UAT-8837 Targets North American Infrastructure Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Zero-Day Threat: UAT-8837 Targets North American Infrastructure

Do Son January 16, 2026

A sophisticated threat actor, tentatively linked to China, is aggressively targeting critical infrastructure in North America with...

China-Nexus Actor UAT-7290 Caught Targeting Telecoms in South Asia and Europe illegal streaming networks complex criminal enterprises UAT-7290 China-nexus Espionage Adversarial Misuse of Generative AI