Advanced Persistent Threat (APT) stories

China-linked TA416 returns to spying on European diplomats and later expands attacks to Middle Eastern government targets after Iran conflict.

Survey finds most OT outages in industry and critical infrastructure cost up to GBP £5 million, as firms fear nation-state attacks and long delays to detection.

ReliaQuest flags DeepLoad malware stealing live credentials in enterprise networks, with AI-style obfuscation, USB spread and hidden WMI persistence.

Commvault adds Hyper Threat Hunting and Deep Inspection to Cloud Threat Scan, linking backup scanning with verified clean recovery after cyber attacks.

Rapid7 says China-linked Red Menshen has planted dormant “sleeper cells” inside global telecoms networks to quietly maintain long-term access.

Iran-linked cyber attacks are spreading beyond the Middle East, with firms tied to Israel or the US warned they face heightened global risk.

Iranian state-aligned hackers are shifting from spying to destructive cyber strikes, putting Western critical infrastructure on high alert.

Attackers push fake Red Alert Android app via SMS, turning Israel rocket warning tool into spyware that steals messages, contacts and location.

New research links Iran conflict to a swift surge in tightly targeted cyber espionage across Middle Eastern governments and embassies.

Attackers are ditching malware for stolen identities, misconfigurations and abused AI tools, Google warns in its latest cloud threat report.

A stealthy BlackSanta malware campaign is hijacking CVs and HR hiring flows to kill EDR tools at kernel level and exfiltrate data.

A stealthy BlackSanta malware spree is hijacking HR recruitment workflows, killing endpoint defence tools and exfiltrating sensitive data.

Google says it has crippled a China-linked cyber espionage group accused of hacking telecoms and governments in at least 42 countries.

New LockBit 5.0 ransomware hits Windows, Linux and ESXi in single campaigns, widening blast radius across mixed and virtualised environments.

Okta warns North Korean operatives are landing remote tech jobs with stolen and synthetic identities to fund the regime and enable cyber attacks.

Hackers are abandoning noisy ransomware to quietly steal data, as a report finds 80% of top attack techniques now focus on evasion.

Indian defence faces a decade-long silent siege as APT36 refines cross-platform cyber espionage with stealthy, persistent RAT campaigns.

CrowdStrike has split North Korea-linked LABYRINTH CHOLLIMA into three units, two for crypto theft and one for industrial espionage.

Attackers are abusing LinkedIn private messages to deliver Python-based malware via booby-trapped archives, ReliaQuest has warned.

NCC Group links Silver Fox's false-flag malware campaigns to ValleyRAT and uncovers critical PowerG flaws that can fully compromise alarms.