UNC1860 has been observed using victim networks as staging areas for additional operations, targeting entities in Saudi Arabia and Qatar. They overlap with APT34, assisting in lateral movement within compromised organizations.

Once installed, COVERTCATCH downloads a second-stage payload to compromise macOS systems. This tactic is part of various activity clusters, including Operation Dream Job and Contagious Interview.

A memory-only dropper decrypts and executes a PowerShell-based downloader known as PEAKLIGHT, allowing for the distribution of malware such as Lumma Stealer, Hijack Loader, and CryptBot.

A new threat known as "WireServing" has been identified in Azure Kubernetes Services (AKS) by Mandiant. This vulnerability could have allowed attackers to escalate privileges and access sensitive credentials within compromised clusters.

APT41, a China-based hacking group, has targeted organizations in shipping, logistics, media, technology, and automotive sectors in Italy, Spain, Taiwan, Thailand, Turkey, and the U.K. since 2023.