The threat actors used a lateral movement capability indicative of the presence of a shared vendor or digital quartermaster maintaining and provisioning tooling within the Chinese APT ecosystem.

CyberVolk’s roots trace back to India, with its current form emerging in May 2024. Initially known by names such as GLORIAMIST India and Solntsevskaya Bratva, the group shifted to ransomware-as-a-service (RaaS) operations in June 2024.

SentinelLabs found a new type of malware being used by North Korean hackers to target businesses that deal with cryptocurrency. This malware is similar to attacks previously linked to BlueNoroff.

Mallox, known for targeting Windows systems, has expanded its operations to Linux by using a modified version of the Kryptina ransomware, named "Mallox Linux 1.0." The ransomware utilizes the same encryption algorithm as Kryptina.

It begins with a Discord user downloading a malicious Python application, Cross-Platform Bridges.zip. Initially, links to the malware were sent to targets via direct message with the malware hosted on Google Drive.

The activities of Sandman suggest espionage motivations, with a focus on telecommunications providers and a potential connection to a private contractor or mercenary group.

The CapraRAT mobile RAT hidden within these YouTube-themed apps gives the attacker control over various data on infected Android devices, including recording audio and video, collecting messages and call logs, and modifying files.

Unlike other recent macOS malware, MetaStealer relies on social engineering tactics to persuade victims to launch malicious payloads, often disguised as legitimate files or software.

A recent investigation by cybersecurity firm SentinelLabs has revealed that North Korean hackers have targeted a Russian missile engineering organization called NPO Mashinostroyeniya.

Analysis of the infrastructure linked to the JumpCloud intrusion reveals patterns consistent with previous DPRK-linked campaigns, highlighting their unique tactics and techniques.