Once known for its pro-Kremlin hacktivist campaigns, the group now appears to function as a profit-driven cyber mercenary collective, offering hack-for-hire services and targeting a broader range of victims.

A Russia-aligned threat actor, TAG-110—linked to APT28 and UAC-0063—has launched a phishing campaign targeting Tajikistan’s government, academic, and research institutions.

A joint cybersecurity advisory issued in May 2025 by agencies from the U.S., U.K., EU, NATO, and allied nations has revealed an ongoing cyber-espionage campaign by the Russian GRU’s 85th Main Special Service Centre (GTsSS), also known as APT28.

A recent wave of cyberattacks attributed to the threat actor Scattered Spider has targeted financial services and retail organizations across the United Kingdom and the United States.

A threat actor known as UnsolicitedBooker has been observed targeting a Saudi Arabian organization over a span of three years using a newly identified backdoor named MarsSnake.

SRG employs highly tailored phishing campaigns, including callback phishing and impersonation of well-known brands like Duolingo and Masterclass. Victims are lured into calling fake support numbers and are socially engineered.

Lecardo Clinic, a private hospital in Chuvashia, Russia, experienced a multi-day operational shutdown due to a cyberattack attributed to the pro-Ukraine hacker group 4B1D.

A cyber-espionage campaign by Fancy Bear (APT28), linked to Russia’s GRU, has targeted Ukrainian government and military entities, as well as international defense contractors.

A new wave of ransomware and extortion attacks is targeting the US retail sector, with threat intelligence suggesting the involvement of the advanced threat actor group Scattered Spider (UNC3944).

A newly identified APT campaign, dubbed “Swan Vector,” has been targeting educational and mechanical engineering sectors in East Asia, particularly Taiwan and Japan. The campaign employs spearphishing emails with malicious ZIP attachments