BianLian ransomware actors are likely based in Russia and have multiple Russia-based affiliates, according to new information shared by the FBI and Australian law enforcement.

LIMINAL PANDA has used compromised telecom servers to initiate intrusions into further providers in other geographic regions. The adversary conducts elements of their intrusion activity using protocols that support mobile telecommunications.

A threat group known as SilkSpecter, speculated to be from China, is using thousands of fake online stores to steal credit card information from shoppers in the U.S. and Europe.

A group linked to China hacked Tibetan media and university websites to distribute a Cobalt Strike payload. The group, known as TAG-112, has similarities with another Chinese state-sponsored group called Evasive Panda.

Chinese state-sponsored hacking group Volt Typhoon is attempting to rebuild its "KV-Botnet" malware botnet after it was disrupted by law enforcement in January, targeting outdated Cisco and Netgear routers.

Check Point Research indicated that WIRTE has expanded from espionage to include disruptive attacks. Evidence shows that the malware employed by this group is connected to SameCoin, a wiper malware that has previously affected Israeli entities.

Trend Micro identified two infection chains: the first uses PsExec and WMI for lateral movement, while the second exploits vulnerabilities in Microsoft Exchange servers with ChinaChopper web shell.

According to researchers, 0ktapus creates phishing landing pages mimicking legitimate login sites to steal credentials, which are then used for gaining unauthorized access, deploying ransomware, and extortion.

MirrorFace, a Chinese state-linked threat actor, targeted a diplomatic organization in the European Union for the first time. The attack used the World Expo 2025 in Osaka, Japan, as a lure.

These cyber operatives focus on IT and cryptocurrency roles, stealing valuable information and funneling earnings back to North Korea. The hackers avoid detection and target both Windows and macOS by exploiting advanced obfuscation techniques.