Security news aggregator

Latest coverage for Threat Actor

Coverage of named threat actors and intrusion sets examines reported incidents, infrastructure, disruption, and defensive guidance.

20 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Coverage under this tag concerns a named threat actor or intrusion set: an individual, group, or organized operation assessed to be responsible for malicious cyber activity. Reports may describe incidents, malware, attack infrastructure, disruption efforts, or analyst assessments. Attribution is often provisional, so actor names and reported links should be treated as intelligence judgments rather than established identity, nationality, sponsorship, or motive.

For defenders, such reporting can help connect incidents and prioritize monitoring, but indicators and techniques may be reused or become obsolete. Validate reported infrastructure, hashes, and behaviors against local telemetry; use confirmed weaknesses to guide vulnerability remediation and access controls. If activity is suspected, preserve relevant logs and evidence, contain affected accounts or systems, and coordinate investigation without relying on an actor label alone.

Showing 20 most recent headlines Filtered view

The North Korean threat actors behind the ongoing Contagious Interview campaign are spreading their tentacles on the npm ecosystem by publishing more malicious packages that deliver the BeaverTail malware, as well as a new remote access trojan (RAT) loader

More Evidence Surfaces of Chinese Hackers Targeting Ivanti ProductsA suspected Chinese cyberespionage operation is behind a spate of malware left on VPN appliances made by Ivanti. The threat actor used a critical security vulnerability the Utah company patched in February. "We are aware of a limited number of customers whose appliances have been exploited."

The North Korean threat actors behind Contagious Interview have adopted the increasingly popular ClickFix social engineering tactic to lure job seekers in the cryptocurrency sector to deliver a previously undocumented Go-based backdoor called GolangGhost on Windows and macOS systems

Bank Info Security 1 year, 3 months ago

Surge in Smishing Fueled by Lucid PhaaS Platform

Chinese-Speaking Operators Have Made Lucid a 'Primary Source' of PhishingSecurity researchers say they expect a surge this year in text message smishing fueled by a phishing-as-a-service platform operated by Chinese-speaking threat actors. Lucid already is a primary source of phishing campaigns targeting users in Europe, the United Kingdom and the United States.

The financially motivated threat actor known as FIN7 has been linked to a Python-based backdoor called Anubis (not to be confused with an Android banking trojan of the same name) that can grant them remote access to compromised Windows systems

Cybersecurity researchers have shed light on a new China-linked threat actor called Earth Alux that has targeted various key sectors such as government, technology, logistics, manufacturing, telecommunications, IT services, and retail in the Asia-Pacific (APAC) and Latin American (LATAM) regions

Bank Info Security 1 year, 3 months ago

UK Police Are Ill-Equipped to Tackle AI Crimes

New Turing Institute Report Urges Government to Create AI Crime Task ForceBritish law enforcement agencies are ill-equipped to tackle artificial intelligence-enabled cybercrime, a report by The Alan Turing Institute says, pointing to an "enormous gap" between police technical capabilities and the growing sophistication of threat actors.

Every week, someone somewhere slips up—and threat actors slip in. A misconfigured setting, an overlooked vulnerability, or a too-convenient cloud tool becomes the perfect entry point. But what happens when the hunters become the hunted? Or when old malware resurfaces with new tricks? Step behind the curtain with us this week as we explore breaches born from routine oversights—and the unexpected