The newly identified YoroTrooper group is targeting embassies and government agencies in European and Commonwealth of Independent States countries in phishing campaigns.
The Iranian Cobalt Mirage threat group has been using the Drokbk malware in recent intrusions and employing GitHub repositories as dead drop resolvers.
A North Korean state-backed actor known for targeting South Korean victims recently used an Internet Explorer zero day (CVE-2022-41128).
The FBI, NSA and CISA are highlighting IoCs and TTPs used in an attack on a defense industrial base organization that leveraged compromised credentials, a custom data exfiltration tool and the Impacket open-source toolkit.
Researchers have discovered a new APT actor called Metador that has been targeting ISPs, telcos, and universities in the Middle East and Africa.