The DHS and FBI say North Korean-backed attackers are using a powerful new piece of malware known as Hoplight to infiltrate target machines.
Investigations by the NSA and Uk's NCSC found that the Russian Turla attack group was using compromised C2 infrastructure and tools belonging to an Iranian APT group in several operations.
The FIN7 group has begun deploying new tools, including a module that specifically targets a remote administration tool for payment card systems.
An attack group known as Phosphorus that is linked to the Iranian government has targeted email accounts of U.S. government officials and people associated with a presidential campaign.
A fake hiring site for veterans is the latest tool deployed by the Tortoiseshell attack group.