Apt

In 2025, state-sponsored actors from China, Russia, North Korea, and Iran leveraged vulnerabilities and identity compromise for initial access, focusing on persistence for long-term espionage or disruption.

A Russian APT group is exploiting a Zimbra XSS vulnerability (details unspecified) to target the Ukrainian government in an operation dubbed 'GhostMail'.

This brief summarizes IOCs extracted from the Maltrail feed on March 15, 2026, covering domains and URLs associated with threats targeting macOS and Android platforms, including OSX_Atomic, FakeApp, Android_Joker, Lummack2, APT_Sidewinder, APT_Kimsuky, and Hak5Cloud_C2.

This brief analyzes IOCs aggregated by Maltrail on February 27, 2026, highlighting network activity associated with diverse threat actors including APT_UNC2465, Lazarus Group, Gorat, APT_Bitter, Android_Joker, PowerShell Injector, SmokeLoader, and FakeApp campaigns targeting various sectors.