Tag

Cyberespionage

4 briefs RSS

GreyVibe Targets Ukraine with AI-Generated Lures and Custom Malware

The likely Russian-aligned GreyVibe group is targeting Ukrainian organizations with AI-generated lures delivered via spear-phishing and malicious websites, deploying custom malware such as PhantomRelay, LegionRelay, and FallSpy to exfiltrate sensitive data.

google drive +8 GreyVibe ai-generated-lures cyberespionage ukraine malware phantomrelay legionrelay fallspy

2r 8t 3w ago

high threat

Screening Serpens APT Targets Tech and Defense Sectors with New RATs

2 rules 3 TTPs

The Iranian APT group Screening Serpens targeted the tech and defense sectors in the U.S., Israel, and the UAE between February and April 2026, deploying six new RAT variants from the MiniUpdate and MiniJunk V2 malware families, using tailored social engineering lures and AppDomainManager hijacking.

MiniUpdate +2 Screening Serpens APT Iran RAT MiniJunk DLL Sideloading AppDomainManager Cyberespionage

2r 3t 4w ago

high threat

FrostyNeighbor Targets Ukraine with Updated PicassoLoader Chain

2 rules 3 TTPs 3 IOCs

The FrostyNeighbor threat actor is targeting Ukrainian governmental organizations with spearphishing emails containing malicious PDFs that deliver a JavaScript dropper (PicassoLoader) and ultimately a Cobalt Strike beacon.

Cobalt Strike +2 FrostyNeighbor cyberespionage cobaltstrike picassoloader ukraine

2r 3t 3i May 15, 2026

high threat

MuddyWater Disguises Cyber-Espionage as Chaos Ransomware Attack

2 rules 5 TTPs

The MuddyWater group is disguising its cyber-espionage operations as Chaos ransomware attacks, using Microsoft Teams social engineering for initial access and establishing persistence, likely to complicate attribution and mask their true objectives.

Microsoft Teams +3 MuddyWater chaos ransomware cyberespionage data theft iranian apt

2r 5t May 7, 2026