Nation-State Threats
15 articles RSS
Iranian APT MuddyWater Deployed Chaos Ransomware as a False Flag to Disguise State-Sponsored Espionage
Rapid7 links a Chaos ransomware intrusion in early 2026 to Iranian state-linked MuddyWater, finding no encryption deployed — only credential theft and data exfiltration under ransomware cover.
Google GTIG Confirms First Criminal AI-Built Zero-Day: A 2FA Bypass That Would Have Enabled Mass Exploitation
Google's Threat Intelligence Group says a cybercrime group built a zero-day exploit using AI, marking the first confirmed case of adversaries weaponizing an LLM to discover and exploit a previously unknown vulnerability.
APT28 Hijacked 18,000 Routers Worldwide While Deploying PRISMEX Malware Against Ukraine and NATO Allies
APT28 compromised 18,000 routers across 120 countries for credential theft while deploying PRISMEX malware against Ukraine and NATO logistics targets.
Unit 42 Exposes Shadow Campaigns, a State-Aligned Espionage Operation That Breached 70 Government Organizations Across 37 Countries
Palo Alto Networks researchers reveal TGR-STA-1030, an Asia-based threat group that compromised law enforcement agencies, finance ministries, and telecoms across 37 countries while scanning government infrastructure in 155 nations.
Iran-Linked Handala Hackers Breach FBI Director Kash Patel's Personal Email as Retaliation Escalates Between Washington and Tehran
Pro-Iranian hacking group Handala published over 300 emails and personal photos from FBI Director Kash Patel's Gmail account, claiming retaliation after the DOJ seized four of the group's domains.
Suspected Chinese Hackers Breach FBI Wiretap Network Through Supply Chain Backdoor as FISA Reauthorization Debate Intensifies
U.S. investigators believe China-affiliated hackers penetrated the FBI's Digital Collection System Network, which manages FISA warrants and wiretap surveillance, by exploiting a commercial ISP vendor relationship.
FBI and CISA Warn Russian Intelligence Is Hijacking Signal and WhatsApp Accounts in Global Phishing Campaign
A joint FBI-CISA advisory says Russian-linked actors have compromised thousands of Signal and WhatsApp accounts belonging to government officials, military personnel, and journalists across multiple countries.
APT28 Weaponizes Microsoft Office Zero-Day Within 72 Hours, Deploying Steganographic Loaders and Cloud-Based C2 Across Six NATO-Adjacent Countries
Russia's APT28 exploited CVE-2026-21509, a Microsoft Office OLE bypass, within 72 hours of disclosure to hit military targets across six NATO-adjacent countries with steganographic loaders and cloud-based C2.
Iran-Linked Hackers Weaponize Microsoft Intune to Wipe 200,000 Stryker Devices in Retaliatory Cyberattack
Pro-Iran hacktivist group Handala hijacked Stryker's Microsoft Intune tenant to remotely wipe over 200,000 systems across 79 countries, crippling the medical device giant and threatening global hospital supply chains.
Government-Grade iPhone Exploit Kit 'Coruna' Proliferated from Spy Tool to Cryptocurrency Heist in Under a Year
Google and iVerify reveal Coruna, a 23-exploit iOS framework that moved from a surveillance vendor to Russian spies to Chinese cybercriminals in months.
Pakistan-Linked APT36 Deploys AI-Generated 'Vibeware' Against Indian Government in First Documented Nation-State Use of Vibe-Coded Malware
Bitdefender documents APT36 using LLMs to mass-produce malware in Nim, Zig, and Crystal at a daily cadence, flooding Indian government networks with disposable implants in a strategy researchers call 'Distributed Denial of Detection.'
Cloudflare's 2026 Threat Report: Attackers Swap Break-Ins for Log-Ins as AI and Credential Theft Redefine the Threat Landscape
Cloudflare's 2026 Threat Report documents a pivotal shift: attackers now log in rather than break in, using stolen session tokens and AI-assisted credential theft to bypass MFA, as DDoS volumes doubled and nation-state pre-positioning inside critical infrastructure intensifies.