Dark Side Intelligence Category

APT & Nation-State Intelligence

Advanced Persistent Threat intelligence tracking nation-state actors — Lazarus Group, Sandworm, Volt Typhoon, and others. Campaign TTPs, targeted sectors, and SIGMA/KQL detection rules.

39 reports availableRefreshed every 5 minutes
← All IntelRansomwareCredential LeaksAPT & Nation-StateMalware & Criminal ToolingData BreachesTelegram Intel

APT & Nation-State — Archive & Latest

39 reports loaded
APT & Nation-State

TeamPCP PyPI Supply Chain Attack, LofyStealer, and GhostSocks Proxy Botnet: OTX Pulse Analysis — Enterprise Detection Pack

OTX detects TeamPCP PyPI attack, LofyStealer targeting gamers, and GhostSocks MaaS proxy botnet. Immediate credential theft risk.

May 3, 2026
Read →
APT & Nation-State

Supply Chain Attack: TeamPCP Telnyx SDK, LofyStealer & GhostSocks — OTX Pulse Analysis

Active PyPI supply chain compromise (TeamPCP), LofyStealer infostealer, and GhostSocks proxy MaaS detected. Critical credential theft risk.

May 3, 2026
Read →
APT & Nation-State

TeamPCP Supply Chain Attack, LofyStealer & GhostSocks Proxy: OTX Pulse Analysis — Enterprise Detection Pack

Critical OTX alerts reveal TeamPCP PyPI supply chain attack, LofyStealer targeting gamers, and GhostSocks MaaS infecting education.

May 2, 2026
Read →
APT & Nation-State

TeamPCP PyPI Supply Chain, LofyStealer, & GhostSocks Botnet: OTX Pulse Analysis — Enterprise Detection Pack

Supply chain attack on Telnyx SDK, LofyStealer targeting gamers, and GhostSocks proxy malware detected. Urgent credential theft risks.

May 2, 2026
Read →
APT & Nation-State

TeamPCP PyPI Supply Chain Attack & LofyStealer/GhostSocks Campaigns: OTX Pulse Analysis

Supply chain compromise of Telnyx SDK, LofyStealer targeting gamers, and GhostSocks proxy malware. Critical update.

May 1, 2026
Read →
APT & Nation-State

TeamPCP, LofyStealer & GhostSocks: OTX Threat Analysis — Enterprise Detection Pack

Urgent IOCs and detection logic for TeamPCP supply chain attack, LofyStealer infostealer, and GhostSocks proxy malware.

Apr 30, 2026
Read →
APT & Nation-State

TeamPCP Supply Chain, LofyStealer & GhostSocks: OTX Pulse Analysis — Enterprise Detection Pack

OTX pulses reveal TeamPCP PyPI attack, LofyStealer targeting gamers, and GhostSocks proxy botnet. Urgent supply chain & infostealer detection required.

Apr 30, 2026
Read →
APT & Nation-State

GlassWorm, EtherRAT & Rebex Telegram RAT: Blockchain & Messaging C2 Convergence

Active campaigns exploiting Solana/Ethereum blockchains & Telegram for C2. Targets developers, retail & Vietnam via supply chain & CHM lures.

Apr 29, 2026
Read →
APT & Nation-State

GlassWorm, EtherRAT & Rebex RAT: Blockchain-C2 and Multi-Stage Supply Chain Attacks

APTs using Solana/Ethereum smart contracts & Telegram API for resilient C2. Targeting developers & retail sectors. Urgency: High.

Apr 29, 2026
Read →
APT & Nation-State

ClickFix & GlassWorm: Multi-Vector Stealer and RAT Campaigns — Enterprise Detection Pack

Active ClickFix and GlassWorm campaigns target enterprise devs and finance sectors with stealers and RATs via social engineering and supply chain.

Apr 29, 2026
Read →
APT & Nation-State

ClickFix, GlassWorm & EtherRAT: Multi-Vector Social Engineering and Blockchain C2 Campaigns — Enterprise Detection Pack

OTX pulses reveal active ClickFix campaigns, GlassWorm supply chain attacks, and North Korean EtherRAT using Ethereum for C2 evasion.

Apr 28, 2026
Read →
APT & Nation-State

ClickFix, GlassWorm & EtherRAT: Multi-Vector APT Analysis — Enterprise Detection Pack

Active campaigns using ClickFix, GlassWorm, and EtherRAT targeting finance/tech via living-off-the-land and blockchain C2. High urgency.

Apr 28, 2026
Read →
APT & Nation-State

ClickFix, GlassWorm, and EtherRAT: APT Campaigns Leveraging Blockchain Evasion and Infostealers

North Korean APT and unknown actors utilize ClickFix, GlassWorm, and EtherRAT to target finance/devs with blockchain-based C2 and info stealers.

Apr 28, 2026
Read →
APT & Nation-State

ClickFix, GlassWorm & EtherRAT: OTX Pulse Analysis — Social Engineering & Blockchain C2 Campaigns

OTX alerts on active ClickFix campaigns delivering Lumma/Vidar, GlassWorm targeting devs via Solana C2, and North Korean EtherRAT using EtherHiding.

Apr 27, 2026
Read →
APT & Nation-State

ClickFix, GlassWorm & EtherRAT: Multi-Vector APT Campaign Analysis

OTX pulses identify active ClickFix social engineering and APT-linked EtherRAT/GlassWorm campaigns targeting finance & devs.

Apr 27, 2026
Read →
APT & Nation-State

Emerging Threat Landscape: ClickFix Loaders, GlassWorm Supply Chain, and NK EtherRAT

Active campaigns using ClickFix loaders, GlassWorm supply chain attacks, and North Korean EtherRAT targeting Finance/Dev sectors. Immediate action required.

Apr 26, 2026
Read →
APT & Nation-State

ClickFix, GlassWorm & EtherRAT Campaigns: Social Engineering + Blockchain C2 Tactics

OTX analysis: ClickFix loaders, GlassWorm dev supply chain attacks, and North Korean EtherRAT using Ethereum C2. Urgent action required.

Apr 26, 2026
Read →
APT & Nation-State

ClickFix, GlassWorm & EtherRAT: Multi-Vector APT Campaign Analysis — Enterprise Defense Pack

Active ClickFix, GlassWorm, and North Korean EtherRAT campaigns targeting Finance/Dev sectors via social engineering and supply chain. High urgency.

Apr 26, 2026
Read →
APT & Nation-State

ClickFix, GlassWorm & EtherRAT: Cross-Platform Stealers and Blockchain C2 Tactics — OTX Analysis

Active campaigns involving ClickFix social engineering, GlassWorm supply chain attacks, and North Korean EtherRAT using Ethereum C2.

Apr 25, 2026
Read →
APT & Nation-State

TwizAdmin, DinDoor & ClickFix: OTX Pulse Analysis — Multi-Vector Threat Brief

Active TwizAdmin clipper, MuddyWater DinDoor, & ClickFix campaigns targeting finance/gov. High urgency.

Apr 25, 2026
Read →
APT & Nation-State

TwizAdmin Infostealer, DinDoor Backdoor, and ClickFix Attacks: Multi-Platform Threat Analysis

OTX Pulse Alert: Active DataBreachPlus (TwizAdmin) and MuddyWater (DinDoor) campaigns alongside widespread ClickFix attacks distributing stealers.

Apr 24, 2026
Read →
APT & Nation-State

TwizAdmin & DinDoor Operations: Multi-Platform Clipping, ClickFix, and Deno Runtime Abuse — Enterprise Detection Pack

DataBreachPlus TwizAdmin and MuddyWater DinDoor campaigns alongside ClickFix attacks target finance/tech sectors via stealers and backdoors.

Apr 24, 2026
Read →
APT & Nation-State

Lazarus & Void Dokkaebi Campaigns: Mach-O Man, TwizAdmin, and Dev Repo Poisoning — OTX Pulse Analysis

OTX Alert: Lazarus ClickFix attacks, Void Dokkaebi repo poisoning, and TwizAdmin crypto-theft targeting Finance & Tech. High Urgency.

Apr 23, 2026
Read →
APT & Nation-State

Lazarus Group & DataBreachPlus: Multi-Platform APT Campaigns Involving Mach-O Man, TwizAdmin & Supply Chain Attacks

Active campaigns target Finance/Tech with macOS ClickFix malware, dev supply chain compromise, and multi-stage crypto-stealers.

Apr 22, 2026
Read →
APT & Nation-State

TwizAdmin, Mach-O Man & Void Dokkaebi: Multi-Platform MaaS & Supply Chain Threats

Active APT campaigns detected: DataBreachPlus TwizAdmin MaaS, Lazarus Mach-O Man macOS malware, and Void Dokkaebi repo poisoning. Urgency: High.

Apr 22, 2026
Read →
APT & Nation-State

The Gentlemen RaaS, Void Dokkaebi Supply Chain, & macOS ClickFix Infostealers: OTX Pulse Analysis

Active threats: The Gentlemen RaaS exploiting Fortinet, Void Dokkaebi poisoning Git repos, and macOS ClickFix infostealers.

Apr 21, 2026
Read →
APT & Nation-State

The Gentlemen RaaS, macOS ClickFix Stealers & AdaptixC2 Framework: OTX Pulse Analysis

Intel on The Gentlemen RaaS TTPs, macOS ClickFix infostealers, and AdaptixC2 post-exploitation frameworks. Critical severity.

Apr 21, 2026
Read →
APT & Nation-State

The Gentlemen RaaS & AdaptixC2 Framework: Multi-Platform Extortion — OTX Pulse Analysis

The Gentlemen RaaS leverages FortiOS/ESXi exploits and AdaptixC2/SystemBC for multi-platform extortion. Urgency: High.

Apr 20, 2026
Read →
APT & Nation-State

The Gentlemen RaaS & AdaptixC2 Framework: OTX Pulse Analysis — Enterprise Detection Pack

The Gentlemen ransomware group exploiting FortiOS with SystemBC tunneling. Critical threat for enterprises with 240+ attacks in early 2026.

Apr 20, 2026
Read →
APT & Nation-State

The Gentlemen RaaS, AdaptixC2 Framework & UNC1945 Solaris Attacks: OTX Pulse Analysis

OTX Pulse analysis reveals active exploitation of Fortinet by The Gentlemen, AdaptixC2 framework adoption, and UNC1945 targeting finance via MSPs. Urgent patching required.

Apr 20, 2026
Read →
APT & Nation-State

The Gentlemen RaaS, LeakNet ClickFix, and Runningcrab Supply Chain: OTX Pulse Analysis

Critical threats: FortiOS exploitation (The Gentlemen), DocGuard hijacking (Runningcrab), and Deno-based ClickFix loaders (LeakNet).

Apr 19, 2026
Read →
APT & Nation-State

The Gentlemen RaaS & Speagle Infostealer: FortiOS Exploits, Supply Chain Attacks, and ClickFix — OTX Pulse Analysis

Active campaigns: The Gentlemen exploiting FortiOS, Infostealer.Speagle via Cobra DocGuard, and LeakNet using ClickFix/Deno loaders.

Apr 19, 2026
Read →
APT & Nation-State

The Gentlemen & LeakNet: RaaS Expansion and Infostealer Supply Chain Attack — OTX Pulse Analysis

Active threats: The Gentlemen exploiting FortiOS, LeakNet using ClickFix, and Infostealer.Speagle via Cobra DocGuard supply chain. Urgency: High.

Apr 18, 2026
Read →
APT & Nation-State

Runningcrab Supply Chain & LeakNet Ransomware: Speagle Infostealer, Deno Loaders & Telegram C2 Analysis

OTX pulses reveal active APT campaigns. Runningcrab exploits Cobra DocGuard, LeakNet uses Deno loaders, and Hydra Saiga leverages Telegram C2.

Apr 18, 2026
Read →
APT & Nation-State

LeakNet Ransomware, Hydra Saiga Espionage, and notnullOSX: OTX Pulse Analysis — Enterprise Detection Pack

LeakNet (ransomware), Hydra Saiga (espionage), and notnullOSX (stealer) campaigns active. Leverages ClickFix, Deno loaders, and Telegram C2.

Apr 17, 2026
Read →
APT & Nation-State

FAMOUS CHOLLIMA & Lazarus Supply Chain Assault: OtterCookie, Graphalgo & Interlock Exploits

N. Korean APTs targeting crypto/tech devs via malicious npm/PyPI; Interlock exploiting Cisco zero-days.

Apr 15, 2026
Read →
APT & Nation-State

OtterCookie & GHOSTSABER: North Korean Supply Chain Attack & Interlock Ransomware Exploitation — OTX Pulse Analysis

North Korean APTs use malicious npm/PyPI packages for credential theft; Interlock Ransomware exploits Cisco FMC zero-day. Urgent patching required.

Apr 15, 2026
Read →
APT & Nation-State

MacSync & OtterCookie Stealers: North Korean Supply Chain & macOS Campaigns with Interlock Ransomware CVE Exploits — OTX Analysis

MacSync/OtterCookie infostealers targeting Gov/Tech via MaaS & npm. Interlock ransomware exploiting Cisco zero-days. High urgency.

Apr 14, 2026
Read →
APT & Nation-State

Intel: APT37 RokRAT & APT28 PRISMEX Operations — Zero-Day & GitHub C2 Campaigns April 2026

Active DPRK & Russian APT campaigns detected: RokRAT via social apps, PRISMEX zero-days, and GitHub C2. High risk to supply chains.

Apr 14, 2026
Read →
Free Detection Rules Included

Every APT & Nation-StateReport Includes SIGMA & KQL Detection Rules

Every intelligence briefing on this page includes at least one Sigma rule, a Microsoft Sentinel KQL hunt query, and an IOC check script — ready to drop into your SIEM. No paywall. No registration.

View All APT & Nation-State ReportsAlertMonitor SIEM Integration →Dark Web Exposure Check