APT & Nation-State Intelligence
Advanced Persistent Threat intelligence tracking nation-state actors — Lazarus Group, Sandworm, Volt Typhoon, and others. Campaign TTPs, targeted sectors, and SIGMA/KQL detection rules.
APT & Nation-State — Archive & Latest
Storm-3075 AI Impersonation & UAT-8616 SD-WAN Exploitation: SilabRAT, Vidar, and Cisco Breaches
Active exploitation of Cisco SD-WAN (CVE-2026-20128) and AI-themed campaigns delivering Vidar/SilabRAT. Urgent detection required.
Storm-3075 AI Impersonation & SilabRAT MaaS Campaign: Multi-Vector Threat Analysis
AI-themed phishing, credential theft via Vidar/Lumma, and SilabRAT RAT targeting enterprise credentials. CRITICAL urgency.
AI Social Engineering, SD-WAN Exploitation, and SilabRAT MaaS: OTX Pulse Analysis
Urgent: Active AI-themed phishing delivering Vidar/Lumma, Cisco SD-WAN exploits (UAT-8616), and SilabRAT MaaS detected. Block IOCs.
Storm-3075 AI Phishing & SilabRAT MaaS: OTX Pulse Analysis — Enterprise Detection Pack
High urgency: Storm-3075 AI phishing, UAT-8616 Cisco SD-WAN exploitation, and SilabRAT MaaS detected. Actionable IOC pack.
Storm-3075 AI-Themed Social Engineering & 4BID ProxyShell Exploitation: OTX Pulse Intelligence — Enterprise Detection Pack
Storm-3075 & 4BID campaigns: AI phishing & ProxyShell attacks. Urgent: Hunt for Vidar, SilabRAT, Sliver, Lumma Stealer IOCs across enterprise.
SilabRAT MaaS & Storm-3075 AI Phishing: OTX Pulse Analysis — Enterprise Detection Pack
OTX pulses reveal Storm-3075 AI phishing, SilabRAT MaaS, and 4BID hacktivism. Detect stealers, RATs, and ProxyShell exploits.
Storm-3075 AI Phishing, SilabRAT MaaS, and 4BID ProxyShell Campaigns: OTX Pulse Analysis
Analysis of AI-themed credential theft, SilabRAT MaaS operations, and 4BID ProxyShell attacks targeting critical sectors.
Storm-3075 AI Phishing, SilabRAT MaaS & 4BID ProxyShell: OTX Pulse Analysis — Enterprise Detection Pack
Storm-3075 uses AI themes for Vidar/Lumma infections; SilabRAT MaaS targets crypto; 4BID exploits ProxyShell for Sliver C2 deployment.
Storm-3075 AI Impersonation & SilabRAT MaaS: OTX Pulse Analysis — Enterprise Detection Pack
Threat actors leverage AI-themed lures for Vidar/Lumma deployment while new SilabRAT MaaS targets crypto wallets. 4BID exploits ProxyShell.
AI-Hype Stealers & SilabRAT MaaS: OTX Pulse Analysis — Enterprise Detection Pack
Storm-3075 and o1oo1 exploiting AI trends with Vidar, Lumma, and SilabRAT. High urgency credential theft campaign.
SilabRAT MaaS & AI-Themed Infostealer Operations: Storm-3075 & o1oo1 Analysis
Emerging campaigns using AI-branded lures and SilabRAT to steal credentials/crypto. High urgency for Finance & Tech sectors.
AI-Themed Infostealer Surge: Storm-3075, TroyDen, and SilabRAT Campaign Analysis — Detection & Hunt Pack
Urgent: AI-themed campaigns deploying Lumma, Vidar, and SilabRAT. Storm-3075 and TroyDen targeting tech/finance. Includes detection rules.
AI-Themed Infostealers & 4BID ProxyShell Campaigns: Storm-3075, TroyDen, and 4BID OTX Analysis
Threat actors Storm-3075 and TroyDen leverage AI branding for Lumma/Vidar distribution; 4BID expands hacktivism via ProxyShell.
Storm-3075 AI Brand Impersonation & 4BID ProxyShell Attacks: OTX Pulse Intelligence Briefing
Storm-3075 abuses AI hype to spread Vidar/Lumma; 4BID exploits ProxyShell; TroyDen targets devs via GitHub. Detection engineering included.
Storm-3075 AI Hype, TroyDen GitHub Lures & 4BID ProxyShell: OTX Pulse Analysis — Enterprise Detection Pack
OTX pulses reveal Storm-3075 using AI brands for infostealing, TroyDen targeting devs, and 4BID exploiting ProxyShell. Immediate block recommended.
TroyDen Lure Factory & ClickFix RAT: OTX Pulse Analysis — Enterprise Detection Pack
AI-generated GitHub lures and job platform phishing delivering LuaJIT stealers & Python RATs. Immediate blocking required.
TroyDen & ClickFix Campaigns: AI-Generated Lures, Python RATs, and Multi-Vector Stealer Ecosystems
OTX detects surge in TroyDen and ClickFix campaigns using AI lures and job scams to deliver Redline, Lumma, and Python RATs.
TroyDen AI Lures & ClickFix RAT: OTX Analysis of Multi-Vector Malware Distribution
OTX Pulse Analysis: AI-generated GitHub lures (TroyDen) and job site phishing (ClickFix) deploying Python RATs and infostealers against developers.
Multi-Vector Infostealer Surge: TroyDen AI Lures, ClickFix RATs, and TDS Hijacking
Active campaigns distributing LummaStealer, Redline, and Python RATs via AI-generated lures, job scams, and traffic distribution systems. High urgency.
TroyDen AI Lures, ClickFix Python RATs, and SessionGate TDS: OTX Pulse Analysis
Active campaigns targeting devs via AI-generated GitHub lures, LinkedIn job scams delivering Python RATs, and SEO-poisoned dev tools.
ClickFix RAT, SEO Poisoning TDS & GriefLure APT: Multi-Vector Threat Landscape
Three distinct campaigns observed: ClickFix delivering Python RATs, SEO poisoning TDS spreading stealers, and APT spear-phishing targeting telcos.
ClickFix RAT, Malware TDS, & Operation GriefLure: OTX Pulse Analysis
Analysis of active ClickFix Python RAT delivery, SEO-poisoned TDS malware ecosystem, and APT GriefLure targeting military/healthcare sectors.
CastleLoader RAT, TDS Malware Distribution, and Operation GriefLure: OTX Pulse Analysis — Enterprise Detection Pack
Active OTX pulses reveal ClickFix RAT scams, TDS-based stealers, and APT GriefLure targeting SE Asia. Urgent detection required.
CastleLoader RAT, SessionGate TDS, and Gamaredon GammaSteel: OTX Pulse Analysis — Enterprise Detection Pack
Analysis of LinkedIn/Indeed phishing typosquatting, fake freeware TDS, and Gamaredon's GammaSteel targeting Ukraine.
ClickFix RAT, Malware TDS, and Gamaredon's GammaSteel: OTX Pulse Analysis — Enterprise Detection Pack
Active ClickFix campaigns delivering Python RATs, TDS ecosystems spreading stealers via SEO poisoning, and Gamaredon targeting Ukraine with GammaSteel.
Gamaredon GammaSteel, ClickFix RATs, and TDS Stealers: OTX Pulse Analysis — Enterprise Detection Pack
Active campaigns: Gamaredon GammaSteel targeting Ukraine, ClickFix Python RATs, and TDS-driven stealers. High urgency.
ClickFix Loaders, UAT-8302 APT Operations, and TDS Malware Ecosystems: OTX Pulse Analysis
Critical OTX analysis: ClickFix loaders delivering RATs, UAT-8302 targeting gov/telco, and TDS campaigns impersonating dev tools.
ClickFix, SEO Poisoning, and UAT-8302 APT Activity: OTX Pulse Analysis — Enterprise Detection Pack
ClickFix social engineering, SEO poisoning, and UAT-8302 APT targeting Gov/Telco. High urgency; detection pack inside.
ClickFix, LofyStealer & JINX-0164: Multi-Vector Social Engineering & Supply Chain Assaults — OTX Pulse Analysis
Active OTX pulses detail ClickFix clipboard hijacking, LofyStealer gaming malware, and JINX-0164 crypto-dev targeting. Critical detection guidance provided.
ClickFix, LofyStealer, and JINX-0164: OTX Pulse Analysis — Credential Theft & Supply Chain Attacks
Active campaigns involving ClickFix, LofyStealer, and JINX-0164 targeting general users, gamers, and crypto sectors via social engineering and supply chain attacks. High urgency.
ClickFix, LofyStealer, and JINX-0164: Multi-Vector Campaigns Targeting Developers and Gamers — OTX Intelligence Briefing
OTX Pulse Analysis: ClickFix, LofyStealer & JINX-0164 campaigns targeting crypto & gamers. High urgency. Block IOCs immediately.
ClickFix, LofyStealer, and JINX-0164: Social Engineering Drives RATs and Stealers
Active OTX pulses reveal social engineering campaigns (ClickFix, fake recruiters) deploying NetSupport RAT, LofyStealer, and crypto-targeting malware.
ClickFix, LofyStealer & JINX-0164: Multi-Vector Campaigns Targeting Developers & Gamers — OTX Pulse Analysis
Active campaigns: ClickFix (CastleLoader/NetSupport), LofyStealer (Minecraft), and JINX-0164 (Crypto Devs) detected via social engineering. High urgency.
ClickFix, LofyStealer & JINX-0164: OTX Pulse Analysis — Enterprise Detection Pack
Live OTX pulses reveal active campaigns by ClickFix, LofyGang, and JINX-0164 utilizing social engineering, fake utilities, and supply chain attacks to steal credentials and target crypto infrastructure.
ClickFix, LofyStealer & JINX-0164 Campaigns: OTX Pulse Analysis — Enterprise Detection Pack
Active campaigns utilizing ClickFix social engineering, Minecraft-targeted stealers, and crypto-dev supply chain attacks. High urgency.
ClickFix & JINX-0164: Multi-Platform RAT and Stealer Campaigns Targeting Endpoints
OTX Pulse Analysis: Active campaigns delivering NetSupport RAT, LofyStealer, and macOS backdoors via social engineering.
ClickFix, LofyStealer, and JINX-0164: Multi-Vector Social Engineering & Supply Chain Analysis — OTX Pulse Detection Pack
OTX pulses reveal active ClickFix, LofyStealer, and JINX-0164 campaigns targeting crypto and gamers via social engineering and supply chain.
ClickFix & JINX-0164 Campaigns: Multi-Vector Malware Delivery — OTX Pulse Analysis
Urgent: ClickFix, LofyStealer, and JINX-0164 targeting finance/tech via social engineering. Immediate IOCs and detection rules.
ClickFix, LofyStealer & JINX-0164: Multi-Vector Social Engineering & Supply Chain Attacks — OTX Pulse Analysis
Active campaigns featuring ClickFix RAT delivery, LofyStealer targeting gamers, and JINX-0164 supply chain attacks on crypto devs. Urgency: High.
LofyStealer, JINX-0164, and GHOST STADIUM: Multi-Vector Stealer Campaigns Targeting Gaming, Crypto, and Sports
OTX pulses reveal active infostealer campaigns targeting Minecraft players, crypto developers, and World Cup attendees. Block IOCs immediately.
LofyStealer & JINX-0164 Campaigns: OTX Pulse Analysis — Node.js & macOS Supply Chain Threats
Active infostealers (LofyStealer) & macOS supply chain attacks (JINX-0164) targeting gaming & crypto devs. High urgency.
TwizAdmin MaaS & JINX-0164 Supply Chain: OTX Pulse Analysis — Enterprise Detection Pack
Active crypto-stealing malware TwizAdmin and JINX-0164 targeting devs, alongside massive Middle East C2 expansion detected.
TwizAdmin MaaS & JINX-0164 Dev Targeting: Multi-Stage Crypto Theft & Regional C2 Surge Analysis
Urgent: Multi-stage crypto clippers (TwizAdmin) and dev-targeting supply chain attacks (JINX-0164) detected alongside massive Middle East C2 infrastructure growth.
TwizAdmin Ransomware & Ghost Stadium Phishing: OTX Pulse Analysis — Global C2 Infrastructure Alert
OTX detects TwizAdmin crypto-stealer, 1,350+ Middle East C2 servers, and FIFA World Cup phishing. Urgent IOC blocking required.
TwizAdmin Crypto-Clipper, Lazarus Mach-O Man & Middle East C2 Infrastructure: OTX Pulse Analysis — Enterprise Detection Pack
Active crypto-clipper campaigns & macOS malware from Lazarus Group targeting finance/tech. Critical urgency. 1,350+ C2 servers mapped.
Mach-O Man & TwizAdmin: Lazarus macOS Operations and Multi-Stage Crypto-Theft
Active Lazarus macOS ClickFix campaigns and DataBreachPlus crypto-clippers detected alongside massive Middle East C2 infrastructure abuse. Critical action required.
TwizAdmin MaaS & Lazarus Mach-O Man: Crypto Clipping, macOS ClickFix, and Middle East C2 Surge — Detection Pack
Active TwizAdmin MaaS and Lazarus macOS campaigns detected. Urgent hunting for crypto clippers, credential theft, and ClickFix vectors required.
TwizAdmin RaaS & Lazarus Mach-O Man: OTX Pulse Analysis — Multi-Stage Crypto Theft & macOS ClickFix
Urgent: TwizAdmin Crypto Clipper/RaaS and Lazarus Mach-O Man active. Credential theft, macOS targeting, and Middle East C2 expansion detected.
TwizAdmin MaaS & Lazarus Mach-O Man: OTX Pulse Analysis — Cross-Platform C2 & Credential Theft
Urgent: OTX data reveals active TwizAdmin MaaS operation & Lazarus Mach-O Man targeting Finance/Tech. High credential theft risk.
Lazarus Mach-O Man & TwizAdmin Operation: OTX Pulse Analysis — Multi-Platform Malware & C2 Infrastructure Surge
Lazarus macOS malware, TwizAdmin clipper, and massive Middle Eastern C2 infrastructure detected. High urgency.
Showing 50 of 125 reports. Archive expands automatically as new intel is generated.
Every APT & Nation-StateReport Includes SIGMA & KQL Detection Rules
Every intelligence briefing on this page includes at least one Sigma rule, a Microsoft Sentinel KQL hunt query, and an IOC check script — ready to drop into your SIEM. No paywall. No registration.