Dark Side Intelligence Category

APT & Nation-State Intelligence

Advanced Persistent Threat intelligence tracking nation-state actors — Lazarus Group, Sandworm, Volt Typhoon, and others. Campaign TTPs, targeted sectors, and SIGMA/KQL detection rules.

170 reports availableRefreshed every 5 minutes

APT & Nation-State — Archive & Latest

50 reports loaded
APT & Nation-State

GIFTEDCROOK, Overlord & BRICKSTORM: OTX Pulse Analysis — Multi-Front APT Campaigns & Detection Pack

Russian, North Korean, and Chinese APTs target Ukraine, US Devs, and MSPs via WinRAR flaws, GitHub phishing, and edge device compromise.

Jul 8, 2026
Read →
APT & Nation-State

Salat Stealer, UNK_MassTraction & Cavern Manticore: OTX Pulse Analysis — Multi-Vector APT Campaigns

Three active campaigns: Salat Stealer infostealer, UNK_MassTraction exploiting Roundcube in universities, and Iran-linked Cavern Manticore targeting Israel. High urgency.

Jul 7, 2026
Read →
APT & Nation-State

OP-512 China-Linked Espionage + UNC3753 Targeted Campaigns: GhostKit, PlugX, Cobalt Strike, BazarLoader, TrickBot - OTX Pulse Analysis — Enterprise Detection Pack

China-linked OP-512 targets IIS with GhostKit; UNC3753 attacks US law firms with BazarLoader/TrickBot. HIGH PRIORITY threat intel.

Jul 5, 2026
Read →
APT & Nation-State

MarkiRAT Surveillance Operations + Pink Vishing Campaign + Global Smishing Network: OTX Pulse Analysis — Enterprise Detection Pack

Iran's TAG-182 using MarkiRAT; Pink gang with vishing; massive smishing op. High urgency for global enterprises.

Jul 4, 2026
Read →
APT & Nation-State

SessionGate, RemusStealer, PCPJack & APT37 Supply Chain: OTX Pulse Analysis — Enterprise Detection Pack

OTX detects large-scale open-source impersonation, cloud SMTP relays, and APT37 supply chain attacks targeting Yanbian.

Jul 3, 2026
Read →
APT & Nation-State

Bumblebee Loader, The Gentlemen RaaS, and Ousaban: Multi-Vector OTX Pulse Analysis

Active campaigns delivering Akira via SEO poisoning, The Gentlemen RaaS exploiting VPNs, and Ousaban targeting Iberian banks.

Jul 2, 2026
Read →
APT & Nation-State

Bumblebee Loader, The Gentlemen RaaS, and Ousaban: OTX Pulse Analysis — SEO Poisoning and Geofenced Banking Trojans

High-threat activity: SEO poisoning delivers Akira via Bumblebee; The Gentlemen RaaS exploits VPNs; Ousaban targets Iberia with geofenced phishing.

Jul 2, 2026
Read →
APT & Nation-State

Bumblebee/Akira RaaS, The Gentlemen Backdoors, and Ousaban Banking Trojan: OTX Pulse Analysis — Enterprise Detection Pack

Severe RaaS and banking trojan campaigns detected via SEO poisoning and phishing. Urgency: High.

Jul 2, 2026
Read →
APT & Nation-State

Bumblebee Loader, The Gentlemen RaaS, and JINX-0164: OTX Pulse Analysis — Supply Chain & SEO Poisoning Wave

SEO poisoning, supply chain attacks, and RaaS identified via Bumblebee, Akira, and JINX-0164. Critical urgency for crypto and enterprise sectors.

Jul 1, 2026
Read →
APT & Nation-State

Multi-Vector RaaS and Supply Chain Attacks: Bumblebee, The Gentlemen, and JINX-0164 OTX Pulse Analysis

Urgent detection guidance for SEO poisoning, RaaS expansion via SharkLoader, and crypto supply chain attacks targeting dev infrastructure.

Jun 30, 2026
Read →
APT & Nation-State

Triple Threat: Bumblebee→Akira SEO Poisoning, The Gentlemen RaaS Expansion, and JINX-0164 Crypto Supply Chain Attacks — OTX Pulse Analysis & Detection Engineering

Three active OTX campaigns detected: Bumblebee/Akira SEO poisoning, Gentlemen RaaS targeting 6 sectors, and JINX-0164 crypto supply chain attacks. High urgency.

Jun 30, 2026
Read →
APT & Nation-State

Bumblebee→Akira SEO Poisoning, The Gentlemen RaaS Surge & JINX-0164 Crypto Supply Chain Attacks: OTX Pulse Intelligence Briefing

Three active campaigns detected: Bumblebee→Akira via SEO poisoning, The Gentlemen RaaS top-10 threat, JINX-0164 targeting crypto developers. Critical urgency.

Jun 30, 2026
Read →
APT & Nation-State

Woodgnat Access Broker & JINX-0164 macOS Campaigns: Mistic, ModeloRAT, AUDIOFIX — OTX Detection Pack

OTX pulses reveal active campaigns: Woodgnat (Mistic/ModeloRAT) targeting EdTech/Insurance, JINX-0164 (AUDIOFIX) hitting Crypto devs, and Kimsuky (KimJongRAT) via GitHub.

Jun 29, 2026
Read →
APT & Nation-State

Woodgnat, JINX-0164, and Kimsuky Campaigns: OTX Pulse Analysis — Mistic, AUDIOFIX, and KimJongRAT Detection Pack

Active threats: Woodgnat IAB deploys Mistic/ModeloRAT for ransomware; JINX-0164 targets crypto via LinkedIn; Kimsuky evolves KimJongRAT via GitHub.

Jun 29, 2026
Read →
APT & Nation-State

Woodgnat IAB & Kimsuky Campaigns: Mistic Backdoor, JINX-0164 macOS RATs, and LOTS Abuse Analysis

Critical threats: Woodgnat's Mistic backdoor, JINX-0164's crypto-targeting macOS RATs, and Kimsuky's GitHub abuse detected. High urgency.

Jun 29, 2026
Read →
APT & Nation-State

Woodgnat, JINX-0164 & Kimsuky: Multi-Front RAT Offensive (Mistic, AUDIOFIX, KimJongRAT)

OTX Pulse Analysis: Woodgnat, JINX-0164, and Kimsuky deploy Mistic, AUDIOFIX, and KimJongRAT via sideloading, supply chain, and GitHub abuse.

Jun 28, 2026
Read →
APT & Nation-State

Woodgnat, JINX-0164, and Kimsuky Campaigns: Mistic, AUDIOFIX, and KimJongRAT Analysis

OTX analysis reveals IAB Woodgnat and APTs Kimsuky/JINX-0164 deploying Mistic, AUDIOFIX, and KimJongRAT via sideloading and GitHub.

Jun 27, 2026
Read →
APT & Nation-State

Woodgnat Mistic Backdoor, JINX-0164 Crypto Supply Chain, Kimsuky KimJongRAT: OTX Pulse Analysis

OTX detects Woodgnat Mistic backdoor, JINX-0164 targeting crypto devs via macOS/Python, and Kimsuky's evolved KimJongRAT. Urgency: High.

Jun 27, 2026
Read →
APT & Nation-State

Mistic Backdoor, KimJongRAT, and Besomar-Themed Supply Chain Attacks: OTX Pulse Analysis

Active campaigns: Woodgnat's Mistic backdoor, Kimsuky's KimJongRAT, and GhostShell's supply chain attack on UAVs. High urgency.

Jun 26, 2026
Read →
APT & Nation-State

Woodgnat, Kimsuky & GhostShell: Mistic Backdoor, KimJongRAT & UAV Supply Chain Attack — OTX Pulse Analysis

Urgent: Woodgnat, Kimsuky, and GhostShell target sectors with Mistic backdoor, KimJongRAT, and Vidar via supply chain compromise.

Jun 26, 2026
Read →
APT & Nation-State

Woodgnat IAB Operations & GhostShell UAV Attacks: Mistic Backdoor and Vidar Stealer Analysis

Woodgnat IAB deploys Mistic/ModeloRAT for ransomware; GhostShell targets Ukraine UAV supply chain with Vidar.

Jun 25, 2026
Read →
APT & Nation-State

Woodgnat Access Broker & GhostShell Supply Chain: Mistic Backdoor, Vidar Stealer, and Middle East C2 Infrastructure

Active Woodgnat access brokering, GhostShell targeting Ukraine's UAV sector, and massive Middle East C2 expansion detected via OTX.

Jun 24, 2026
Read →
APT & Nation-State

Mistic Backdoor & GhostShell UAV Attacks: OTX Pulse Analysis — Enterprise Detection Pack

Woodgnat's Mistic backdoor targeting insurance/tech sectors; GhostShell attacking Ukraine's UAV supply chain; Middle East C2 surge detected.

Jun 24, 2026
Read →
APT & Nation-State

SocGholish Disruption & Okendo Supply Chain: Middle East C2 Network & RAT Surge — OTX Pulse Analysis

OTX pulses reveal widespread C2 infrastructure in the Middle East, the disruption of SocGholish fake updates, and a new Okendo supply chain attack delivering RATs.

Jun 23, 2026
Read →
APT & Nation-State

Okendo Supply Chain & SocGholish Fake Updates: OTX Pulse Analysis — Enterprise Detection Pack

OTX pulses reveal SmartApeSG supply chain attack via Okendo widgets and SocGholish fake updates targeting critical sectors. High urgency.

Jun 23, 2026
Read →
APT & Nation-State

SocGholish Disruption & Okendo Supply Chain: C2 Network Analysis — Enterprise Detection Pack

Active supply chain attacks via Okendo and SocGholish delivering NetSupport RAT and Remcos. Urgent: Block hostnames, hunt for malicious JS.

Jun 23, 2026
Read →
APT & Nation-State

SocGholish Takedown, Okendo Supply Chain, and Middle East C2 Surge: OTX Pulse Analysis

Operation Endgame disrupts SocGholish; SmartApeSG compromises Okendo reviews; 1,350+ C2 servers found in Middle East. High urgency.

Jun 22, 2026
Read →
APT & Nation-State

Operation Endgame & Middle East C2 Surge: SocGholish, SmartApeSG, and APT Infrastructure — Enterprise Detection Pack

OTX Pulse Alert: SocGholish infrastructure disrupted; Middle East C2 network mapped; Okendo widget supply chain attack. High urgency for retail & gov sectors.

Jun 22, 2026
Read →
APT & Nation-State

SocGholish Disruption & Okendo Supply Chain: Fake Updates and Third-Party Widget Compromise

Urgent: Active supply chain attack on Okendo widget and TA569 SocGholish fake updates delivering RATs and stealers.

Jun 22, 2026
Read →
APT & Nation-State

SocGholish Disruption & Okendo Supply Chain Attack: OTX Pulse Analysis — APT Infrastructure & RAT Detection

SocGholish disruption, Okendo supply chain compromise, and massive Middle East C2 infrastructure targeting energy/gov with RATs and botnets.

Jun 21, 2026
Read →
APT & Nation-State

SocGholish Takedown, Okendo Supply Chain & Middle East C2 Expansion: OTX Pulse Analysis

SocGholish disruption, Okendo widget compromise, and massive Middle East C2 activity. High urgency for Retail and Energy.

Jun 21, 2026
Read →
APT & Nation-State

SocGholish Fake Updates & Okendo Supply Chain: OTX Pulse Analysis — Enterprise Detection Pack

Active campaigns using SocGholish fake updates and Okendo widget compromise to deliver NetSupport RAT and exploit massive Middle East C2 infrastructure.

Jun 21, 2026
Read →
APT & Nation-State

SocGholish Disruption & Okendo Supply Chain: C2 Infrastructure and RAT Loader Analysis

OTX pulses reveal massive Middle East C2 expansion, SocGholish fake updates, and Okendo widget compromise delivering NetSupport RAT.

Jun 20, 2026
Read →
APT & Nation-State

SocGholish Disruption, INC RaaS Evolution, and Okendo Supply Chain Compromise: OTX Pulse Analysis

Analysis of SocGholish takedown, INC Rust-based RaaS, and Okendo JS injection. Critical supply chain and fake update threats targeting Gov/Finance/Retail.

Jun 20, 2026
Read →
APT & Nation-State

SocGholish Takedown, INC Ransomware Evolution & Okendo Supply Chain Attack: OTX Pulse Analysis — Enterprise Detection Pack

Multi-pronged threat: SocGholish disruption, INC ransomware growth, Okendo supply chain attack targeting key sectors. HIGH URGENCY.

Jun 20, 2026
Read →
APT & Nation-State

Operation Endgame Disruption, INC Ransomware Evolution, and Okendo Supply Chain Compromise: OTX Pulse Analysis

SocGholish TDS disrupted by law enforcement; INC ransomware rises with Rust payloads; Okendo widget hijacked to deliver RATs and stealers.

Jun 19, 2026
Read →
APT & Nation-State

Operation Endgame Aftermath: SocGholish, INC Ransomware, and Okendo Supply Chain Analysis

Disruption of GOLD PRELUDE, INC Ransomware Rust evolution, and SmartApeSG supply chain tactics analyzed via OTX.

Jun 19, 2026
Read →
APT & Nation-State

INC RaaS Rust Encryption, SocGholish Disruption, and Okendo Supply Chain Attack: OTX Pulse Analysis

Urgent analysis of INC RaaS expansion, SocGholish infrastructure takedown, and SmartApeSG's Okendo widget supply chain compromise.

Jun 18, 2026
Read →
APT & Nation-State

Interlock, Rhysida & INC Ransomware Ecosystems + AI-Driven ClickFix: OTX Pulse Analysis

OTX pulses reveal Interlock/Rhysida ops, INC ransomware expansion, and AI-powered ClickFix SmartRAT campaigns. High urgency.

Jun 18, 2026
Read →
APT & Nation-State

Interlock & Rhysida Ransomware Ecosystem + INC RaaS & AI-Driven ClickFix: OTX Pulse Analysis

OTX pulses reveal active Interlock/Rhysida operations, INC RaaS evolution, and AI-powered ClickFix campaigns targeting finance.

Jun 17, 2026
Read →
APT & Nation-State

Rhysida, DragonForce & ShinyHunters: Multi-Vector Ransomware & Extortion Campaigns — OTX Pulse Analysis

Active ransomware operations by Rhysida, DragonForce, and ShinyHunters target US sectors via zero-days and trusted app abuse.

Jun 17, 2026
Read →
APT & Nation-State

Interlock, DragonForce & UAT-8616: OTX Pulse Analysis — Ransomware & C2 Evasion Tactics

Hive0163 & Rhysida ransomware, DragonForce Teams C2, & UAT-8616 SD-WAN exploits. Critical action required for enterprise defense.

Jun 16, 2026
Read →
APT & Nation-State

Hive0163 Interlock, UAT-8616 SD-WAN & ShinyHunters Zero-Day: Multi-Vector OTX Analysis

OTX tracks active campaigns: Rhysida ransomware, Cisco SD-WAN exploitation, and Oracle PeopleSoft zero-day attacks. High urgency.

Jun 16, 2026
Read →
APT & Nation-State

Hive0163 InterlockRAT, UAT-8616 SD-WAN, & UNC6240 ShinyHunters: OTX Pulse Analysis — Enterprise Detection Pack

Active exploitation of SD-WAN & Oracle PeopleSoft; Interlock/Rhysida ransomware surge. Critical CVEs targeted. Immediate action required.

Jun 15, 2026
Read →
APT & Nation-State

Interlock, Rhysida, and ShinyHunters: Zero-Day Exploitation & RaaS Operations — OTX Pulse Analysis

Critical zero-days in Oracle PeopleSoft and Cisco SD-WAN under active exploitation alongside Interlock/Rhysida ransomware targeting US sectors.

Jun 15, 2026
Read →
APT & Nation-State

Storm-3075 AI Impersonation & UAT-8616 SD-WAN Exploitation: SilabRAT, Vidar, and Cisco Breaches

Active exploitation of Cisco SD-WAN (CVE-2026-20128) and AI-themed campaigns delivering Vidar/SilabRAT. Urgent detection required.

Jun 14, 2026
Read →
APT & Nation-State

Storm-3075 AI Impersonation & SilabRAT MaaS Campaign: Multi-Vector Threat Analysis

AI-themed phishing, credential theft via Vidar/Lumma, and SilabRAT RAT targeting enterprise credentials. CRITICAL urgency.

Jun 14, 2026
Read →
APT & Nation-State

AI Social Engineering, SD-WAN Exploitation, and SilabRAT MaaS: OTX Pulse Analysis

Urgent: Active AI-themed phishing delivering Vidar/Lumma, Cisco SD-WAN exploits (UAT-8616), and SilabRAT MaaS detected. Block IOCs.

Jun 13, 2026
Read →
APT & Nation-State

Storm-3075 AI Phishing & SilabRAT MaaS: OTX Pulse Analysis — Enterprise Detection Pack

High urgency: Storm-3075 AI phishing, UAT-8616 Cisco SD-WAN exploitation, and SilabRAT MaaS detected. Actionable IOC pack.

Jun 13, 2026
Read →
APT & Nation-State

Storm-3075 AI-Themed Social Engineering & 4BID ProxyShell Exploitation: OTX Pulse Intelligence — Enterprise Detection Pack

Storm-3075 & 4BID campaigns: AI phishing & ProxyShell attacks. Urgent: Hunt for Vidar, SilabRAT, Sliver, Lumma Stealer IOCs across enterprise.

Jun 12, 2026
Read →

Showing 50 of 170 reports. Archive expands automatically as new intel is generated.

Free Detection Rules Included

Every APT & Nation-StateReport Includes SIGMA & KQL Detection Rules

Every intelligence briefing on this page includes at least one Sigma rule, a Microsoft Sentinel KQL hunt query, and an IOC check script — ready to drop into your SIEM. No paywall. No registration.