APT & Nation-State Intelligence
Advanced Persistent Threat intelligence tracking nation-state actors — Lazarus Group, Sandworm, Volt Typhoon, and others. Campaign TTPs, targeted sectors, and SIGMA/KQL detection rules.
APT & Nation-State — Archive & Latest
GIFTEDCROOK, Overlord & BRICKSTORM: OTX Pulse Analysis — Multi-Front APT Campaigns & Detection Pack
Russian, North Korean, and Chinese APTs target Ukraine, US Devs, and MSPs via WinRAR flaws, GitHub phishing, and edge device compromise.
Salat Stealer, UNK_MassTraction & Cavern Manticore: OTX Pulse Analysis — Multi-Vector APT Campaigns
Three active campaigns: Salat Stealer infostealer, UNK_MassTraction exploiting Roundcube in universities, and Iran-linked Cavern Manticore targeting Israel. High urgency.
OP-512 China-Linked Espionage + UNC3753 Targeted Campaigns: GhostKit, PlugX, Cobalt Strike, BazarLoader, TrickBot - OTX Pulse Analysis — Enterprise Detection Pack
China-linked OP-512 targets IIS with GhostKit; UNC3753 attacks US law firms with BazarLoader/TrickBot. HIGH PRIORITY threat intel.
MarkiRAT Surveillance Operations + Pink Vishing Campaign + Global Smishing Network: OTX Pulse Analysis — Enterprise Detection Pack
Iran's TAG-182 using MarkiRAT; Pink gang with vishing; massive smishing op. High urgency for global enterprises.
SessionGate, RemusStealer, PCPJack & APT37 Supply Chain: OTX Pulse Analysis — Enterprise Detection Pack
OTX detects large-scale open-source impersonation, cloud SMTP relays, and APT37 supply chain attacks targeting Yanbian.
Bumblebee Loader, The Gentlemen RaaS, and Ousaban: Multi-Vector OTX Pulse Analysis
Active campaigns delivering Akira via SEO poisoning, The Gentlemen RaaS exploiting VPNs, and Ousaban targeting Iberian banks.
Bumblebee Loader, The Gentlemen RaaS, and Ousaban: OTX Pulse Analysis — SEO Poisoning and Geofenced Banking Trojans
High-threat activity: SEO poisoning delivers Akira via Bumblebee; The Gentlemen RaaS exploits VPNs; Ousaban targets Iberia with geofenced phishing.
Bumblebee/Akira RaaS, The Gentlemen Backdoors, and Ousaban Banking Trojan: OTX Pulse Analysis — Enterprise Detection Pack
Severe RaaS and banking trojan campaigns detected via SEO poisoning and phishing. Urgency: High.
Bumblebee Loader, The Gentlemen RaaS, and JINX-0164: OTX Pulse Analysis — Supply Chain & SEO Poisoning Wave
SEO poisoning, supply chain attacks, and RaaS identified via Bumblebee, Akira, and JINX-0164. Critical urgency for crypto and enterprise sectors.
Multi-Vector RaaS and Supply Chain Attacks: Bumblebee, The Gentlemen, and JINX-0164 OTX Pulse Analysis
Urgent detection guidance for SEO poisoning, RaaS expansion via SharkLoader, and crypto supply chain attacks targeting dev infrastructure.
Triple Threat: Bumblebee→Akira SEO Poisoning, The Gentlemen RaaS Expansion, and JINX-0164 Crypto Supply Chain Attacks — OTX Pulse Analysis & Detection Engineering
Three active OTX campaigns detected: Bumblebee/Akira SEO poisoning, Gentlemen RaaS targeting 6 sectors, and JINX-0164 crypto supply chain attacks. High urgency.
Bumblebee→Akira SEO Poisoning, The Gentlemen RaaS Surge & JINX-0164 Crypto Supply Chain Attacks: OTX Pulse Intelligence Briefing
Three active campaigns detected: Bumblebee→Akira via SEO poisoning, The Gentlemen RaaS top-10 threat, JINX-0164 targeting crypto developers. Critical urgency.
Woodgnat Access Broker & JINX-0164 macOS Campaigns: Mistic, ModeloRAT, AUDIOFIX — OTX Detection Pack
OTX pulses reveal active campaigns: Woodgnat (Mistic/ModeloRAT) targeting EdTech/Insurance, JINX-0164 (AUDIOFIX) hitting Crypto devs, and Kimsuky (KimJongRAT) via GitHub.
Woodgnat, JINX-0164, and Kimsuky Campaigns: OTX Pulse Analysis — Mistic, AUDIOFIX, and KimJongRAT Detection Pack
Active threats: Woodgnat IAB deploys Mistic/ModeloRAT for ransomware; JINX-0164 targets crypto via LinkedIn; Kimsuky evolves KimJongRAT via GitHub.
Woodgnat IAB & Kimsuky Campaigns: Mistic Backdoor, JINX-0164 macOS RATs, and LOTS Abuse Analysis
Critical threats: Woodgnat's Mistic backdoor, JINX-0164's crypto-targeting macOS RATs, and Kimsuky's GitHub abuse detected. High urgency.
Woodgnat, JINX-0164 & Kimsuky: Multi-Front RAT Offensive (Mistic, AUDIOFIX, KimJongRAT)
OTX Pulse Analysis: Woodgnat, JINX-0164, and Kimsuky deploy Mistic, AUDIOFIX, and KimJongRAT via sideloading, supply chain, and GitHub abuse.
Woodgnat, JINX-0164, and Kimsuky Campaigns: Mistic, AUDIOFIX, and KimJongRAT Analysis
OTX analysis reveals IAB Woodgnat and APTs Kimsuky/JINX-0164 deploying Mistic, AUDIOFIX, and KimJongRAT via sideloading and GitHub.
Woodgnat Mistic Backdoor, JINX-0164 Crypto Supply Chain, Kimsuky KimJongRAT: OTX Pulse Analysis
OTX detects Woodgnat Mistic backdoor, JINX-0164 targeting crypto devs via macOS/Python, and Kimsuky's evolved KimJongRAT. Urgency: High.
Mistic Backdoor, KimJongRAT, and Besomar-Themed Supply Chain Attacks: OTX Pulse Analysis
Active campaigns: Woodgnat's Mistic backdoor, Kimsuky's KimJongRAT, and GhostShell's supply chain attack on UAVs. High urgency.
Woodgnat, Kimsuky & GhostShell: Mistic Backdoor, KimJongRAT & UAV Supply Chain Attack — OTX Pulse Analysis
Urgent: Woodgnat, Kimsuky, and GhostShell target sectors with Mistic backdoor, KimJongRAT, and Vidar via supply chain compromise.
Woodgnat IAB Operations & GhostShell UAV Attacks: Mistic Backdoor and Vidar Stealer Analysis
Woodgnat IAB deploys Mistic/ModeloRAT for ransomware; GhostShell targets Ukraine UAV supply chain with Vidar.
Woodgnat Access Broker & GhostShell Supply Chain: Mistic Backdoor, Vidar Stealer, and Middle East C2 Infrastructure
Active Woodgnat access brokering, GhostShell targeting Ukraine's UAV sector, and massive Middle East C2 expansion detected via OTX.
Mistic Backdoor & GhostShell UAV Attacks: OTX Pulse Analysis — Enterprise Detection Pack
Woodgnat's Mistic backdoor targeting insurance/tech sectors; GhostShell attacking Ukraine's UAV supply chain; Middle East C2 surge detected.
SocGholish Disruption & Okendo Supply Chain: Middle East C2 Network & RAT Surge — OTX Pulse Analysis
OTX pulses reveal widespread C2 infrastructure in the Middle East, the disruption of SocGholish fake updates, and a new Okendo supply chain attack delivering RATs.
Okendo Supply Chain & SocGholish Fake Updates: OTX Pulse Analysis — Enterprise Detection Pack
OTX pulses reveal SmartApeSG supply chain attack via Okendo widgets and SocGholish fake updates targeting critical sectors. High urgency.
SocGholish Disruption & Okendo Supply Chain: C2 Network Analysis — Enterprise Detection Pack
Active supply chain attacks via Okendo and SocGholish delivering NetSupport RAT and Remcos. Urgent: Block hostnames, hunt for malicious JS.
SocGholish Takedown, Okendo Supply Chain, and Middle East C2 Surge: OTX Pulse Analysis
Operation Endgame disrupts SocGholish; SmartApeSG compromises Okendo reviews; 1,350+ C2 servers found in Middle East. High urgency.
Operation Endgame & Middle East C2 Surge: SocGholish, SmartApeSG, and APT Infrastructure — Enterprise Detection Pack
OTX Pulse Alert: SocGholish infrastructure disrupted; Middle East C2 network mapped; Okendo widget supply chain attack. High urgency for retail & gov sectors.
SocGholish Disruption & Okendo Supply Chain: Fake Updates and Third-Party Widget Compromise
Urgent: Active supply chain attack on Okendo widget and TA569 SocGholish fake updates delivering RATs and stealers.
SocGholish Disruption & Okendo Supply Chain Attack: OTX Pulse Analysis — APT Infrastructure & RAT Detection
SocGholish disruption, Okendo supply chain compromise, and massive Middle East C2 infrastructure targeting energy/gov with RATs and botnets.
SocGholish Takedown, Okendo Supply Chain & Middle East C2 Expansion: OTX Pulse Analysis
SocGholish disruption, Okendo widget compromise, and massive Middle East C2 activity. High urgency for Retail and Energy.
SocGholish Fake Updates & Okendo Supply Chain: OTX Pulse Analysis — Enterprise Detection Pack
Active campaigns using SocGholish fake updates and Okendo widget compromise to deliver NetSupport RAT and exploit massive Middle East C2 infrastructure.
SocGholish Disruption & Okendo Supply Chain: C2 Infrastructure and RAT Loader Analysis
OTX pulses reveal massive Middle East C2 expansion, SocGholish fake updates, and Okendo widget compromise delivering NetSupport RAT.
SocGholish Disruption, INC RaaS Evolution, and Okendo Supply Chain Compromise: OTX Pulse Analysis
Analysis of SocGholish takedown, INC Rust-based RaaS, and Okendo JS injection. Critical supply chain and fake update threats targeting Gov/Finance/Retail.
SocGholish Takedown, INC Ransomware Evolution & Okendo Supply Chain Attack: OTX Pulse Analysis — Enterprise Detection Pack
Multi-pronged threat: SocGholish disruption, INC ransomware growth, Okendo supply chain attack targeting key sectors. HIGH URGENCY.
Operation Endgame Disruption, INC Ransomware Evolution, and Okendo Supply Chain Compromise: OTX Pulse Analysis
SocGholish TDS disrupted by law enforcement; INC ransomware rises with Rust payloads; Okendo widget hijacked to deliver RATs and stealers.
Operation Endgame Aftermath: SocGholish, INC Ransomware, and Okendo Supply Chain Analysis
Disruption of GOLD PRELUDE, INC Ransomware Rust evolution, and SmartApeSG supply chain tactics analyzed via OTX.
INC RaaS Rust Encryption, SocGholish Disruption, and Okendo Supply Chain Attack: OTX Pulse Analysis
Urgent analysis of INC RaaS expansion, SocGholish infrastructure takedown, and SmartApeSG's Okendo widget supply chain compromise.
Interlock, Rhysida & INC Ransomware Ecosystems + AI-Driven ClickFix: OTX Pulse Analysis
OTX pulses reveal Interlock/Rhysida ops, INC ransomware expansion, and AI-powered ClickFix SmartRAT campaigns. High urgency.
Interlock & Rhysida Ransomware Ecosystem + INC RaaS & AI-Driven ClickFix: OTX Pulse Analysis
OTX pulses reveal active Interlock/Rhysida operations, INC RaaS evolution, and AI-powered ClickFix campaigns targeting finance.
Rhysida, DragonForce & ShinyHunters: Multi-Vector Ransomware & Extortion Campaigns — OTX Pulse Analysis
Active ransomware operations by Rhysida, DragonForce, and ShinyHunters target US sectors via zero-days and trusted app abuse.
Interlock, DragonForce & UAT-8616: OTX Pulse Analysis — Ransomware & C2 Evasion Tactics
Hive0163 & Rhysida ransomware, DragonForce Teams C2, & UAT-8616 SD-WAN exploits. Critical action required for enterprise defense.
Hive0163 Interlock, UAT-8616 SD-WAN & ShinyHunters Zero-Day: Multi-Vector OTX Analysis
OTX tracks active campaigns: Rhysida ransomware, Cisco SD-WAN exploitation, and Oracle PeopleSoft zero-day attacks. High urgency.
Hive0163 InterlockRAT, UAT-8616 SD-WAN, & UNC6240 ShinyHunters: OTX Pulse Analysis — Enterprise Detection Pack
Active exploitation of SD-WAN & Oracle PeopleSoft; Interlock/Rhysida ransomware surge. Critical CVEs targeted. Immediate action required.
Interlock, Rhysida, and ShinyHunters: Zero-Day Exploitation & RaaS Operations — OTX Pulse Analysis
Critical zero-days in Oracle PeopleSoft and Cisco SD-WAN under active exploitation alongside Interlock/Rhysida ransomware targeting US sectors.
Storm-3075 AI Impersonation & UAT-8616 SD-WAN Exploitation: SilabRAT, Vidar, and Cisco Breaches
Active exploitation of Cisco SD-WAN (CVE-2026-20128) and AI-themed campaigns delivering Vidar/SilabRAT. Urgent detection required.
Storm-3075 AI Impersonation & SilabRAT MaaS Campaign: Multi-Vector Threat Analysis
AI-themed phishing, credential theft via Vidar/Lumma, and SilabRAT RAT targeting enterprise credentials. CRITICAL urgency.
AI Social Engineering, SD-WAN Exploitation, and SilabRAT MaaS: OTX Pulse Analysis
Urgent: Active AI-themed phishing delivering Vidar/Lumma, Cisco SD-WAN exploits (UAT-8616), and SilabRAT MaaS detected. Block IOCs.
Storm-3075 AI Phishing & SilabRAT MaaS: OTX Pulse Analysis — Enterprise Detection Pack
High urgency: Storm-3075 AI phishing, UAT-8616 Cisco SD-WAN exploitation, and SilabRAT MaaS detected. Actionable IOC pack.
Storm-3075 AI-Themed Social Engineering & 4BID ProxyShell Exploitation: OTX Pulse Intelligence — Enterprise Detection Pack
Storm-3075 & 4BID campaigns: AI phishing & ProxyShell attacks. Urgent: Hunt for Vidar, SilabRAT, Sliver, Lumma Stealer IOCs across enterprise.
Showing 50 of 170 reports. Archive expands automatically as new intel is generated.
Every APT & Nation-StateReport Includes SIGMA & KQL Detection Rules
Every intelligence briefing on this page includes at least one Sigma rule, a Microsoft Sentinel KQL hunt query, and an IOC check script — ready to drop into your SIEM. No paywall. No registration.