// 01Executive summary
Multiple APT groups are actively engaged in cyber campaigns, employing diverse initial access vectors and malware. Silver Fox APT is using spear-phishing with Gh0stCringe/HoldingHands RATs against Taiwanese government and technology sectors. Affiliates of former Black Basta are leveraging Teams phishing and vishing with Rust-based loaders and QDoor against finance and construction sectors. APT28 is compromising Ukrainian entities via Signal messaging, deploying SlimAgent for data exfiltration. Additionally, Fog ransomware and PathWiper are active, while Iranian APTs are using advanced techniques like registry tampering and credential reuse globally.
// 02Key metrics
// ttps
8
ATT&CK techniques
// iocs
3
indicators
// actors
5
threat groups
// kwords
10
keywords
// 03MITRE ATT&CK
// 04Threat actors
// 05Indicators of compromise
// ips0
none
// domains2
- former-black-basta-members-use.html
- security.com
// urls1
- https://www.security.com/threat-intelligence/fog-ransomware-attack
// sha2560
none
// md50
none
// emails0
none
// cves0
none
// 06Geographic coverage
// 07YARA rule
// Failed to generate YARA rule
// 08Keywords
{'keyword': '2025', 'score': 4.791}
{'keyword': 'malware', 'score': 4.1962}
{'keyword': 'threat', 'score': 3.8246}
{'keyword': 'group', 'score': 3.8194}
{'keyword': 'phishing', 'score': 3.811}
{'keyword': 'ransomware', 'score': 3.6496}
{'keyword': 'data', 'score': 3.5871}
{'keyword': 'attacks', 'score': 3.1762}
{'keyword': 'based', 'score': 3.1589}
{'keyword': 'persistence', 'score': 3.1421}