<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"><channel><title>Samit Hota — Adversary Profiles</title><description>Profiles of documented threat actor groups — attribution, tactics, techniques, and known campaigns.</description><link>https://samithota.com/</link><item><title>[High] Strider (ProjectSauron): A Profile of a Sophisticated Cyber Espionage Group</title><link>https://samithota.com/adversaries/g0041-strider/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0041-strider/</guid><description>An in-depth profile of Strider (G0041), also known as ProjectSauron, a highly sophisticated, likely nation-state sponsored cyber espionage group.</description><pubDate>Sat, 18 Jul 2026 09:13:56 GMT</pubDate><category>High</category><category>Dormant</category><category>threat-actor</category><category>g0041</category><author>Samit Hota</author></item><item><title>[High] Storm-1811: Financially Motivated Ransomware Affiliate</title><link>https://samithota.com/adversaries/g1046-storm-1811/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1046-storm-1811/</guid><description>Storm-1811 (G1046) is an active, financially motivated threat actor known for sophisticated social engineering, leading to Black Basta ransomware deployment.</description><pubDate>Sat, 18 Jul 2026 09:13:30 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g1046</category><author>Samit Hota</author></item><item><title>[High] Storm-0501: An Evolving Hybrid Cloud Ransomware Threat</title><link>https://samithota.com/adversaries/g1053-storm-0501/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1053-storm-0501/</guid><description>Storm-0501, a financially motivated group active since 2021, has evolved from traditional ransomware to sophisticated hybrid and cloud-native attacks.</description><pubDate>Sat, 18 Jul 2026 09:13:05 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g1053</category><author>Samit Hota</author></item><item><title>[High] Stealth Falcon: A Persistent Espionage Threat</title><link>https://samithota.com/adversaries/g0038-stealth-falcon/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0038-stealth-falcon/</guid><description>Stealth Falcon (G0038) is an active APT group, linked to the UAE government, conducting cyber espionage against targets in the Middle East and Africa.</description><pubDate>Sat, 18 Jul 2026 09:12:35 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0038</category><author>Samit Hota</author></item><item><title>[High] Star Blizzard: Russia&apos;s Persistent Cyber Espionage Engine</title><link>https://samithota.com/adversaries/g1033-star-blizzard/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1033-star-blizzard/</guid><description>Star Blizzard, a highly active Russian state-sponsored cyber espionage group, employs sophisticated spear-phishing and social engineering to target critical…</description><pubDate>Sat, 18 Jul 2026 09:12:22 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g1033</category><author>Samit Hota</author></item><item><title>[High] Sowbug (G0054) Threat Profile: Cyber Espionage in South America &amp; Southeast Asia</title><link>https://samithota.com/adversaries/g0054-sowbug/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0054-sowbug/</guid><description>Sowbug (G0054) is a sophisticated cyber espionage group targeting government entities in South America and Southeast Asia, active since at least 2015.</description><pubDate>Sat, 18 Jul 2026 09:11:51 GMT</pubDate><category>High</category><category>Unknown</category><category>threat-actor</category><category>g0054</category><author>Samit Hota</author></item><item><title>[High] Nigerian BEC Syndicate: SilverTerrier (G0083) Threat Profile</title><link>https://samithota.com/adversaries/g0083-silverterrier/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0083-silverterrier/</guid><description>A detailed security profile of SilverTerrier (G0083), a Nigerian cybercrime group specializing in sophisticated Business Email Compromise (BEC) scams.</description><pubDate>Sat, 18 Jul 2026 09:11:29 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0083</category><author>Samit Hota</author></item><item><title>[High] Silent Librarian: Iran&apos;s Relentless Academic Espionage Arm</title><link>https://samithota.com/adversaries/g0122-silent-librarian/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0122-silent-librarian/</guid><description>Silent Librarian (G0122) is an Iranian state-sponsored APT group focused on intellectual property theft from academic and research institutions worldwide.</description><pubDate>Sat, 18 Jul 2026 09:11:10 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0122</category><author>Samit Hota</author></item><item><title>[High] Silence (G0091): A Persistent Financial Threat to Global Banking</title><link>https://samithota.com/adversaries/g0091-silence/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0091-silence/</guid><description>Profile of Silence (G0091), a financially motivated threat actor targeting financial institutions worldwide with sophisticated tactics.</description><pubDate>Sat, 18 Jul 2026 09:10:47 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0091</category><author>Samit Hota</author></item><item><title>[High] Sidewinder (G0121): Agile Cyber-Espionage Targeting Critical Sectors</title><link>https://samithota.com/adversaries/g0121-sidewinder/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0121-sidewinder/</guid><description>SideWinder is a sophisticated, India-linked APT group active since 2012, primarily conducting cyber-espionage against South Asian governmental, military, and…</description><pubDate>Sat, 18 Jul 2026 09:10:24 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0121</category><author>Samit Hota</author></item><item><title>[High] Scarlet Mimic (G0029): Persistent Cyber Espionage Against Activists</title><link>https://samithota.com/adversaries/g0029-scarlet-mimic/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0029-scarlet-mimic/</guid><description>Scarlet Mimic is an espionage threat group known for targeting minority rights activists and related government entities, notably using custom malware for…</description><pubDate>Sat, 18 Jul 2026 05:11:02 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0029</category><author>Samit Hota</author></item><item><title>[Critical] Salt Typhoon (G1045): Persistent PRC State-Backed Espionage Threat</title><link>https://samithota.com/adversaries/g1045-salt-typhoon/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1045-salt-typhoon/</guid><description>Salt Typhoon (G1045) is a highly sophisticated, PRC state-backed APT group conducting extensive cyber espionage and pre-positioning in global critical…</description><pubDate>Fri, 17 Jul 2026 18:36:50 GMT</pubDate><category>Critical</category><category>Active</category><category>threat-actor</category><category>g1045</category><author>Samit Hota</author></item><item><title>[High] SideCopy Threat Actor Profile: Persistent Espionage in South Asia</title><link>https://samithota.com/adversaries/g1008-sidecopy/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1008-sidecopy/</guid><description>A detailed security professional&apos;s profile of SideCopy (G1008), a Pakistan-linked threat group known for persistent cyber espionage against South Asian…</description><pubDate>Fri, 17 Jul 2026 14:17:35 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g1008</category><author>Samit Hota</author></item><item><title>[High] Sea Turtle (G1041): Persistent State-Aligned Espionage</title><link>https://samithota.com/adversaries/g1041-sea-turtle/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1041-sea-turtle/</guid><description>Profile of Sea Turtle (G1041), a Türkiye-linked APT focused on espionage via DNS hijacking, vulnerability exploitation, and cloud compromise.</description><pubDate>Fri, 17 Jul 2026 14:17:06 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g1041</category><author>Samit Hota</author></item><item><title>[High] Scattered Spider: Masters of Deception and Identity Abuse</title><link>https://samithota.com/adversaries/g1015-scattered-spider/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1015-scattered-spider/</guid><description>Scattered Spider is a financially motivated, native English-speaking cybercriminal group known for sophisticated social engineering, identity-based attacks,…</description><pubDate>Fri, 17 Jul 2026 14:16:40 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g1015</category><author>Samit Hota</author></item><item><title>[High] Rocke (G0106): Evolution of a Persistent Cryptojacking Adversary</title><link>https://samithota.com/adversaries/g0106-rocke/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0106-rocke/</guid><description>Profile of Rocke (G0106), a Chinese-speaking threat actor focused on cryptojacking, its evolving tactics, tools, and persistent operations.</description><pubDate>Fri, 17 Jul 2026 14:15:33 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0106</category><author>Samit Hota</author></item><item><title>[High] RedCurl: Espionage Evolving, Ransomware Emerging</title><link>https://samithota.com/adversaries/g1039-redcurl/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1039-redcurl/</guid><description>RedCurl (G1039) is a Russian-speaking threat actor initially focused on corporate espionage, recently evolving to deploy novel QWCrypt ransomware in targeted…</description><pubDate>Fri, 17 Jul 2026 14:15:05 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g1039</category><author>Samit Hota</author></item><item><title>[Critical] Sandworm Team (G0034) Threat Profile: Russia&apos;s Destructive Cyber Arm</title><link>https://samithota.com/adversaries/g0034-sandworm-team/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0034-sandworm-team/</guid><description>A deep dive into Sandworm Team (APT44), a highly destructive Russian GRU-backed cyber threat actor known for targeting critical infrastructure and global…</description><pubDate>Fri, 17 Jul 2026 09:32:28 GMT</pubDate><category>Critical</category><category>Active</category><category>threat-actor</category><category>g0034</category><author>Samit Hota</author></item><item><title>[High] Saint Bear (G1031): Russian-Nexus Threat Actor Profile</title><link>https://samithota.com/adversaries/g1031-saint-bear/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1031-saint-bear/</guid><description>Saint Bear (G1031) is a Russian-nexus threat actor active since early 2021, primarily conducting cyber espionage against Ukraine and Georgia using custom…</description><pubDate>Fri, 17 Jul 2026 09:31:43 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g1031</category><author>Samit Hota</author></item><item><title>[High] RTM (G0048): A Financially Motivated Cybercriminal Evolution</title><link>https://samithota.com/adversaries/g0048-rtm/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0048-rtm/</guid><description>RTM is a long-standing cybercriminal group, initially focused on banking Trojans, that has evolved into a Ransomware-as-a-Service provider, targeting…</description><pubDate>Fri, 17 Jul 2026 09:31:09 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0048</category><author>Samit Hota</author></item><item><title>[High] RedEcho: China-Linked Threat Actor Targeting Indian Critical Infrastructure</title><link>https://samithota.com/adversaries/g1042-redecho/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1042-redecho/</guid><description>An in-depth profile of RedEcho (G1042), a China-linked threat actor primarily targeting Indian critical infrastructure, particularly the power sector, for…</description><pubDate>Fri, 17 Jul 2026 09:30:38 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g1042</category><author>Samit Hota</author></item><item><title>[High] Rancor: Persistent Espionage in Southeast Asia</title><link>https://samithota.com/adversaries/g0075-rancor/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0075-rancor/</guid><description>Rancor (G0075) is a China-linked cyber espionage group targeting government and political entities in Southeast Asia since 2017, employing evolving custom…</description><pubDate>Fri, 17 Jul 2026 09:30:10 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0075</category><author>Samit Hota</author></item><item><title>[High] Poseidon Group: The Extortion-as-a-Service Cyber Mercenaries</title><link>https://samithota.com/adversaries/g0033-poseidon-group/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0033-poseidon-group/</guid><description>A profile of the Poseidon Group (G0033), a Brazilian cyber mercenary gang known for its unique data exfiltration and extortion model.</description><pubDate>Fri, 17 Jul 2026 09:29:46 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0033</category><author>Samit Hota</author></item><item><title>[Critical] Play Ransomware (G1040) Threat Profile: Evolving Tactics and Global Impact</title><link>https://samithota.com/adversaries/g1040-play/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1040-play/</guid><description>A detailed security professional&apos;s analysis of the Play ransomware group (G1040), its evolving tactics, global targeting, and current active status.</description><pubDate>Fri, 17 Jul 2026 09:29:25 GMT</pubDate><category>Critical</category><category>Active</category><category>threat-actor</category><category>g1040</category><author>Samit Hota</author></item><item><title>[High] Putter Panda: Persistent Chinese Cyber Espionage</title><link>https://samithota.com/adversaries/g0024-putter-panda/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0024-putter-panda/</guid><description>A detailed profile of Putter Panda (G0024), a Chinese state-sponsored threat group linked to the PLA&apos;s Unit 61486, focusing on its espionage motivations,…</description><pubDate>Fri, 17 Jul 2026 05:29:29 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0024</category><author>Samit Hota</author></item><item><title>[High] PROMETHIUM (StrongPity): A Resilient Espionage Threat</title><link>https://samithota.com/adversaries/g0056-promethium/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0056-promethium/</guid><description>Profile of PROMETHIUM (StrongPity), an espionage-focused APT group active since 2012, known for using trojanized software to target diverse regions and sectors.</description><pubDate>Fri, 17 Jul 2026 05:29:18 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0056</category><author>Samit Hota</author></item><item><title>[High] POLONIUM (G1005): Persistent Cyber Espionage Targeting Israel</title><link>https://samithota.com/adversaries/g1005-polonium/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1005-polonium/</guid><description>POLONIUM is a Lebanon-based, Iran-affiliated cyber espionage group actively targeting critical sectors in Israel with custom backdoors and cloud-based C2.</description><pubDate>Fri, 17 Jul 2026 05:28:52 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g1005</category><author>Samit Hota</author></item><item><title>[High] PLATINUM (G0068) Threat Actor Profile: Stealthy Cyber Espionage in APAC</title><link>https://samithota.com/adversaries/g0068-platinum/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0068-platinum/</guid><description>A deep dive into PLATINUM (G0068), an advanced, state-sponsored cyber espionage group targeting governments and critical infrastructure in South and Southeast…</description><pubDate>Fri, 17 Jul 2026 05:28:34 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0068</category><author>Samit Hota</author></item><item><title>[High] MuddyWater (G0069) - Iran&apos;s Persistent Cyber Espionage Group</title><link>https://samithota.com/adversaries/g0069-muddywater/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0069-muddywater/</guid><description>A deep dive into MuddyWater (G0069), an Iranian state-sponsored APT group known for persistent cyber espionage and evolving tactics.</description><pubDate>Thu, 16 Jul 2026 18:43:24 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0069</category><author>Samit Hota</author></item><item><title>[Medium] PittyTiger: Persistent Espionage from the Far East</title><link>https://samithota.com/adversaries/g0011-pittytiger/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0011-pittytiger/</guid><description>A detailed profile of PittyTiger (G0011), a suspected Chinese state-sponsored threat actor focused on cyber espionage.</description><pubDate>Thu, 16 Jul 2026 14:10:03 GMT</pubDate><category>Medium</category><category>Unknown</category><category>threat-actor</category><category>g0011</category><author>Samit Hota</author></item><item><title>[High] Patchwork (G0040): A Persistent Indian Cyber Espionage Threat</title><link>https://samithota.com/adversaries/g0040-patchwork/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0040-patchwork/</guid><description>An in-depth profile of Patchwork (G0040), a pro-Indian cyber espionage group actively targeting government, diplomatic, and defense sectors globally.</description><pubDate>Thu, 16 Jul 2026 14:09:52 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0040</category><author>Samit Hota</author></item><item><title>[High] Orangeworm: Healthcare&apos;s Silent Threat</title><link>https://samithota.com/adversaries/g0071-orangeworm/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0071-orangeworm/</guid><description>Orangeworm (G0071) is a sophisticated threat actor primarily targeting the global healthcare sector for corporate espionage.</description><pubDate>Thu, 16 Jul 2026 14:09:23 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0071</category><author>Samit Hota</author></item><item><title>[High] OilRig (G0049) - Iran&apos;s Persistent Cyber Espionage Arm</title><link>https://samithota.com/adversaries/g0049-oilrig/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0049-oilrig/</guid><description>OilRig, an Iranian state-sponsored APT group (G0049), actively targets Middle Eastern and international entities for cyber espionage, leveraging advanced TTPs.</description><pubDate>Thu, 16 Jul 2026 14:09:03 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0049</category><author>Samit Hota</author></item><item><title>[High] Nomadic Octopus: Persistent Cyber Espionage in Central Asia</title><link>https://samithota.com/adversaries/g0133-nomadic-octopus/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0133-nomadic-octopus/</guid><description>A profile of Nomadic Octopus (G0133), a Russia-linked cyber espionage group targeting Central Asian governments, diplomatic entities, and critical…</description><pubDate>Thu, 16 Jul 2026 14:08:34 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0133</category><author>Samit Hota</author></item><item><title>[High] NEODYMIUM (G0055): A Cyber Espionage Threat Targeting Turkey</title><link>https://samithota.com/adversaries/g0055-neodymium/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0055-neodymium/</guid><description>A profile of NEODYMIUM (G0055), a cyber espionage threat actor with suspected Iranian links, known for targeting Turkish individuals and organizations.</description><pubDate>Thu, 16 Jul 2026 14:08:10 GMT</pubDate><category>High</category><category>Unknown</category><category>threat-actor</category><category>g0055</category><author>Samit Hota</author></item><item><title>[High] Naikon (G0019) Threat Profile: Persistent Chinese Cyber Espionage</title><link>https://samithota.com/adversaries/g0019-naikon/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0019-naikon/</guid><description>Naikon is a state-sponsored Chinese cyber espionage group (G0019) primarily targeting government, military, and civil organizations in Southeast Asia for…</description><pubDate>Thu, 16 Jul 2026 14:07:58 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0019</category><author>Samit Hota</author></item><item><title>[High] Threat Profile: Mustard Tempest (G1020)</title><link>https://samithota.com/adversaries/g1020-mustard-tempest/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1020-mustard-tempest/</guid><description>An in-depth profile of Mustard Tempest (G1020), a financially motivated initial access broker known for distributing SocGholish malware.</description><pubDate>Thu, 16 Jul 2026 14:07:29 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g1020</category><author>Samit Hota</author></item><item><title>[High] Mustang Panda (G0129): China-Aligned Cyber Espionage Group Profile</title><link>https://samithota.com/adversaries/g0129-mustang-panda/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0129-mustang-panda/</guid><description>A detailed threat actor profile of Mustang Panda (G0129), a China-aligned cyber espionage group known for its persistent and adaptive operations.</description><pubDate>Thu, 16 Jul 2026 14:07:12 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0129</category><author>Samit Hota</author></item><item><title>[High] MoustachedBouncer (G1019) Threat Profile: Belarusian Cyberespionage Group</title><link>https://samithota.com/adversaries/g1019-moustachedbouncer/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1019-moustachedbouncer/</guid><description>An in-depth profile of MoustachedBouncer, a Belarusian-aligned cyberespionage group targeting foreign embassies through sophisticated ISP-level attacks and…</description><pubDate>Thu, 16 Jul 2026 09:40:29 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g1019</category><author>Samit Hota</author></item><item><title>[High] Moses Staff (G1009) Threat Actor Profile</title><link>https://samithota.com/adversaries/g1009-moses-staff/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1009-moses-staff/</guid><description>Moses Staff (G1009), also known as DEV-0500 and Marigold Sandstorm, is an Iranian-backed threat group primarily focused on politically motivated destructive…</description><pubDate>Thu, 16 Jul 2026 09:40:06 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g1009</category><author>Samit Hota</author></item><item><title>[High] Moonstone Sleet (G1036) Threat Actor Profile</title><link>https://samithota.com/adversaries/g1036-moonstone-sleet/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1036-moonstone-sleet/</guid><description>Moonstone Sleet is a North Korean-linked threat actor conducting financially motivated and espionage operations, notable for social engineering and custom…</description><pubDate>Thu, 16 Jul 2026 09:39:51 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g1036</category><author>Samit Hota</author></item><item><title>[High] Molerats (G0021): Persistent Cyber Espionage in the Middle East</title><link>https://samithota.com/adversaries/g0021-molerats/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0021-molerats/</guid><description>A profile of Molerats (G0021), a politically-motivated, Hamas-aligned APT group active since 2012, known for cyber espionage in the Middle East and beyond.</description><pubDate>Thu, 16 Jul 2026 09:39:36 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0021</category><author>Samit Hota</author></item><item><title>[High] Mofang (G0103): Persistent Cyber Espionage Operations</title><link>https://samithota.com/adversaries/g0103-mofang/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0103-mofang/</guid><description>A detailed profile of Mofang (G0103), a likely China-based, government-affiliated cyber espionage group known for its sophisticated TTPs.</description><pubDate>Thu, 16 Jul 2026 09:39:07 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0103</category><author>Samit Hota</author></item><item><title>[High] Moafee (G0002): Profile of a Chinese Espionage Threat Actor</title><link>https://samithota.com/adversaries/g0002-moafee/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0002-moafee/</guid><description>Moafee (G0002) is a China-linked threat group primarily focused on information theft and espionage against government and military targets.</description><pubDate>Thu, 16 Jul 2026 09:38:34 GMT</pubDate><category>High</category><category>Unknown</category><category>threat-actor</category><category>g0002</category><author>Samit Hota</author></item><item><title>[High] MirrorFace (G1054) - PRC-Aligned Cyberespionage Group with Evolving TTPs</title><link>https://samithota.com/adversaries/g1054-mirrorface/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1054-mirrorface/</guid><description>MirrorFace, also known as Earth Kasha, is a sophisticated PRC-aligned cyberespionage group actively targeting government, critical infrastructure, and…</description><pubDate>Thu, 16 Jul 2026 09:38:07 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g1054</category><author>Samit Hota</author></item><item><title>[High] Metador (G1013): An Elusive Cyber Espionage Group</title><link>https://samithota.com/adversaries/g1013-metador/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1013-metador/</guid><description>Metador (G1013) is a sophisticated and highly-aware cyber espionage group targeting telecommunication companies, ISPs, and universities in the Middle East and…</description><pubDate>Thu, 16 Jul 2026 09:37:32 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g1013</category><author>Samit Hota</author></item><item><title>[High] menuPass (G0045): China&apos;s Enduring Cyber Espionage Arm</title><link>https://samithota.com/adversaries/g0045-menupass/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0045-menupass/</guid><description>menuPass, also known as APT10, is a highly sophisticated Chinese state-sponsored cyber espionage group primarily focused on intellectual property theft and…</description><pubDate>Thu, 16 Jul 2026 09:37:07 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0045</category><author>Samit Hota</author></item><item><title>[High] Medusa Group: An Aggressive RaaS with Evolving Extortion Tactics</title><link>https://samithota.com/adversaries/g1051-medusa-group/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1051-medusa-group/</guid><description>Medusa Group is an aggressive Ransomware-as-a-Service (RaaS) operation known for double and triple extortion, targeting critical sectors globally with a focus…</description><pubDate>Thu, 16 Jul 2026 09:36:38 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g1051</category><author>Samit Hota</author></item><item><title>[High] Malteiro (G1026) Threat Profile: Mispadu MaaS and Latin American Banking Threats</title><link>https://samithota.com/adversaries/g1026-malteiro/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1026-malteiro/</guid><description>A profile of Malteiro (G1026), a Brazilian cybercrime group known for distributing the Mispadu banking trojan via a Malware-as-a-Service model.</description><pubDate>Wed, 15 Jul 2026 18:40:23 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g1026</category><author>Samit Hota</author></item><item><title>[High] Magic Hound (G0059) Threat Profile: Iran&apos;s Persistent Cyber Espionage</title><link>https://samithota.com/adversaries/g0059-magic-hound/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0059-magic-hound/</guid><description>A detailed threat profile for Magic Hound (G0059), an Iranian-sponsored cyber espionage group, outlining their operations, targets, TTPs, and current status.</description><pubDate>Wed, 15 Jul 2026 14:26:25 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0059</category><author>Samit Hota</author></item><item><title>[High] Machete (G0095): Persistent Cyber Espionage in Latin America and Beyond</title><link>https://samithota.com/adversaries/g0095-machete/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0095-machete/</guid><description>Machete (G0095) is a long-standing, Spanish-speaking cyber espionage group targeting government, military, and critical infrastructure, primarily in Latin…</description><pubDate>Wed, 15 Jul 2026 14:25:55 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0095</category><author>Samit Hota</author></item><item><title>[High] LuminousMoth (G1014): Chinese Cyber Espionage Targeting Southeast Asia</title><link>https://samithota.com/adversaries/g1014-luminousmoth/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1014-luminousmoth/</guid><description>LuminousMoth is a Chinese-speaking cyber espionage group (G1014) active since 2020, targeting government entities in Southeast Asia for intelligence gathering.</description><pubDate>Wed, 15 Jul 2026 14:25:24 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g1014</category><author>Samit Hota</author></item><item><title>[High] Lotus Blossom (G0030): A Persistent Regional Espionage Threat</title><link>https://samithota.com/adversaries/g0030-lotus-blossom/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0030-lotus-blossom/</guid><description>Lotus Blossom is a China-aligned APT group focused on long-term intelligence collection against government, telecom, and critical infrastructure in Asia.</description><pubDate>Wed, 15 Jul 2026 14:24:54 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0030</category><author>Samit Hota</author></item><item><title>[High] Leviathan (APT40): China&apos;s Persistent Maritime Espionage Group</title><link>https://samithota.com/adversaries/g0065-leviathan/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0065-leviathan/</guid><description>A profile of Leviathan (APT40), a Chinese state-sponsored cyber espionage group targeting critical sectors for intelligence and IP theft.</description><pubDate>Wed, 15 Jul 2026 14:24:24 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0065</category><author>Samit Hota</author></item><item><title>[High] Threat Profile: Leafminer (G0077) – Iranian Espionage Group</title><link>https://samithota.com/adversaries/g0077-leafminer/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0077-leafminer/</guid><description>Leafminer (G0077), also known as Raspite, is an Iranian-nexus threat group primarily focused on intelligence collection against critical sectors in the Middle…</description><pubDate>Wed, 15 Jul 2026 09:36:14 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0077</category><author>Samit Hota</author></item><item><title>[Medium] LazyScripter Threat Profile: Targeting Airlines and Global Workforce</title><link>https://samithota.com/adversaries/g0140-lazyscripter/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0140-lazyscripter/</guid><description>LazyScripter (G0140) is a persistent threat group active since 2018, primarily targeting the airline industry and individuals seeking immigration, using…</description><pubDate>Wed, 15 Jul 2026 09:35:52 GMT</pubDate><category>Medium</category><category>Active</category><category>threat-actor</category><category>g0140</category><author>Samit Hota</author></item><item><title>[Critical] Lazarus Group: DPRK&apos;s Evolving Hybrid Threat</title><link>https://samithota.com/adversaries/g0032-lazarus-group/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0032-lazarus-group/</guid><description>A detailed profile of the Lazarus Group (G0032), North Korea&apos;s state-sponsored cyber threat, covering its origin, motivations, tactics, and recent activities.</description><pubDate>Wed, 15 Jul 2026 09:35:28 GMT</pubDate><category>Critical</category><category>Active</category><category>threat-actor</category><category>g0032</category><author>Samit Hota</author></item><item><title>[High] LAPSUS$ (G1004): High-Tempo Social Engineering and Extortion</title><link>https://samithota.com/adversaries/g1004-lapsus/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1004-lapsus/</guid><description>LAPSUS$ is a cybercriminal group specializing in social engineering and extortion, often without ransomware, targeting global organizations.</description><pubDate>Wed, 15 Jul 2026 09:35:00 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g1004</category><author>Samit Hota</author></item><item><title>[Critical] Kimsuky (G0094): North Korea&apos;s Relentless Cyber Espionage Arm</title><link>https://samithota.com/adversaries/g0094-kimsuky/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0094-kimsuky/</guid><description>A profile of Kimsuky, a North Korean state-sponsored APT group focused on intelligence gathering through sophisticated spear-phishing and evolving malware.</description><pubDate>Wed, 15 Jul 2026 09:34:30 GMT</pubDate><category>Critical</category><category>Active</category><category>threat-actor</category><category>g0094</category><author>Samit Hota</author></item><item><title>[High] Ke3chang (G0004): A Persistent Cyberespionage Threat</title><link>https://samithota.com/adversaries/g0004-ke3chang/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0004-ke3chang/</guid><description>Ke3chang, also known as APT15 and NICKEL, is a sophisticated Chinese state-sponsored threat group focused on long-term cyberespionage against global…</description><pubDate>Wed, 15 Jul 2026 09:33:34 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0004</category><author>Samit Hota</author></item><item><title>[High] Indrik Spider (Evil Corp): A Persistent Russian Cybercriminal Threat</title><link>https://samithota.com/adversaries/g0119-indrik-spider/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0119-indrik-spider/</guid><description>A profile of Indrik Spider, a Russia-based cybercriminal group known for sophisticated banking trojans and evolving ransomware operations.</description><pubDate>Wed, 15 Jul 2026 09:33:03 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0119</category><author>Samit Hota</author></item><item><title>[High] IndigoZebra (G0136) Threat Profile: Persistent Cyber Espionage in Central Asia</title><link>https://samithota.com/adversaries/g0136-indigozebra/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0136-indigozebra/</guid><description>IndigoZebra (G0136) is a suspected Chinese state-sponsored APT group active since 2014, primarily targeting Central Asian governments for cyber espionage.</description><pubDate>Wed, 15 Jul 2026 09:32:35 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0136</category><author>Samit Hota</author></item><item><title>[High] INC Ransom (G1032) Threat Actor Profile: Operations, Tactics, and Evolution</title><link>https://samithota.com/adversaries/g1032-inc-ransom/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1032-inc-ransom/</guid><description>INC Ransom (G1032), also known as GOLD IONIC, is a prolific RaaS group active since mid-2023, primarily targeting healthcare, education, and manufacturing…</description><pubDate>Wed, 15 Jul 2026 09:32:16 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g1032</category><author>Samit Hota</author></item><item><title>[High] Higaisa (G0126) Threat Actor Profile</title><link>https://samithota.com/adversaries/g0126-higaisa/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0126-higaisa/</guid><description>An in-depth profile of Higaisa, a South Korean-suspected APT group targeting government, public, and trade organizations primarily in North Korea and Asia.</description><pubDate>Wed, 15 Jul 2026 09:31:39 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0126</category><author>Samit Hota</author></item><item><title>[High] HEXANE: Persistent Espionage Targeting Critical Infrastructure</title><link>https://samithota.com/adversaries/g1001-hexane/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1001-hexane/</guid><description>A profile of HEXANE (G1001), an Iranian cyber espionage group targeting oil &amp; gas, telecom, aviation, and ISPs in the Middle East and Africa.</description><pubDate>Wed, 15 Jul 2026 05:16:09 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g1001</category><author>Samit Hota</author></item><item><title>[High] Inception (G0100): A Persistent and Stealthy Cyber Espionage Threat</title><link>https://samithota.com/adversaries/g0100-inception/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0100-inception/</guid><description>An in-depth profile of Inception (G0100), a long-running, state-aligned cyber espionage group known for its sophisticated TTPs and global intelligence…</description><pubDate>Tue, 14 Jul 2026 18:43:41 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0100</category><author>Samit Hota</author></item><item><title>[High] HAFNIUM (G0125): A Profile of China&apos;s Elite Cyber Espionage Group</title><link>https://samithota.com/adversaries/g0125-hafnium/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0125-hafnium/</guid><description>An in-depth analysis of HAFNIUM, a state-sponsored Chinese APT group known for sophisticated cyber espionage and rapid exploitation of zero-day vulnerabilities.</description><pubDate>Tue, 14 Jul 2026 18:43:17 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0125</category><author>Samit Hota</author></item><item><title>[High] Group5 (G0043): Persistent Iranian-Linked Espionage Targeting Syrian Opposition</title><link>https://samithota.com/adversaries/g0043-group5/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0043-group5/</guid><description>Group5 (G0043) is an Iranian-linked threat actor engaged in cyber espionage, primarily targeting individuals associated with the Syrian opposition.</description><pubDate>Tue, 14 Jul 2026 18:42:32 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0043</category><author>Samit Hota</author></item><item><title>[High] Gorgon Group (G0078): Hybrid Threat Actor Profile</title><link>https://samithota.com/adversaries/g0078-gorgon-group/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0078-gorgon-group/</guid><description>A detailed profile of Gorgon Group (G0078), a Pakistan-linked threat actor known for its dual-pronged approach to cyber espionage and financially motivated…</description><pubDate>Tue, 14 Jul 2026 14:29:32 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0078</category><author>Samit Hota</author></item><item><title>[Critical] GOLD SOUTHFIELD: The Rise and Fall of the REvil Ransomware Empire</title><link>https://samithota.com/adversaries/g0115-gold-southfield/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0115-gold-southfield/</guid><description>A deep dive into GOLD SOUTHFIELD (G0115), the Russian-linked cybercriminal group behind the infamous REvil and GandCrab ransomware-as-a-service operations,…</description><pubDate>Tue, 14 Jul 2026 14:29:08 GMT</pubDate><category>Critical</category><category>Disbanded</category><category>threat-actor</category><category>g0115</category><author>Samit Hota</author></item><item><title>[Medium] GCMAN: A Profile of Financially Motivated Bank Robbers</title><link>https://samithota.com/adversaries/g0036-gcman/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0036-gcman/</guid><description>GCMAN (G0036) is a financially motivated threat group known for targeting financial institutions globally, employing sophisticated APT techniques and…</description><pubDate>Tue, 14 Jul 2026 14:28:33 GMT</pubDate><category>Medium</category><category>Dormant</category><category>threat-actor</category><category>g0036</category><author>Samit Hota</author></item><item><title>[High] Gamaredon Group: Russia&apos;s Persistent Espionage Arm in Ukraine and Beyond</title><link>https://samithota.com/adversaries/g0047-gamaredon-group/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0047-gamaredon-group/</guid><description>Profile of Gamaredon Group (G0047), a Russia-aligned APT linked to the FSB, known for relentless cyber espionage against Ukraine and NATO members.</description><pubDate>Tue, 14 Jul 2026 14:28:17 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0047</category><author>Samit Hota</author></item><item><title>[High] Gallmaker (G0084): A Profile of Persistent Cyberespionage</title><link>https://samithota.com/adversaries/g0084-gallmaker/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0084-gallmaker/</guid><description>A detailed profile of Gallmaker (G0084), a nation-state sponsored cyberespionage group targeting government, military, and defense sectors in the Middle East.</description><pubDate>Tue, 14 Jul 2026 14:27:48 GMT</pubDate><category>High</category><category>Unknown</category><category>threat-actor</category><category>g0084</category><author>Samit Hota</author></item><item><title>[High] GALLIUM: Persistent Chinese Cyberespionage Targeting Global Critical Infrastructure</title><link>https://samithota.com/adversaries/g0093-gallium/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0093-gallium/</guid><description>GALLIUM (G0093), also known as Granite Typhoon, is a Chinese state-sponsored APT group focused on long-term cyberespionage against global telecommunications,…</description><pubDate>Tue, 14 Jul 2026 14:27:28 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0093</category><author>Samit Hota</author></item><item><title>[High] Fox Kitten: An Iranian Hybrid Threat Actor</title><link>https://samithota.com/adversaries/g0117-fox-kitten/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0117-fox-kitten/</guid><description>Fox Kitten (G0117) is an Iranian state-sponsored threat actor active since 2017, engaged in espionage and ransomware facilitation.</description><pubDate>Tue, 14 Jul 2026 14:27:03 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0117</category><author>Samit Hota</author></item><item><title>[High] FIN8: Adapting from POS Breaches to Ransomware Dominance</title><link>https://samithota.com/adversaries/g0061-fin8/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0061-fin8/</guid><description>FIN8, also known as Syssphinx, is a financially motivated cybercrime group that has evolved from targeting POS systems to deploying sophisticated ransomware…</description><pubDate>Tue, 14 Jul 2026 14:26:44 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0061</category><author>Samit Hota</author></item><item><title>[High] FIN7: From Point-of-Sale Theft to Ransomware Kingpins</title><link>https://samithota.com/adversaries/g0046-fin7/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0046-fin7/</guid><description>A deep dive into FIN7, a financially motivated cybercrime group known for evolving from POS attacks to sophisticated ransomware operations.</description><pubDate>Tue, 14 Jul 2026 09:32:24 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0046</category><author>Samit Hota</author></item><item><title>[High] FIN6: From POS Skimming to Ransomware and Enterprise Infiltration</title><link>https://samithota.com/adversaries/g0037-fin6/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0037-fin6/</guid><description>A detailed profile of FIN6 (G0037), a financially motivated cybercrime group known for evolving from PoS compromises to ransomware and sophisticated social…</description><pubDate>Tue, 14 Jul 2026 09:31:36 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0037</category><author>Samit Hota</author></item><item><title>[High] FIN5 Threat Actor Profile: Persistent Point-of-Sale Scraper</title><link>https://samithota.com/adversaries/g0053-fin5/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0053-fin5/</guid><description>A profile of FIN5 (G0053), a financially motivated threat group known for targeting hospitality, gaming, and restaurant sectors for payment card data.</description><pubDate>Tue, 14 Jul 2026 09:31:12 GMT</pubDate><category>High</category><category>Unknown</category><category>threat-actor</category><category>g0053</category><author>Samit Hota</author></item><item><title>[High] FIN4: The Insider Threat to Market Confidentiality</title><link>https://samithota.com/adversaries/g0085-fin4/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0085-fin4/</guid><description>FIN4 is a financially-motivated threat group focused on stealing market-moving confidential information, primarily through credential theft and email…</description><pubDate>Tue, 14 Jul 2026 09:30:50 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0085</category><author>Samit Hota</author></item><item><title>[High] FIN13 (Elephant Beetle): Mexico-Focused Financial Threat Group</title><link>https://samithota.com/adversaries/g1016-fin13/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1016-fin13/</guid><description>FIN13, also known as Elephant Beetle, is a patient, financially motivated threat actor primarily targeting Mexico and Latin America&apos;s financial, retail, and…</description><pubDate>Tue, 14 Jul 2026 09:30:27 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g1016</category><author>Samit Hota</author></item><item><title>[Medium] FIN10: The North American Extortionist Cybercrime Group</title><link>https://samithota.com/adversaries/g0051-fin10/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0051-fin10/</guid><description>Profile of FIN10 (G0051), a financially motivated threat group that operated in North America, primarily Canada, known for data exfiltration and extortion of…</description><pubDate>Tue, 14 Jul 2026 09:29:58 GMT</pubDate><category>Medium</category><category>Dormant</category><category>threat-actor</category><category>g0051</category><author>Samit Hota</author></item><item><title>[High] EXOTIC LILY: Premier Initial Access Broker Fueling Ransomware Operations</title><link>https://samithota.com/adversaries/g1011-exotic-lily/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1011-exotic-lily/</guid><description>EXOTIC LILY (G1011) is a financially motivated initial access broker known for sophisticated spear phishing campaigns and ties to Russian cybercrime.</description><pubDate>Tue, 14 Jul 2026 09:29:39 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g1011</category><author>Samit Hota</author></item><item><title>[High] Evilnum (G0120): Persistent Financial Threat and Evolving Espionage Actor</title><link>https://samithota.com/adversaries/g0120-evilnum/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0120-evilnum/</guid><description>Evilnum (G0120) is a financially motivated threat group active since 2018, primarily targeting financial technology companies and other entities for extensive…</description><pubDate>Tue, 14 Jul 2026 09:29:21 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0120</category><author>Samit Hota</author></item><item><title>[Critical] Equation: Apex Predator of Cyber Espionage</title><link>https://samithota.com/adversaries/g0020-equation/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0020-equation/</guid><description>A profile of the Equation Group, a highly sophisticated threat actor widely attributed to the NSA, known for zero-days, firmware exploits, and deep cyber…</description><pubDate>Tue, 14 Jul 2026 09:28:55 GMT</pubDate><category>Critical</category><category>Active</category><category>threat-actor</category><category>g0020</category><author>Samit Hota</author></item><item><title>[Critical] Ember Bear (G1003): Russian Cyber Espionage and Destructive Operations</title><link>https://samithota.com/adversaries/g1003-ember-bear/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1003-ember-bear/</guid><description>Profile of Ember Bear (G1003), a Russian state-sponsored cyber espionage group linked to GRU Unit 29155, detailing their origins, motivations, targets, TTPs,…</description><pubDate>Tue, 14 Jul 2026 09:28:25 GMT</pubDate><category>Critical</category><category>Active</category><category>threat-actor</category><category>g1003</category><author>Samit Hota</author></item><item><title>[High] Ferocious Kitten: Persistent Iranian Cyberespionage</title><link>https://samithota.com/adversaries/g0137-ferocious-kitten/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0137-ferocious-kitten/</guid><description>A profile of Ferocious Kitten (G0137), an Iranian cyberespionage group targeting Persian-speaking individuals, active since at least 2015.</description><pubDate>Tue, 14 Jul 2026 05:16:33 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0137</category><author>Samit Hota</author></item><item><title>[High] Threat Actor Profile: Elderwood (G0066)</title><link>https://samithota.com/adversaries/g0066-elderwood/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0066-elderwood/</guid><description>An in-depth profile of Elderwood (G0066), a sophisticated suspected Chinese cyber espionage group known for zero-day exploits and supply chain attacks.</description><pubDate>Tue, 14 Jul 2026 05:16:03 GMT</pubDate><category>High</category><category>Dormant</category><category>threat-actor</category><category>g0066</category><author>Samit Hota</author></item><item><title>[High] Earth Lusca (G1006): Persistent and Evolving Threat Profile</title><link>https://samithota.com/adversaries/g1006-earth-lusca/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1006-earth-lusca/</guid><description>A detailed profile of Earth Lusca, a China-linked APT group known for cyberespionage and financially motivated attacks across diverse global targets.</description><pubDate>Tue, 14 Jul 2026 05:15:39 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g1006</category><author>Samit Hota</author></item><item><title>[Medium] DragonOK: China-Linked APT Group Targeting Asian &amp; European Organizations</title><link>https://samithota.com/adversaries/g0017-dragonok/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0017-dragonok/</guid><description>DragonOK (G0017) is a China-linked APT group known for corporate espionage against high-tech and manufacturing firms, primarily in Japan.</description><pubDate>Mon, 13 Jul 2026 15:35:50 GMT</pubDate><category>Medium</category><category>Active</category><category>threat-actor</category><category>g0017</category><author>Samit Hota</author></item><item><title>[Critical] Threat Actor Profile: Dragonfly (G0035) – Russia’s Critical Infrastructure Espionage Group</title><link>https://samithota.com/adversaries/g0035-dragonfly/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0035-dragonfly/</guid><description>An in-depth profile of Dragonfly (G0035), a Russian state-sponsored cyber espionage group targeting global critical infrastructure.</description><pubDate>Mon, 13 Jul 2026 15:35:24 GMT</pubDate><category>Critical</category><category>Active</category><category>threat-actor</category><category>g0035</category><author>Samit Hota</author></item><item><title>[High] Deep Panda (G0009) Threat Actor Profile: A Persistent Chinese Espionage Group</title><link>https://samithota.com/adversaries/g0009-deep-panda/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0009-deep-panda/</guid><description>A profile of Deep Panda (G0009), a sophisticated China-aligned threat group known for cyber espionage and credential theft.</description><pubDate>Mon, 13 Jul 2026 15:34:55 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0009</category><author>Samit Hota</author></item><item><title>[High] DarkVishnya (G0105) Threat Actor Profile</title><link>https://samithota.com/adversaries/g0105-darkvishnya/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0105-darkvishnya/</guid><description>DarkVishnya is a financially motivated threat actor known for physically breaching Eastern European financial institutions using stealthy hardware.</description><pubDate>Mon, 13 Jul 2026 15:34:30 GMT</pubDate><category>High</category><category>Dormant</category><category>threat-actor</category><category>g0105</category><author>Samit Hota</author></item><item><title>[High] DarkHydrus: Persistent Middle Eastern Espionage Group</title><link>https://samithota.com/adversaries/g0079-darkhydrus/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0079-darkhydrus/</guid><description>DarkHydrus (G0079) is a state-sponsored threat group primarily targeting government and educational institutions in the Middle East for cyber espionage.</description><pubDate>Mon, 13 Jul 2026 15:34:10 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0079</category><author>Samit Hota</author></item><item><title>[High] Darkhotel: An Enduring Cyber Espionage Threat</title><link>https://samithota.com/adversaries/g0012-darkhotel/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0012-darkhotel/</guid><description>Darkhotel is a sophisticated, suspected South Korean cyber espionage group known for evolving from hotel Wi-Fi attacks to advanced cloud-based operations.</description><pubDate>Mon, 13 Jul 2026 15:33:44 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0012</category><author>Samit Hota</author></item><item><title>[Medium] Dark Caracal (G0070) Threat Profile: Mobile-Focused Espionage</title><link>https://samithota.com/adversaries/g0070-dark-caracal/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0070-dark-caracal/</guid><description>Dark Caracal is a state-aligned threat group (G0070) attributed to Lebanese security services, focusing on global mobile and desktop surveillance for espionage.</description><pubDate>Mon, 13 Jul 2026 15:33:19 GMT</pubDate><category>Medium</category><category>Active</category><category>threat-actor</category><category>g0070</category><author>Samit Hota</author></item><item><title>[High] Daggerfly (G1034): An Adaptive PRC-Linked Espionage Group</title><link>https://samithota.com/adversaries/g1034-daggerfly/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1034-daggerfly/</guid><description>This profile details Daggerfly (G1034), a sophisticated China-linked APT group engaged in long-term cyber espionage against diverse targets across Asia and…</description><pubDate>Mon, 13 Jul 2026 15:32:55 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g1034</category><author>Samit Hota</author></item><item><title>[High] CURIUM: Patient Iranian Espionage Group</title><link>https://samithota.com/adversaries/g1012-curium/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1012-curium/</guid><description>An Iranian state-sponsored threat actor, CURIUM (G1012), known for its patient social engineering and espionage against Middle Eastern IT service providers.</description><pubDate>Mon, 13 Jul 2026 15:32:21 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g1012</category><author>Samit Hota</author></item><item><title>[High] CopyKittens: Persistent Iranian Cyber Espionage Group</title><link>https://samithota.com/adversaries/g0052-copykittens/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0052-copykittens/</guid><description>A profile of CopyKittens (G0052), an Iranian state-sponsored cyber espionage group targeting governments, defense, and IT sectors.</description><pubDate>Mon, 13 Jul 2026 15:32:10 GMT</pubDate><category>High</category><category>Unknown</category><category>threat-actor</category><category>g0052</category><author>Samit Hota</author></item><item><title>[High] Threat Profile: Contagious Interview (G1052)</title><link>https://samithota.com/adversaries/g1052-contagious-interview/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1052-contagious-interview/</guid><description>Contagious Interview (G1052) is a North Korea-aligned threat group focused on cyberespionage and financially motivated operations targeting developers and…</description><pubDate>Mon, 13 Jul 2026 10:44:21 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g1052</category><author>Samit Hota</author></item><item><title>[High] Confucius APT: Persistent Espionage in South Asia</title><link>https://samithota.com/adversaries/g0142-confucius/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0142-confucius/</guid><description>Confucius APT is an India-linked cyber espionage group active since 2013, primarily targeting military, government, and high-profile individuals in South Asia…</description><pubDate>Mon, 13 Jul 2026 10:43:55 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0142</category><author>Samit Hota</author></item><item><title>[High] Cobalt Group: A Relentless Financial Cybercrime Syndicate</title><link>https://samithota.com/adversaries/g0080-cobalt-group/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0080-cobalt-group/</guid><description>A profile of the Cobalt Group (G0080), a highly sophisticated and persistent threat actor targeting financial institutions globally for illicit financial gain.</description><pubDate>Mon, 13 Jul 2026 10:43:29 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0080</category><author>Samit Hota</author></item><item><title>[High] Cleaver (G0003): Iranian APT Targeting Critical Infrastructure</title><link>https://samithota.com/adversaries/g0003-cleaver/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0003-cleaver/</guid><description>Cleaver (G0003) is an Iranian state-sponsored threat group notorious for espionage and sabotage against global critical infrastructure.</description><pubDate>Mon, 13 Jul 2026 10:43:01 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0003</category><author>Samit Hota</author></item><item><title>[High] Cinnamon Tempest: The Espionage Group Cloaked in Ransomware</title><link>https://samithota.com/adversaries/g1021-cinnamon-tempest/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1021-cinnamon-tempest/</guid><description>Cinnamon Tempest (G1021), a China-based threat group, uses ransomware as a smokescreen for cyberespionage and intellectual property theft.</description><pubDate>Mon, 13 Jul 2026 10:42:39 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g1021</category><author>Samit Hota</author></item><item><title>[High] Chimera (G0114): Enduring Espionage in High-Tech and Aviation</title><link>https://samithota.com/adversaries/g0114-chimera/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0114-chimera/</guid><description>Chimera (G0114) is a suspected China-based APT group active since 2018, known for persistent cyber espionage targeting semiconductor intellectual property and…</description><pubDate>Mon, 13 Jul 2026 10:42:07 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0114</category><author>Samit Hota</author></item><item><title>[High] Carbanak Threat Profile: Financial Apex Predators</title><link>https://samithota.com/adversaries/g0008-carbanak/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0008-carbanak/</guid><description>A deep dive into Carbanak (G0008), a financially motivated cybercrime group known for sophisticated attacks against global financial institutions.</description><pubDate>Mon, 13 Jul 2026 10:41:44 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0008</category><author>Samit Hota</author></item><item><title>[High] BRONZE BUTLER (G0060) Threat Profile: Persistent Chinese Cyber Espionage</title><link>https://samithota.com/adversaries/g0060-bronze-butler/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0060-bronze-butler/</guid><description>A detailed profile of BRONZE BUTLER (G0060), a Chinese state-sponsored cyber espionage group primarily targeting Japanese organizations for intellectual…</description><pubDate>Mon, 13 Jul 2026 10:41:28 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0060</category><author>Samit Hota</author></item><item><title>[High] Blue Mockingbird (G0108): Persistent Cryptomining Threat</title><link>https://samithota.com/adversaries/g0108-blue-mockingbird/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0108-blue-mockingbird/</guid><description>Blue Mockingbird (G0108) is a financially motivated threat actor group focused on deploying Monero cryptocurrency miners on Windows systems.</description><pubDate>Mon, 13 Jul 2026 10:40:58 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0108</category><author>Samit Hota</author></item><item><title>[High] BlackTech (G0098) Threat Profile: Chinese Cyber Espionage Group</title><link>https://samithota.com/adversaries/g0098-blacktech/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0098-blacktech/</guid><description>An in-depth profile of BlackTech (G0098), a sophisticated Chinese state-sponsored cyber espionage group targeting government, military, and critical…</description><pubDate>Mon, 13 Jul 2026 10:40:32 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0098</category><author>Samit Hota</author></item><item><title>[High] BlackOasis (G0063): A Persistent Cyber-Espionage Threat</title><link>https://samithota.com/adversaries/g0063-blackoasis/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0063-blackoasis/</guid><description>BlackOasis (G0063) is a sophisticated Middle Eastern threat group known for cyber-espionage against high-profile targets using zero-day exploits and FinSpy…</description><pubDate>Mon, 13 Jul 2026 05:54:45 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0063</category><author>Samit Hota</author></item><item><title>[High] BlackByte Ransomware: A Persistent Double Extortion Threat</title><link>https://samithota.com/adversaries/g1043-blackbyte/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1043-blackbyte/</guid><description>Profile of BlackByte (G1043), a ransomware-as-a-service (RaaS) group active since 2021, known for double extortion and targeting critical infrastructure…</description><pubDate>Mon, 13 Jul 2026 05:54:24 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g1043</category><author>Samit Hota</author></item><item><title>[High] BITTER (G1002): An Enduring South Asian Cyber Espionage Threat</title><link>https://samithota.com/adversaries/g1002-bitter/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1002-bitter/</guid><description>A detailed profile of BITTER (G1002), a persistent South Asian cyber espionage group, outlining their origins, motivations, targets, TTPs, and current…</description><pubDate>Sun, 12 Jul 2026 18:30:11 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g1002</category><author>Samit Hota</author></item><item><title>[High] BackdoorDiplomacy (G0135) Threat Profile: Persistent Chinese Cyber Espionage</title><link>https://samithota.com/adversaries/g0135-backdoordiplomacy/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0135-backdoordiplomacy/</guid><description>A detailed threat profile of BackdoorDiplomacy, a China-linked APT group known for cyber espionage against diplomatic and telecommunication targets.</description><pubDate>Sun, 12 Jul 2026 14:13:33 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0135</category><author>Samit Hota</author></item><item><title>[High] Axiom (G0001): Profile of a Sophisticated Chinese Cyber Espionage Group</title><link>https://samithota.com/adversaries/g0001-axiom/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0001-axiom/</guid><description>A detailed profile of Axiom (G0001), a sophisticated, state-sponsored Chinese cyber espionage group targeting high-value intellectual property and sensitive…</description><pubDate>Sun, 12 Jul 2026 14:12:53 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0001</category><author>Samit Hota</author></item><item><title>[High] Aquatic Panda (G0143) Threat Profile: Persistent Cyber Espionage Operations</title><link>https://samithota.com/adversaries/g0143-aquatic-panda/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0143-aquatic-panda/</guid><description>Aquatic Panda (G0143) is a China-linked APT conducting intelligence collection and industrial espionage, targeting diverse global sectors with advanced…</description><pubDate>Sun, 12 Jul 2026 14:12:28 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0143</category><author>Samit Hota</author></item><item><title>[High] APT5 (Mulberry Typhoon): Profile of a Sophisticated China-Based Espionage Actor</title><link>https://samithota.com/adversaries/g1023-apt5/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1023-apt5/</guid><description>APT5, also known as Mulberry Typhoon, is a China-based state-sponsored cyber espionage group targeting telecommunications, aerospace, and defense sectors…</description><pubDate>Sun, 12 Jul 2026 14:12:04 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g1023</category><author>Samit Hota</author></item><item><title>[High] APT42: Iran&apos;s Premier Human-Targeting Cyber Espionage Unit</title><link>https://samithota.com/adversaries/g1044-apt42/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1044-apt42/</guid><description>Iranian state-sponsored APT42 conducts cyber espionage and surveillance, primarily using sophisticated social engineering and credential harvesting to target…</description><pubDate>Sun, 12 Jul 2026 14:11:39 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g1044</category><author>Samit Hota</author></item><item><title>[High] APT41: China&apos;s Dual-Threat Cyber Powerhouse</title><link>https://samithota.com/adversaries/g0096-apt41/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0096-apt41/</guid><description>APT41 is a prolific Chinese state-sponsored threat group notorious for blending sophisticated cyber espionage with financially motivated operations globally.</description><pubDate>Sun, 12 Jul 2026 14:11:14 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0096</category><author>Samit Hota</author></item><item><title>[High] APT39: Iran&apos;s Relentless Surveillance Threat</title><link>https://samithota.com/adversaries/g0087-apt39/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0087-apt39/</guid><description>APT39, also known as Chafer and Remix Kitten, is an Iranian state-sponsored cyber espionage group focused on collecting personal information for surveillance.</description><pubDate>Sun, 12 Jul 2026 14:10:43 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0087</category><author>Samit Hota</author></item><item><title>[Critical] APT38: North Korea&apos;s Relentless Financial Cyber Offensive</title><link>https://samithota.com/adversaries/g0082-apt38/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0082-apt38/</guid><description>Profile of APT38, a North Korean state-sponsored threat group specializing in global financial cyber operations, destructive attacks, and cryptocurrency theft.</description><pubDate>Sun, 12 Jul 2026 14:10:16 GMT</pubDate><category>Critical</category><category>Active</category><category>threat-actor</category><category>g0082</category><author>Samit Hota</author></item><item><title>[Critical] APT37 (ScarCruft): North Korea&apos;s Evolving Cyber Espionage Group</title><link>https://samithota.com/adversaries/g0067-apt37/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0067-apt37/</guid><description>APT37, a North Korean state-sponsored cyber espionage group, targets South Korea and global entities with sophisticated tactics and diverse custom malware.</description><pubDate>Sun, 12 Jul 2026 09:33:19 GMT</pubDate><category>Critical</category><category>Active</category><category>threat-actor</category><category>g0067</category><author>Samit Hota</author></item><item><title>[High] APT33: Iran&apos;s Evolving Cyber Espionage and Destructive Capabilities</title><link>https://samithota.com/adversaries/g0064-apt33/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0064-apt33/</guid><description>A detailed profile of APT33 (G0064), an Iranian state-sponsored threat group known for cyber espionage against critical infrastructure and a recent shift to…</description><pubDate>Sun, 12 Jul 2026 09:32:38 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0064</category><author>Samit Hota</author></item><item><title>[High] APT32 (OceanLotus): A Persistent Threat to Southeast Asian Interests</title><link>https://samithota.com/adversaries/g0050-apt32/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0050-apt32/</guid><description>APT32, also known as OceanLotus, is a sophisticated, Vietnam-aligned cyber espionage group targeting governments, dissidents, and industries in Southeast Asia…</description><pubDate>Sun, 12 Jul 2026 09:32:13 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0050</category><author>Samit Hota</author></item><item><title>[High] APT30: Persistent Chinese Cyber Espionage in Southeast Asia and Beyond</title><link>https://samithota.com/adversaries/g0013-apt30/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0013-apt30/</guid><description>A deep dive into APT30 (G0013), a Chinese state-sponsored cyber espionage group known for its decade-long operations targeting strategic intelligence.</description><pubDate>Sun, 12 Jul 2026 09:31:43 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0013</category><author>Samit Hota</author></item><item><title>[High] APT3 Profile: A Legacy of Chinese Cyber Espionage</title><link>https://samithota.com/adversaries/g0022-apt3/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0022-apt3/</guid><description>A deep dive into APT3 (G0022), a China-nexus cyber espionage group, detailing its origins, motivations, targets, TTPs, and evolution.</description><pubDate>Sun, 12 Jul 2026 09:31:20 GMT</pubDate><category>High</category><category>Dormant</category><category>threat-actor</category><category>g0022</category><author>Samit Hota</author></item><item><title>[Critical] APT29 (Midnight Blizzard / Cozy Bear): Russian SVR&apos;s Elite Cyber Espionage Unit</title><link>https://samithota.com/adversaries/g0016-apt29/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0016-apt29/</guid><description>APT29, also known as Midnight Blizzard and Cozy Bear, is a highly sophisticated, state-sponsored Russian threat actor (SVR) focused on long-term cyber…</description><pubDate>Sun, 12 Jul 2026 09:31:01 GMT</pubDate><category>Critical</category><category>Active</category><category>threat-actor</category><category>g0016</category><author>Samit Hota</author></item><item><title>[Critical] APT28: Russia&apos;s Enduring Cyber Espionage Arm</title><link>https://samithota.com/adversaries/g0007-apt28/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0007-apt28/</guid><description>A detailed profile of APT28 (Fancy Bear, Forest Blizzard), a Russian state-sponsored threat actor, detailing their origins, motivations, tactics, malware, and…</description><pubDate>Sun, 12 Jul 2026 09:30:34 GMT</pubDate><category>Critical</category><category>Active</category><category>threat-actor</category><category>g0007</category><author>Samit Hota</author></item><item><title>[High] APT19: Persistent Chinese Cyber Espionage and Credential Theft</title><link>https://samithota.com/adversaries/g0073-apt19/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0073-apt19/</guid><description>A detailed profile of APT19 (G0073), a China-aligned threat group known for cyber espionage, credential harvesting, and targeting diverse sectors globally.</description><pubDate>Sun, 12 Jul 2026 09:30:08 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0073</category><author>Samit Hota</author></item><item><title>[High] APT18 Threat Profile: Chinese Cyber Espionage Group</title><link>https://samithota.com/adversaries/g0026-apt18/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0026-apt18/</guid><description>APT18 (G0026), also known as Dynamite Panda, is a Chinese state-sponsored cyber espionage group targeting diverse sectors for intellectual property theft and…</description><pubDate>Sun, 12 Jul 2026 09:29:40 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0026</category><author>Samit Hota</author></item><item><title>[High] APT17 (Deputy Dog): A Persistent Chinese Cyber Espionage Threat</title><link>https://samithota.com/adversaries/g0025-apt17/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0025-apt17/</guid><description>Profile of APT17 (Deputy Dog), a China-based state-sponsored threat group known for cyber espionage, targeting various sectors.</description><pubDate>Sun, 12 Jul 2026 09:29:14 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0025</category><author>Samit Hota</author></item><item><title>[Medium] APT16: A Persistent Chinese Cyber Espionage Threat</title><link>https://samithota.com/adversaries/g0023-apt16/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0023-apt16/</guid><description>APT16 is a China-based threat group known for cyber espionage, primarily targeting organizations in Japan and Taiwan using spearphishing.</description><pubDate>Sat, 11 Jul 2026 14:07:13 GMT</pubDate><category>Medium</category><category>Active</category><category>threat-actor</category><category>g0023</category><author>Samit Hota</author></item><item><title>[High] APT12 (Numbered Panda) Profile: Persistent Chinese Cyber Espionage</title><link>https://samithota.com/adversaries/g0005-apt12/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0005-apt12/</guid><description>A deep dive into APT12, a sophisticated Chinese state-sponsored cyber espionage group known for its adaptive tactics and targeting of East Asian governments,…</description><pubDate>Sat, 11 Jul 2026 14:07:03 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0005</category><author>Samit Hota</author></item><item><title>[High] APT1 Threat Profile: China&apos;s Pioneering Cyber Espionage Unit</title><link>https://samithota.com/adversaries/g0006-apt1/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0006-apt1/</guid><description>APT1, also known as Comment Crew (G0006), is a state-sponsored Chinese cyber espionage group attributed to PLA Unit 61398, infamous for vast intellectual…</description><pubDate>Sat, 11 Jul 2026 14:06:37 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0006</category><author>Samit Hota</author></item><item><title>[High] APT-C-36 (Blind Eagle): A Persistent Threat to Latin America</title><link>https://samithota.com/adversaries/g0099-apt-c-36/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0099-apt-c-36/</guid><description>Profile of APT-C-36 (Blind Eagle), a South American threat group engaging in espionage and financial operations since 2018.</description><pubDate>Sat, 11 Jul 2026 11:49:20 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0099</category><author>Samit Hota</author></item><item><title>[High] APT-C-23 (Arid Viper): Persistent Cyber Espionage in the Middle East</title><link>https://samithota.com/adversaries/g1028-apt-c-23/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1028-apt-c-23/</guid><description>APT-C-23, also known as Arid Viper, is a sophisticated, likely state-sponsored group primarily targeting the Middle East with advanced mobile and Windows…</description><pubDate>Sat, 11 Jul 2026 11:48:44 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g1028</category><author>Samit Hota</author></item><item><title>[High] North Korea-linked AppleJeus: A Profile of G1049, a State-Sponsored Cybercrime Group</title><link>https://samithota.com/adversaries/g1049-applejeus/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1049-applejeus/</guid><description>AppleJeus (G1049) is a North Korean state-sponsored threat group primarily focused on financial gain through sophisticated cryptocurrency theft and supply…</description><pubDate>Sat, 11 Jul 2026 11:48:18 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g1049</category><author>Samit Hota</author></item><item><title>[High] Aoqin Dragon: Persistent Cyber Espionage Targeting APAC</title><link>https://samithota.com/adversaries/g1007-aoqin-dragon/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1007-aoqin-dragon/</guid><description>A profile of Aoqin Dragon (G1007), a suspected Chinese cyber espionage group actively targeting government, education, and telecom entities since 2013.</description><pubDate>Sat, 11 Jul 2026 11:47:34 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g1007</category><author>Samit Hota</author></item><item><title>[High] Andariel (G0138): North Korea&apos;s Dual-Threat Cyber Espionage and Ransomware Group</title><link>https://samithota.com/adversaries/g0138-andariel/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0138-andariel/</guid><description>A profile of Andariel (G0138), a North Korean state-sponsored threat group known for cyber espionage, destructive attacks, and financially motivated…</description><pubDate>Sat, 11 Jul 2026 11:47:12 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0138</category><author>Samit Hota</author></item><item><title>[High] Akira Ransomware: A Persistent and Evolving Global Threat</title><link>https://samithota.com/adversaries/g1024-akira/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1024-akira/</guid><description>Akira is a financially motivated ransomware-as-a-service (RaaS) group employing double extortion tactics against diverse sectors worldwide.</description><pubDate>Sat, 11 Jul 2026 11:36:28 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g1024</category><author>Samit Hota</author></item><item><title>[High] Ajax Security Team (G0130): An Iranian Cyber Espionage Group</title><link>https://samithota.com/adversaries/g0130-ajax-security-team/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0130-ajax-security-team/</guid><description>An in-depth profile of the Iranian-nexus threat actor known as Ajax Security Team (G0130) or Rocket Kitten, detailing their origins, motivations, targets,…</description><pubDate>Sat, 11 Jul 2026 11:35:48 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0130</category><author>Samit Hota</author></item><item><title>[High] Agrius (G1030): Iran&apos;s Destructive Cyber Arm Targeting Israel</title><link>https://samithota.com/adversaries/g1030-agrius/</link><guid isPermaLink="true">https://samithota.com/adversaries/g1030-agrius/</guid><description>Agrius (G1030), an Iranian state-sponsored APT, specializes in destructive wiper and pseudo-ransomware attacks, primarily targeting Israeli sectors since 2020.</description><pubDate>Sat, 11 Jul 2026 11:25:28 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g1030</category><author>Samit Hota</author></item><item><title>[High] Threat Actor Profile: admin@338 (G0018)</title><link>https://samithota.com/adversaries/g0018-admin-338/</link><guid isPermaLink="true">https://samithota.com/adversaries/g0018-admin-338/</guid><description>In-depth profile of admin@338, a China-based threat group known for cyber espionage against financial, economic, and media organizations.</description><pubDate>Sat, 11 Jul 2026 11:24:57 GMT</pubDate><category>High</category><category>Active</category><category>threat-actor</category><category>g0018</category><author>Samit Hota</author></item></channel></rss>