NSFOCUS Monthly APT Insights – July 2025
August 25, 2025
Regional APT Threat Situation In July 2025, the global threat hunting system of Fuying Lab detected a total of 33 APT attack activities. These activities were primarily concentrated in regions including South Asia, East Asia, Southeast Asia, Eastern Europe, and West Asia, as shown in the following figure. Regarding the activity levels of different organizations, […]
NSFOCUS Monthly APT Insights – June 2025
August 8, 2025
Regional APT Threat Situation In June 2025, the global threat hunting system of Fuying Lab detected a total of 33 APT attack activities. These activities were mainly distributed in regions such as South Asia, East Asia, West Asia, Eastern Europe, and South America, as shown in the figure below. In terms of organizational activity, the […]
NSFOCUS APT Monthly Briefing – May 2025
June 27, 2025
Regional APT Threat Situation In May 2025, the global threat hunting system of Fuying Lab discovered a total of 44 APT attack activities. These activities are mainly distributed in South Asia, Eastern Europe, East Asia, West Asia, Southeast Asia and as shown in the following figure. In terms of group activity, the most active APT […]
NSFOCUS Honored as a Representative Vendor in Gartner’s 2024 Market Guide for Security Threat Intelligence Products and Services
August 21, 2024
SANTA CLARA, Calif., August 21, 2024 – We are thrilled to announce that NSFOCUS has been recognized for the fourth consecutive year in Gartner’s esteemed 2024 Market Guide for Security Threat Intelligence Products and Services. This accolade is a testament to our enduring commitment to delivering advanced threat intelligence solutions that safeguard our clients against […]
New APT Group Actor240524: A Closer Look at Its Cyber Tactics Against Azerbaijan and Israel
August 8, 2024
Overview Leveraging NSFOCUS’s Global Threat Hunting System, NSFOCUS Security Labs (NSL) captured an attack campaign targeting Azerbaijan and Israel on July 1, 2024. By analyzing the tactics, attack vectors, weapons, and infrastructure of the attack in this incident, it was found that the exposed attack characteristics have no direct connection with known APT groups. Therefore, […]
TransparentTribe’s Spear-Phishing Targeting Indian Government Departments
July 24, 2024
Overview Leveraging our global threat hunting system, NSFOCUS Security Research Labs discovered spear-phishing email attacks by the APT group TransparentTribe targeting Indian government departments on February 2, 2024. The timing of these attacks coincides with the presidential election in India, scheduled for April-May of this year, and the bait documents are related to the “President’s […]
The New APT Group DarkCasino and the Global Surge in WinRAR 0-Day Exploits
November 10, 2023
Overview In 2022, NSFOCUS Research Labs revealed a large-scale APT attack campaign called DarkCasino and identified an active and dangerous aggressive threat actor. By continuously tracking and in-depth study of the attacker’s activities, NSFOCUS Research Labs has ruled out its link with known APT groups, confirmed its high-level persistent threat nature, and following the operational […]
APT Group DarkPink Exploits WinRAR 0-Day to Target Multiple Entities in Vietnam and Malaysia
October 13, 2023
Overview NSFOCUS Security Labs has been continuously monitoring the newly discovered WinRAR 0-day vulnerability, CVE-2023-38831. It has come to our attention that the advanced persistent threat group known as DarkPink has recently begun exploiting this vulnerability to target government entities in Vietnam and Malaysia. In this round of attack activities, DarkPink attackers have incorporated the […]
Indian Government Agencies Targeted in Phishing Attacks by APT Group SideCopy
March 13, 2023
Overview NSFOCUS detected a malicious macro file named “Cyber Advisory 2023.docm ” last month and confirmed that the document was delivered by Pakistan APT group SideCopy to lure the target to open and read while downloading the Trojan horse ReverseRAT to receive CnC instructions to steal data. SideCopy was disclosed by the security company Quick […]
Bread Crumbs of Threat Actors (Feb 13 – 26, 2023)
March 10, 2023
From 13 to 26 February 2023, NSFOCUS Security Labs found activity clues from 66 APT groups, one malware family (CoinMiner), and 426 threat actors targeting critical infrastructure. APT Groups Among the 66 APT groups discovered, the APT28 affected the most significant number of hosts from 13 to 26 February. Number of hosts affected by APT […]
