Brandefense Academy Your trusted hub for learning, developing, and mastering the skills that shape tomorrow's digital defense.
Discover NowShadow AI is emerging as the next evolution of Shadow IT. This analysis reveals how misconfigured Clawdbot agent gateways expose LLM keys, corporate data, and integration tokens—creating a silent but critical attack surface.
APT35, also known as Charming Kitten, is an Iranian state-linked cyber espionage group active since 2011, conducting phishing, credential theft, and influence operations against political, academic, media, and NGO targets worldwide.
APT15 is a long-running, China-aligned cyber espionage group linked to the MSS, targeting governments, defense organizations, NGOs, and technology sectors globally with sustained operations through 2025.
TA577 (Hive0118) is a financially motivated, Russian-speaking cybercrime group active since 2020, specializing in large-scale phishing, credential theft, and NTLM hash capture, with strong links to ransomware operations such as Black Basta.
RomCom, also known as Void Rabisu or Storm-0978, is a Russia-aligned advanced persistent threat active since 2022. The group is known for combining espionage-driven operations with opportunistic financial activity, leveraging zero-day exploits, sophisticated phishing infrastructure, and stealthy malware to target NATO-aligned governments and defense sectors.
RomCom, also known as Void Rabisu or Storm-0978, is a Russia-aligned advanced persistent threat active since 2022. The group is known for combining espionage-driven operations with opportunistic financial activity, leveraging zero-day exploits, sophisticated phishing infrastructure, and stealthy malware to target NATO-aligned governments and defense sectors.
APT40 is a China-aligned advanced persistent threat (APT) group known for long-term cyber espionage campaigns targeting maritime, defense, academic, and government organizations, particularly across the Indo-Pacific region.
RomCom, also known as Void Rabisu or Storm-0978, is a Russia-aligned advanced persistent threat active since 2022. The group is known for combining espionage-driven operations with opportunistic financial activity, leveraging zero-day exploits, sophisticated phishing infrastructure, and stealthy malware to target NATO-aligned governments and defense sectors.
Cactus is a financially motivated ransomware group leveraging VPN vulnerabilities, encrypted tunneling, and double extortion tactics to target enterprises across the US, UK, and Europe.
A deep-dive into Operation ForumTroll, a high-risk Russia-aligned threat actor conducting espionage, phishing, and influence operations across Eastern Europe.
