Your trusted hub for learning, developing, and mastering the skills that shape tomorrow's digital defense.
Discover NowAPT33, also known as Elfin or Refined Kitten, is Iran’s long-running cyber-espionage group targeting global defense, energy, and aerospace sectors with evolving tactics and tools.
Hazy Tiger is a South Asia-linked APT group active since 2013, targeting government, defense, and energy sectors through sophisticated espionage campaigns involving phishing, malware, and custom backdoors.
Razor Tiger (APT-C-17), also known as SideWinder, is a long-standing India-linked APT group active since 2012. Its evolving espionage campaigns now target South Asian governments, defense, and infrastructure using advanced malware and living-off-the-land tactics.
UNC4841, also known as SLIME57, is a China-linked APT group active since 2021, conducting cyber-espionage across government, defense, and tech sectors. Exploiting zero-day vulnerabilities and maintaining strong OPSEC, UNC4841 remains one of the most sophisticated and persistent espionage threats through 2025.
Ghostwriter, a Belarus/Russia-linked APT active since 2016, executes hybrid campaigns combining espionage, phishing, and disinformation against NATO and EU entities. Learn how these operations evolved into one of the most strategic influence threats in Eastern Europe.
GhostEmperor is a China-linked APT active since 2019, leveraging stealthy rootkits like Demodex to conduct espionage across Asia, the Middle East, and Africa. Known for its persistence and alignment with Beijing’s geopolitical interests, it remains a major cyber threat in 2025.
Earth Estries is a China-linked APT group active since the early 2020s, known for espionage campaigns targeting global governments, research institutions, and critical infrastructure. By 2025, the group’s activities have expanded worldwide, representing a major state-sponsored cyber threat aligned with Beijing’s geopolitical ambitions.
APT32 (OceanLotus), a Vietnam-linked APT group, has intensified its cyber-espionage operations in 2025, targeting NGOs and cybersecurity professionals through sophisticated supply-chain tactics, stealthy persistence methods, and selective data theft.
Stolen credentials have become the new gateway for ransomware. This in-depth analysis explores how leaked identities circulate through dark web markets, empowering RaaS affiliates and bypassing traditional security perimeters.
The MENA region remains a hotbed for state-sponsored APT activities. This article explores key actors like MuddyWater, OilRig, APT33, and SideWinder, revealing how geopolitical conflicts shape regional cyber-espionage operations.
