Technical details on APT35 attempts to exploit Log4j vulnerability: 💣Both targeted attacks and mass-scanning 💎CharmPower: still-in-development Powershell-based modular toolkit 🧩Shared infrastructure with previous mobile and ransomware campaigns. research.checkpoint.com/2022/apt35-exp…

We investigated the recent attack against Iranian Broadcasting and discovered tools utilized in this operation, including the evidence of usage of destructive wiper malware. This suggests that the damage might be more serious than officially reported. research.checkpoint.com/2022/evilplayo…

This is as good a time as any to remind that the actions of a government don't necessarily reflect the opinions of its constituents. This is true in places where we get to choose our elected officials to some extent, and even more so everywhere else.

Based on conti leaks, we made an interactive graph of Conti members' relations and share some insights: 🥳Impressive level of self-organization 🥳Bonuses, prizes and bring-your-friend programs 🥳New friends and career growth! 👀Looming threat of prison research.checkpoint.com/2022/leaks-of-…

Thank you everyone who made #HagueTIX2022 happen. It was insightful, it was fun, and it had trains!

We Reveal 7 Years of #ScarletMimic Mobile Surveillance Campaign Targeting Uyghurs: 📱 More than 20 different Android samples 📄 Uyghur-related lures 👁️ Full surveillance capabilities 🤙 Conduct calls and SMS from victim's device Read More: research.checkpoint.com/2022/never-tru…

Since the end of March, all the files submitted to VirusTotal from Donetsk and Luhansk regions are shown in their telemetry as ZZ country. VirusTotal Any chance you can assist with geography to your geolocation services provider?

Amid the crisis in Azerbaijan’s breakaway region of Nagorno-Karabakh, our new report reveals Azerbaijani political surveillance using #OxtaRAT malware: 🕵️AutoIT/JPEG polyglot file 🎯Targets activists in Azerbaijan🇦🇿 and entities in Armenia🇦🇲 Read more >> research.checkpoint.com/2023/operation…

This coup could have been an email

[1/5] CPR in collaboration with Sygnia has been tracking #ScarredManticore, one of the most sophisticated Iranian threat actors uncovered to date. Attributed to the MOIS, it is linked to some of the most impactful Iranian intrusions in recent years. research.checkpoint.com/2023/from-alba…

While most associate this report with the Israel-Hamas conflict, the actor managed to infiltrate numerous high-profile targets throughout the Middle East in recent years. Given their track record of sharing access with disruptive malware operators, this is a region-wide concern.

20 years of VirusTotal: 2004-2024

🇪🇺Amid the upcoming EU membership referendum, Moldova is being hit with #disinformation emails aimed at discrediting the pro-EU course and its supporters. 🕵️Read more about hybrid disinformation-malware operations across Europe by the #LyingPigeon group: research.checkpoint.com/2024/disinform…

Following the advisory, CPR shares an in-depth analysis of the malware attributed to Emennet Pasargad: 🐁 WezRat: a custom infostealer 🧀 Uses DLL modules for screenshots, keylogging, file theft, etc. 🐈 Over a year of activity and evolution Read more: 👉 research.checkpoint.com/2024/wezrat-ma…

Zero-Day used by Stealth Falcon APT group in a spear-phishing campaign: 💥 .URL file exploitation (assigned CVE-2025-33053) 🧰 Custom Mythic implants, LOLBins, and custom payloads 🌍 High-profile targets across the Middle East and Africa research.checkpoint.com/2025/stealth-f…

🇮🇷🇮🇱 In their latest phishing campaigns, Iranian APT Educated Manticore poses as cybersecurity researchers and executives to target top tech academics in Israel: 🔗 Fake Google Meet meetings 🌐 Phishing kits as Single Page App with React 👉 Details: research.checkpoint.com/2025/iranian-e…

Unmasking the China-nexus #Storm2603 toolset that pre-dated the ToolShell wave. 📅Active since at least Apr 2025. 🔑Multiple ransomware deployed together: LockBit + Warlock. 💥Custom backdoors: ak47dns & ak47http. Read more --> research.checkpoint.com/2025/before-to…

China-linked #InkDragon expands into Europe, building a distributed relay network by weaponizing compromised servers with a custom #ShadowPad IIS listener alongside new TTPs and an evolved FinalDraft.research.checkpoint.com/2025/ink-drago…

🚨ALERT🚨 Gulf countries, Cyprus & Israel - A massive wave of IP camera scanning and exploitation from Iran-linked infrastructure. ✅ Patch to the latest version 🔐 Enforce strong, unique passwords and restrict external access Read More : research.checkpoint.com/2026/interplay…