780th Military Intelligence Brigade (Cyber)

China-nexus Group Targets Persian Gulf Region | ThreatLabz China-nexus threat actor targets Persian Gulf region with a multi-stage attack chain that deploys a PlugX backdoor.

China-nexus Threat Actor Targets Persian Gulf Region With PlugX
Zscaler
www.zscaler.com/blogs/securi...
@zscalerinc.bsky.social

Russia and China in the Gray Zone Explainer videos from the Joint Special Operations University examine how Russia and China use gray-zone tactics—coercion, disinformation, and proxies—to compete with the U.S. below the threshold of o...

Russia and China in the Gray Zone
Two short videos from the Joint Special Operations University outline the growing importance of the “Gray Zone” in modern strategic competition.
Small Wars Journal
smallwarsjournal.com/2026/03/12/r...

The Kremlin’s Cognitive Assault on Europe This article examines Russia’s use of cognitive warfare to disrupt Western military aid to Ukraine by targeting the "selectorates" (voting publics) of European democracies. Using the "firehose of fals...

The Kremlin’s Cognitive Assault on Europe
Small Wars Journal
This article examines Russia’s use of cognitive warfare to target Europe’s populace to disrupt Western aid to Ukraine.
smallwarsjournal.com/2026/03/13/t...

Iran Supreme Leader Mojtaba Khamenei has verified account on X, Elon Musk's platform The newly created account was busy posting on Thursday, its first day being active on the X social media platform.

Iran Supreme Leader Mojtaba Khamenei has verified account on X, Elon Musk’s platform
CNBC
www.cnbc.com/2026/03/12/i...
@cnbc.com

“Handala Hack” - Unveiling Group's Modus Operandi - Check Point Research Key Findings Introduction Handala Hack, also tracked by Check Point Research as Void Manticore, is an Iranian threat actor that is known for multiple destructive wiping attacks combined with “hack and...

Handala Hack is an online persona operated by Void Manticore (aka Red Sandstorm, Banished Kitten), an actor affiliated with Iranian Ministry of Intelligence and Security (MOIS)
Check Point Research
research.checkpoint.com/2026/handala...

Insights: Increased Risk of Wiper Attacks We are observing an increase of wiper attacks by the Iran-linked Handala Hack group (aka Void Manticore) through phishing and misuse of Microsoft Intune.

Despite initial hacktivist-aligned messaging, the Handala group is currently assessed by the threat intelligence community to be a state-directed front for Iran’s Ministry of Intelligence and Security (MOIS).
Unit 42 | Palo Alto
unit42.paloaltonetworks.com/handala-hack...

"Muddying the waters further, several pro-Russian hacktivist groups have now apparently joined the fray in support of Iran" @esetofficial.bsky.social

Cyber fallout from the Iran war: What to have on your radar The cybersecurity implications of the war in the Middle East extend far beyond the region. Here’s where to focus your defenses.

Within hours of the US-Israel ‘Operation Epic Fury’, Iran-nexus cyber-actors mobilized in large numbers – Palo Alto Networks' @Unit42_Intel counted more than 60 active pro-Iranian hacktivist groups.
ESET
www.welivesecurity.com/en/business-...
@esetofficial.bsky.social

Among the activities of APT groups in February 2026, attacks by APT28, Lotus Blossom, TA-RedAnt (APT37), UAT-8616, UNC3886, and UNC6201 were particularly prominent.
ASEC
asec.ahnlab.com/en/92906/

Treasury Sanctions Facilitators of DPRK IT Worker Fraud Targeting U.S. Businesses
U.S. Department of Treasury
home.treasury.gov/news/press-r...

Note: BG Matthew Lennox commanded the 780th MI BDE from July 2, 2020, to June 28, 2022.

Cyber National Mission Force to get new commander amid broader leadership turnover Brig. Gen. Matthew Lennox, a senior leader at Army Cyber Command, will take over for Marine Corps Maj. Gen. Lorna Mahlock, who had led the force since 2024.

Cyber National Mission Force to get new commander amid broader leadership turnover
The Record
therecord.media/cyber-nation...
@therecordmedia.bsky.social

APT Profile – Earth Lusca - CYFIRMA Earth Lusca (aka FishMonger) is a China-linked threat actor active since 2019, that focuses primarily on cyber-espionage against government, media,...

APT Profile – Earth Lusca
Earth Lusca (aka FishMonger) is a China-linked threat actor active since 2019
Cyfirma
www.cyfirma.com/research/apt...

Iran’s Cyber Playbook in the Escalating Regional Conflict Understand the cyber-related activities that Rapid7 Labs has observed in accordance with the tension in Iran, including hacktivism, phishing campaigns, data theft, and other disruptive operations.

Iran’s Cyber Playbook in the Escalating Regional Conflict
Rapid7 Labs
www.rapid7.com/blog/post/tr...
@rapid7.com

National Security Overview 2026
Finish Security and Intelligence Service
supo.fi/en/overview

Finnish intelligence warns of persistent cyber espionage from Russia, China Cyberespionage remains the country’s most significant digital threat, with attackers targeting government systems, research institutions and companies developing advanced technologies, according to a ...

Finnish intelligence warns of persistent cyber espionage from Russia, China
The Record | Recorded Future
therecord.media/finnish-inte...
@therecordmedia.bsky.social

Sednit reloaded: Back in the trenches ESET researchers document how the Sednit APT group has reemerged with a modern toolkit centered on two paired implants – BeardShell and Covenant.

Sednit reloaded: Back in the trenches
The Sednit group – also known as APT28, Fancy Bear, Forest Blizzard, or Sofacy – has been operating since at least 2004.
ESET
www.welivesecurity.com/en/eset-rese...
@esetofficial.bsky.social

From Wagner to GRU, Russian Military Men Are Manning Moscow’s Shadow Fleet Cargo ships transporting sanctioned Russian oil through the Baltic Sea are routinely setting sail with two extra crew on board: a pair of Russian men with backgrounds in security organizations.

From Wagner to GRU, Russian Military Men Are Manning Moscow’s Shadow Fleet
The Organized Crime and Corruption Reporting Project
www.occrp.org/en/investiga...
@occrp.org

China‑Nexus APT Targets Qatar Chinese‑nexus threat actors are accelerating cyber‑espionage targeting Qatar, deploying PlugX, Rust‑based loaders, and Cobalt Strike with conflict‑themed lures. Explore how APT groups like Camaro Drag...

China-Nexus Activity Against Qatar Observed Amid Expanding Regional Tensions
Check Point Software
blog.checkpoint.com/research/chi...

Russia targets Signal and WhatsApp accounts in cyber campaign | AIVD Russian state hackers are engaged in a large-scale global cyber campaign to gain access to Signal and WhatsApp accounts belonging to dignitaries, military personnel and civil servants. The Dutch intel...

Russia targets Signal and WhatsApp accounts in cyber campaign
General Intelligence and Security Service | Netherlands
english.aivd.nl/latest/news/...

AI as tradecraft: How threat actors operationalize AI | Microsoft Security Blog Threat actors are operationalizing AI to scale and sustain malicious activity, accelerating tradecraft and increasing risk for defenders, as illustrated by recent activity from North Korean groups suc...

This blog highlights observations from North Korean remote IT worker activity tracked by Microsoft Threat Intelligence as Jasper Sleet and Coral Sleet
Microsoft Threat Intelligence
www.microsoft.com/en-us/securi...

Unmasking an Attack Chain of MuddyWater | Huntress Huntress has identified and detailed a full timeline of an intrusion in a customer environment that aligns with what others have identified as MuddyWater (Iranian-linked APT).

TL;DR: Huntress has identified and detailed a full timeline of an intrusion in a customer environment that aligns with what others have identified as MuddyWater (Iranian-linked APT).
Huntress
www.huntress.com/blog/muddywa...
@huntress.com

UAT-9244 targets South American telecommunication providers with three new malware implants Cisco Talos is disclosing UAT-9244, who we assess with high confidence is a China-nexus advanced persistent threat (APT) actor closely associated with Famous Sparrow.

UAT-9244 targets South American telecommunication providers with three new malware implants
Cisco Talos assesses UAT-9244, with high confidence, is a China-nexus APT actor closely associated with Famous Sparrow.
Cisco Talos
blog.talosintelligence.com/uat-9244/

Look What You Made Us Patch: 2025 Zero-Days in Review | Google Cloud Blog Our analysis of 90 zero-day vulnerabilities tracked in 2025, focusing on techniques and how AI will accelerate the vulnerability landscape.

People’s Republic of China (PRC)-nexus cyber espionage groups continue to dominate traditional state-sponsored espionage zero-day exploitation.
Google Threat Intelligence Group
cloud.google.com/blog/topics/...

Interplay between Iranian Targeting of IP Cameras and Physical Warfare in the Middle East - Check Point Research Key Findings Introduction As highlighted in the Cyber Security Report 2026, cyber operations have increasingly become an additional tool in interstate conflicts, used both to support military operatio...

Interplay between Iranian Targeting of IP Cameras and Physical Warfare in the Middle East
Check Point Research
research.checkpoint.com/2026/interpl...

Seedworm: Iranian APT on Networks of U.S. Bank, Airport, Software Company This activity began in early February and has continued in recent days. What organizations should expect next from Iran-aligned groups and the steps they should take to guard against cyberattacks.

Seedworm: Iranian APT on Networks of U.S. Bank, Airport, Software Company
Symantec
www.security.com/threat-intel...

Exposing a Russian Campaign Targeting Ukraine Using
New Malware Duo: BadPaw and MeowMeow
Clearsky
www.clearskysec.com/wp-content/u...

Russian hackers deploy new malware in phishing campaign targeting Ukraine Researchers have identified a suspected Russian espionage campaign targeting Ukraine that uses two previously undocumented malware strains.

Russian hackers deploy new malware in phishing campaign targeting Ukraine
The Record | Recorded Future
therecord.media/russian-ukra...
@therecordmedia.bsky.social

Silver Dragon Targets Organizations in Southeast Asia and Europe - Check Point Research Key Findings Introduction In recent months, Check Point Research (CPR) has been tracking a sophisticated, Chinese-aligned threat group whose activity demonstrates operational correlation with campaign...

Silver Dragon Targets Organizations in Southeast Asia and Europe
Silver Dragon, an APT group, is likely operating within the umbrella of Chinese-nexus APT41.
Check Point Research
research.checkpoint.com/2026/silver-...

Dust Specter APT Targets Gov’t Officials in Iraq | ThreatLabz Dust Specter, a suspected Iran-nexus APT threat actor, targets officials in Iraq with newly discovered malware: SPLITDROP, TWINTASK, TWINTALK & GHOSTFORM.

In January 2026, Zscaler ThreatLabz observed activity by a suspected Iran-nexus threat actor targeting government officials in Iraq.
www.zscaler.com/blogs/securi...
@zscalerinc.bsky.social