🚨 👀 New Insikt Group report! As NATO leaders gather in The Hague next week, the upcoming summit comes under threat from adversary activity: state-sponsored espionage, malign influence operations, and a surge of chatter across the dark web.
Blog: www.recordedfuture.com/research/thr...
🇨🇳 🤖 New Insikt Group report! This research details how the People’s Liberation Army is rapidly experimenting with generative AI to augment — and potentially transform — its military intelligence capabilities.
Blog: www.recordedfuture.com/research/art...
Join me tomorrow for a live briefing on the conflict between Israel and Iran.
We’ll address specific geopolitical risks, cybercriminal and hacktivist groups, state-sponsored cyber threats, influence operations, and more.
Registration: recordedfuture.registration.goldcast.io/webinar/4b72...
Thank you to everyone who attended my session at our inaugural Insikt After Dark conference in New York City!
I spoke on our recent efforts to disrupt traffer teams, infostealer operators, and global scam infrastructure.
It’s always an honor to represent Recorded Future!
Outstanding work from @julianferdinand.bsky.social, @lawrencesec.bsky.social, and our Malicious Infrastructure Discovery (MID) team.
GrayAlpha shows how financially motivated actors operate with APT-level tradecraft.
Time to retire old threat models. Think in terms of ecosystems, not just malware.
Predator isn’t dead — it’s mutating.
New reporting from @julianferdinand.bsky.social just dropped. It confirms that Predator C2 is very much alive and attracting new clients.
Targets? The same. Activists, politicians, journalists, executives. The spyware economy isn’t slowing — it’s adapting.
Read more! This report includes an extensive list of capabilities and indicators linked to TAG-110 and its recent campaigns targeting Central Asia.
PDF: go.recordedfuture.com/hubfs/report...
🔑: “TAG-110’s recent use of macro-enabled Word templates (.dotm), placed in the Microsoft Word STARTUP folder for automatic execution, highlights a tactical evolution prioritizing persistence.”
🌏: “TAG-110’s persistent targeting of Tajik government, educational, and research institutions supports Russia’s strategy to maintain influence in Central Asia. These cyber-espionage operations likely aim to gather intelligence for influencing regional politics or security…”
🔍: “This campaign has been attributed to TAG-110 based on its reuse of VBA code found in lures from previous campaigns, overlap in C2 infrastructure, and use of suspected legitimate government documents for lure material.”
🎣: “TAG-110 has changed its spearphishing tactics in recent campaigns against Tajikistan, as they now rely on macro-enabled Word templates (.dotm files).”
New report! Check it out.
🇷🇺 🇹🇯 This research examines a campaign targeting Tajikistan attributed to Russia-aligned TAG-110 — linked to BlueDelta (APT28). This campaign is likely targeting government, educational, and research institutions.
Link: www.recordedfuture.com/research/rus...
Good riddance! This should make a sizable dent in the ecosystem.
🪦 Lumma Stealer 🪦
Link: www.europol.europa.eu/media-press/...
Read more! This report includes extensive research and analysis that can’t be fully captured in a single thread.
PDF: go.recordedfuture.com/hubfs/report...
🇺🇸: “Although the current US presidential administration has signalled that maintaining the US’s leading position… a priority, early actions to decrease public funding for science and target international students over alleged visa infractions likely risk undermining this goal.”
🏭: “China’s semiconductor industry likely still faces a bottleneck in producing sub-7 nanometer chips, and it is almost certainly attempting to develop its own extreme ultraviolet lithography tools using alternative techniques to advance domestic AI accelerator production.”
📉: “US export controls have also almost certainly prompted the Chinese government to accelerate funding for its AI hardware and semiconductor industries and high-performance computing infrastructure for training and hosting AI models.”
🔑: “Adopting open source is more prevalent among Chinese AI companies and likely enables China to diffuse its models more broadly than US proprietary models.”
🧑🏫: “Access to high-quality training data and IP is an increasingly contested domain where the US likely retains a competitive advantage; companies in both countries are likely leveraging user-generated content to train generative AI models.”
⚖️: “Closing the performance gap while being cost-competitive is very likely to pay off for China by driving the adoption of Chinese generative AI models domestically and abroad.”
🗓️: “According to Insikt Group's analysis of model benchmarks, Elo scores, and industry expert assessments, Chinese generative AI models likely now have a three to six-month performance gap behind US rivals, though this time lag is shortening.”
💡: “AI diffusion rather than innovation will very likely determine the ‘winner’ in the competition… but whether the US or China has greater levels of diffusion is unclear, with one metric (patents) nevertheless showing China has a lead in many industries.”
🧑🎓: “The international AI talent pool likely continues to favor the US due to a continuing — though declining — immigration advantage and the quality of elite educational institutions, but the practical implications of this lead for AI competition are likely eroding.”
🧑⚖️: “China’s regulatory scheme likely hampers Chinese AI capabilities and extends development and deployment timelines — but only among developers aiming for public-facing products, meaning frontier advancements are unlikely to be impeded.”
💰: “China’s overall government-led funding likely exceeds investment by US federal and state governments… however, total private-sector investment in AI companies in the US vastly outmatches private-sector investment in China.”
🤝: “China’s rapidly maturing AI ecosystem is very likely increasingly fostering collaboration between government, industry, and academia, and is supported by steady advances in semiconductor manufacturing.”
New report! Check it out.
This research examines US-China AI gap and the drivers of competition. Insikt Group assesses that China is unlikely to sustainably surpass the US on its desired timeline to become the world leader in AI by 2030.
Link: www.recordedfuture.com/research/mea...
I had a great time talking with @gregotto.bsky.social from @cyberscoop.bsky.social at RSAC 2025. Always fun!
Check out our conversation about my work on cryptoscam gangs, infostealer “traffer” teams, and the “Marko Polo” cybercriminal group.
Link: open.spotify.com/episode/70AY...
🔑: “Insikt Group observed ten distinct TerraStealerV2 distribution samples between January and March 2025 that employed varied delivery methods, including MSI, DLL, and LNK files.”
🛠️: “TerraStealerV2 lacks support for decrypting Chrome ABE-protected credentials, indicating the tool is likely outdated or still under development.”
