Kazuar: Anatomy of a nation-state botnet

In this article 1. Delivery 2. Module types 3. Botnet operations 4. Who is Secret Blizzard? 5. Mitigation and protection guidance 6. Microsoft Defender detections Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for...

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year period of minimal targeting in the region. The campaign has been attributed to TA416 , a cluster of activity that overlaps with DarkPeony, RedDelta, Red Lich,...

Chinese Mustang Panda Used Fake Diplomatic Briefings to Spy on Officials

A new spy campaign by Mustang Panda uses fake US diplomatic briefings to target government officials. Discover how this silent surveillance operation works...

MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors

The Iranian threat actor known as MuddyWater has been attributed to a spear-phishing campaign targeting diplomatic, maritime, financial, and telecom entities in the Middle East with a Rust-based implant codenamed RustyWater. "The campaign uses icon spoofing and malicious Word documents to deliver...

Hamas Linked Hackers Using AshTag Malware Against Diplomatic Offices

New report by Unit 42 reveals the Hamas-linked Ashen Lepus WIRTE group is using the AshTag malware suite to target Middle Eastern diplomatic and government entities with advanced, hidden tactics...

Malicious code in diplomatic_xerinae_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b856121e8c1321f6c60990b71e519ceabf4445b4f630ceda7c5049e6d73323a8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-99787

Malicious code in diplomaticmosquitoz3n npm...

EUVD-2025-105773

Malicious code in diplomaticcougarz3n npm...

MAL-2025-119530 Malicious code in diplomatic_cougar_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1148b8bad79dd98594ef4d90f1ab9dc9045d3e7a7a427e1d5bf13fa020798af6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-92453

Malicious code in diplomaticjaguarz3n npm...

EUVD-2025-92454

Malicious code in diplomaticanteaterz3n npm...

EUVD-2025-74744

Malicious code in diplomaticcariboubeige-67 npm...

EUVD-2025-77092

Malicious code in diplomaticantlion-teagooddev npm...

EUVD-2025-79420

Malicious code in diplomaticmammalz3n npm...

EUVD-2025-79419

Malicious code in diplomaticswordtailz3n npm...

MAL-2025-101577 Malicious code in diplomatic_anglerfish_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db401c859428267b4db7fd66d1c1bc08a93731153e6679486bc0dfaea5c37cb0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-71611

Malicious code in diplomaticcatz3n npm...

Malicious code in diplomatic_cat_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a0f3da6084dc8beab42dfe24d7653428d662d6fe7de789b747139df61c88bbc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-64526

Malicious code in diplomaticaardwolfz3n npm...

EUVD-2025-64523

Malicious code in diplomaticquailz3n npm...