Feb 04, 2026
APT28 (aka Fancy Bear or UAC-0001) has launched a sophisticated espionage campaign targeting European military government, and transportation entities, The attackers weaponized a newly disclosed Microsoft Office 1-day (CVE-2026-21509) within 24 hours of its public revelation, using spear-phishing documents, a multi-stage infection chain and novel payloads.
Dec 15, 2025
A Russian APT has been targeting Spain, Lithuania, Bulgaria, and more, since at least 2023.
Dec 5, 2025
UNC1151 has operated with a higher operational tempo in 2025, and in this blog, Labs shows how to track this actor, by surfacing two clusters of activity, and tying it to previously attributed samples.
Oct 20, 2025
Follow along as StrikeReady Labs highlights four techniques that were useful to surface four different clusters of targeted threat activity in 2025.
Oct 03, 2025
Mustang Panda continues targeting European governments.
Sep 30, 2025
Earlier in 2025, an apparent sender from 193.29.58.37 spoofed the Libyan Navy’s Office of Protocol to send a then-zero-day exploit in Zimbra’s Collaboration Suite,
CVE-2025-27915, targeting Brazil’s military.
Sep 12, 2025
Sidewinder APT is leveraging the ongoing turmoil in Nepal to distribute mobile malware.
Aug 18, 2025
A South Asian APT has been persistently targeting Sri Lanka, Bangladesh, Pakistan, and Turkey. This post walks through infrastructure and malware pivots to expose novel tooling that compromised the phones of military-adjacent folks.
Aug 18, 2025
Between March and July 2025, DPRK-linked actors are believed to have carried out at least 19 spear-phishing email attacks against embassies worldwide, impersonating trusted diplomatic contacts and luring embassy staff with credible meeting invites, official letters, and event invitations.
Nov 28, 2024
Sandworm is considered one of the most advanced Russian APT groups, responsible for attacks on the Energy infrastructure of its neighbors. This blog will show a few techniques we use to track their phishing campaigns.
Oct 28, 2024
Customers often have a broad understanding of threat groups they want to track, but not always the tools to build operational workflows to enrich and action results. This blog walks through three simple pivots we can take off your plate.
September 09, 2024
Artificial intelligence (AI) has been a hot topic across industries, especially in cybersecurity. With promises of revolutionizing threat detection and response, AI is often surrounded by hype and skepticism. In a recent StrikeReady webinar, Alex Langston, Chief Evangelist, and Tom Los, a veteran in security, took a deep dive into the myths versus realities of AI in cybersecurity, specifically for Security Operations Center (SOC) leaders.
August 07, 2024
Active for over 10 years, the Bitter threat actor has maintained an unusually frenetic pace of operations. Although occasionally derided on the sophistication scale, they have been wildly successful at completing their regional missions. In addition to first-party incidents we’ve investigated, this is also clear from use of exploited infrastructure to attack subsequent targets. They’ve been willing to burn accesses that other groups would have kept close held. This blog sheds light on their latest activities, including previously untracked IOCs, and provides analysis of their manually dropped payloads.
July 24, 2024
Russian attackers continue to bypass detection technologies with simplistic yet effective techniques. In this blog we examine a campaign targeting Ukraine leveraging email attachments less than 150 bytes, which seem to bypass certain tools.
June 27, 2024
The volume of Linux malware is orders of magnitude less than for other operating systems, and as such, has fewer eyeballs researching it. Analysts don't want to spend thousands of hours building detection systems for threats that they will never see. However, for an enterprising hunter, this lack of prevalence can work in your favor --- if your enterprise only sees one or two ELF email attachments per year, you can afford to give each a quick eyeball.
June 24, 2024
Russian Government hackers continue to leverage novel techniques for defeating automated analysis systems. In this blog, we examine a simple html trick for waiting for a user to jiggle the mouse before executing the malicious javascript.
May 29, 2024
In this blog, we examine the typical causes of Dangling DNS hijacking, and how we were able to ethically report issues at a major vendor
May 24, 2024
StrikeReady wins in three categories.
April 20, 2024
This is the first article in a series about technical hunting wins that are attainable by all SOC teams.
April 3, 2024
How StrikeReady helps you track APT infrastructure before it's used against your organization.
February 29, 2024
How StrikeReady helped a SOC prioritize alerts triggered by a previously untagged APT actor.
