Terrorist Group reported tensions in Bamako [10 sources]
30d signal volume
By Threat Layer
Top Signals(showing 50 of 750)
View all signals →Armed Group reported tensions with Mali in Kidal [5 sources]
Look up signals and intelligence for any entity
30d signal volume
Campaign targets Chinese-speaking individuals using a trojanized SumatraPDF reader to deploy AdaptixC2 Beacon and facilitate remote access through Microsoft VS Code tunnels. Zscaler ThreatLabz attributed the campaign with high confidence to Tropic Trooper, a known APT group.
China's state-backed groups are deploying covert networks of compromised devices to execute attacks using low-cost, low-risk, and deniable methods. This approach suggests a strategic shift toward sustainable cyber operations with reduced attribution exposure.
Cybersecurity researchers are warning of two cybercrime groups (Cordial Spider and Snarky Spider) conducting rapid, high-impact attacks within SaaS environments while leaving minimal traces. These groups are attributed to high-speed data theft operations using sophisticated techniques to evade detection.
A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised hosts. The group impersonates IT help desk employees, convincing victims to accept Microsoft Teams chat invitations from fraudulent accounts to facilitate malware deployment.
A ransomware gang is noted for its rapid operational scaling and sophisticated technical capabilities despite a seemingly innocuous name. Researchers have documented the group's impressive speed in expanding operations, suggesting a well-organized and technically advanced criminal enterprise.
A group recruited children from Finland to attend a camp in Crimea while simultaneously receiving employment support from the City of Helsinki. This activity raises concerns about foreign influence operations targeting minors and the potential misuse of municipal resources.
A pro-Ukrainian hacktivist group called PhantomCore has been attributed to attacks targeting TrueConf video conferencing servers in Russia since September 2025, according to Positive Technologies research. The threat actors are leveraging an exploit chain of three vulnerabilities to execute remote commands on vulnerable systems.