Synaptic Security Blog

Threat Actors

APT28

Country: Russia 🇷🇺

Targets: Ukraine 🇺🇦 (#1), NATO / EU

APT28: Geofencing as a Targeting Signal (CVE-2026-21509 Campaign)February 3, 2026

APT36

Country: Pakistan 🇵🇰
Targets: India 🇮🇳 (#1), Afghanistan 🇦🇫, Bangladesh 🇧🇩, Sri Lanka 🇱🇰

APT36 – “Abaris” Deobfuscating VB DropperOctober 19, 2025

Gamaredon

Country: Russia 🇷🇺
Targets: Ukraine 🇺🇦 (#1)

Following Gamaredons Infrastructure Rotations using KrakenMarch 23, 2026
Gamaredon: Now Downloading via Windows Updates Best Friend “BITS”January 13, 2026
Defending Against Gamaredon: Practical Controls That Actually WorkJanuary 6, 2026
Gamaredon: Same Goal, Fewer FingerprintsJanuary 5, 2026
GamaWiper Explained: Gamaredon’s “New” Anti-Analysis WeaponDecember 22, 2025
Inside Gamaredon 2025: Zero-Click Espionage at ScaleNovember 22, 2025
How a Russian Threat Actor Uses a Recent WinRAR Vulnerability in Their Ukraine OperationsNovember 13, 2025

MuddyWater

Country: Iran 🇮🇷
Targets: Iraq 🇮🇶, Saudi Arabia 🇸🇦, United Arab Emirates 🇦🇪, Jordan 🇯🇴, Turkey 🇹🇷, Israel 🇮🇱, Germany 🇩🇪, United States 🇺🇸

Observed Telegram Bot Naming Patterns in Recent MuddyWater Malware ActivityMarch 21, 2026
RustyStealer: Your Compiler Is Snitching on YouJanuary 15, 2026
MuddyWater: When Your Build System Becomes an IOC – “Jacob”January 10, 2026

North Korea

Country: North Korea 🇰🇵

Targets: Democracy

Why Is a North Korean Mail Server Using a .cc Domain? – Threat Intelligence Beyond MalwareJanuary 27, 2026

UAC-0226

Country: UNKNOWN

Targets: Ukraine 🇺🇦 (#1)

Obfuscation Without Effort: Breaking a UAC-0226 GIFTEDCROOK StealerApril 9, 2026

All

Obfuscation Without Effort: Breaking a UAC-0226 GIFTEDCROOK StealerApril 9, 2026
Following Gamaredons Infrastructure Rotations using KrakenMarch 23, 2026
Observed Telegram Bot Naming Patterns in Recent MuddyWater Malware ActivityMarch 21, 2026
APT28: Geofencing as a Targeting Signal (CVE-2026-21509 Campaign)February 3, 2026
Why Is a North Korean Mail Server Using a .cc Domain? – Threat Intelligence Beyond MalwareJanuary 27, 2026
RustyStealer: Your Compiler Is Snitching on YouJanuary 15, 2026
Gamaredon: Now Downloading via Windows Updates Best Friend “BITS”January 13, 2026
MuddyWater: When Your Build System Becomes an IOC – “Jacob”January 10, 2026
Defending Against Gamaredon: Practical Controls That Actually WorkJanuary 6, 2026
Gamaredon: Same Goal, Fewer FingerprintsJanuary 5, 2026
GamaWiper Explained: Gamaredon’s “New” Anti-Analysis WeaponDecember 22, 2025
Inside Gamaredon 2025: Zero-Click Espionage at ScaleNovember 22, 2025
How a Russian Threat Actor Uses a Recent WinRAR Vulnerability in Their Ukraine OperationsNovember 13, 2025
APT36 – “Abaris” Deobfuscating VB DropperOctober 19, 2025
APT44 – Sandworm TeamOctober 18, 2025
APT1October 3, 2025