Summary Between January 2025 and January 2026, Arctic Wolf tracked an extensive cyber espionage campaign that we assess was conducted by SloppyLemming (also known as

Summary  In September 2025, Arctic Wolf® Labs identified a U.S.-based company that was targeted by RomCom threat actors via SocGholish, operated by TA569. While the

Threat Actor Name: UNC6384 Targeted Industries: Government, Diplomatic Services Geographic Focus: Hungary, Belgium, Serbia, Italy, Netherlands (broader European diplomatic community) Executive Summary Arctic Wolf Labs

Summary Arctic Wolf Labs has identified and analyzed a new malware loader we’re calling Caminho, a Brazilian-origin Loader-as-a-Service (LaaS) operation employing Least Significant Bit (LSB)

Key Takeaways In late July 2025, Arctic Wolf® detected a surge of malicious activity targeting environments running SonicWall firewalls—a campaign that remains active at the

Executive Summary On 19 August  2025, the Arctic Wolf® Cybersecurity Operations Center (cSOC) uncovered and remediated a sophisticated delivery chain: a threat actor leveraged GitHub’s repository

Executive Summary A relatively new ransomware group, Interlock, has gained traction in 2025 as an opportunistic ransomware operator that leverages compromised websites and multi-stage social

Executive Summary The Arctic Wolf® Labs team has identified a new campaign by cyber-espionage group Dropping Elephant targeting Turkish defense contractors, specifically a manufacturer of

Summary A financially-motivated threat actor, active since early 2021, has been targeting Mexican organizations with custom packaged installers that deliver a modified version of AllaKore

Introduction In today’s interconnected world, the line between physical and digital domains is increasingly blurred, with geopolitical tensions often spilling over into cyberspace. Over the

Executive Summary The Arctic Wolf® Labs team has discovered that the cyber-espionage group UAC-0226, known for utilizing the infostealer GIFTEDCROOK, has significantly evolved its capabilities.

Takeaways  Arctic Wolf® observed a recent campaign by the financially motivated threat group Venom Spider targeting hiring managers with spear-phishing emails. The group abuses legitimate

Executive Summary During routine monitoring of the cyber threat landscape in Southeast Asia, the Arctic Wolf Labs team came across a relatively recent Indonesian-based hacktivist

Key Takeaways Arctic Wolf observed a recent campaign affecting Fortinet FortiGate firewall devices with management interfaces exposed on the public internet. The campaign involved unauthorized

Key Takeaways Cleo MFT products were exploited by threat actors to deploy a malicious PowerShell stager, culminating in the execution of a Java-based backdoor we

Key Takeaways Arctic Wolf has observed multiple intrusions across a variety of industries involving Palo Alto Network firewall devices. Affected devices triggered downloads over HTTP

Summary In early September, as part of the Arctic Wolf® Labs team’s continuous monitoring of cyber activities across the Indian subcontinent, we came across an

Key Takeaways Arctic Wolf has observed an influx of at least 30 Akira and Fog intrusions across a variety of industries since early August, each

Summary As part of our continuous threat hunting efforts, the Arctic Wolf® Labs team has discovered a new campaign by the nation-state threat actor known

Summary Beginning in early July 2024, Arctic Wolf responded to multiple SocGholish/FakeUpdate intrusions that resulted in a seemingly benign payload being delivered as a second-stage

Summary In June 2024, a threat group utilizing Akira ransomware was discovered targeting a Latin American airline. The threat actor initially accessed the network via

Summary As part of our continuous hunting efforts across the Asia-Pacific region, the Arctic Wolf® Labs team discovered Pakistani-based advanced persistent threat group Transparent Tribe

Summary In late 2023, the Arctic Wolf® Labs team identified a spear-phishing campaign by threat group FIN7 that targeted a large automotive manufacturer based in

Threat actors looking to maximize the amount of money they can make and chaos they can cause have once again chosen the supply chain as

UPDATE: While the analyzed samples in this report were initially stated as iOS, they are actually Mach-O samples used in the macOS version of LightSpy.  

Background Arctic Wolf Labs has been tracking two recent intrusions where threat actors leveraged a new Go-based malware downloader we are calling “CherryLoader” that allowed

This article aims to share timely and relevant information about a rapidly developing campaign under investigation. We are publishing it as early as possible for