Threat Intelligence & Research

Original research, PreBreach intelligence insights, and security best practices from our cybersecurity experts.

China-Nexus APT Targets India with Fake Tax Assessment Campaign Using DLL Hijacking
APTMalware

China-Nexus APT Targets India with Fake Tax Assessment Campaign Using DLL Hijacking

CyberArmor identified a targeted phishing campaign leveraging an Indian Income Tax Department theme to deliver malware through a multi-stage infection chain. Victims receive a PDF attachment that redirects to a convincing fake government portal, ultimately leading to a VHDX disk image containing a DLL hijacking implant. The campaign demonstrates a high level of operational security and evasion techniques commonly associated with advanced persistent threat (APT) activity.

Nguyen NguyenJun 27, 2026
How Threat Actors Abuse Microsoft's Login Infrastructure to Increase Phishing Success Rates
phishingProtection

How Threat Actors Abuse Microsoft's Login Infrastructure to Increase Phishing Success Rates

Threat actors are increasingly abusing Microsoft's legitimate authentication infrastructure to improve phishing success rates, evade detection, and gain access to corporate accounts. Learn how these attacks work and what defenders should monitor.

Nguyen NguyenJun 10, 2026
Inside “SalatStealer” — Reverse Engineering a YouTube Bitcoin Brute Tool Malware
YoutubeSalatStealer

Inside “SalatStealer” — Reverse Engineering a YouTube Bitcoin Brute Tool Malware

Nguyen NguyenMay 2, 2026
When Malware Wears a Brand: Zoom Lure → Fake Microsoft Marketplace → Remote Access via Zoho
phishingzoho

When Malware Wears a Brand: Zoom Lure → Fake Microsoft Marketplace → Remote Access via Zoho

A new attack chain uses brand impersonation and legitimate tools to bypass detection—turning everyday collaboration into a covert entry point.

Nguyen NguyenApr 22, 2026
GraphQL Phishing: Gmail-Themed Credential Harvesting Behind Cloudflare
phishingMFA bypass

GraphQL Phishing: Gmail-Themed Credential Harvesting Behind Cloudflare

Nguyen NguyenApr 16, 2026
Operation Gauloises: How One Operator Bridges the DarkWeb to the Levant via Whish Money
DarkWeb

Operation Gauloises: How One Operator Bridges the DarkWeb to the Levant via Whish Money

Technical Analysis of DarkWeb Liquidity Off-Ramping via Levantine Fintech

Ali AlameApr 13, 2026
PreviousPage 1 of 6Next
Autumn Dragon report cover

Get Our Report

Autumn Dragon: China-nexus APT Group Targets South East Asia

A China-nexus threat actor has been observed using a chain of DLL sideloading attacks to compromise government and media organizations across Singapore, Laos, Cambodia, Indonesia and the Philippines.

Download

Sign up for access

Advanced phishing and malware forensics to protect identity asset ownership before your organizations compromised credentials reach the dark web

Get proactive, prebreach intelligence

Be an early adopter with enhanced support and input on feature development

Limited time early adopter pricing

Get an edge over your competition