intelligence research
SEO poisoning campaign leverages Gemini and Claude Code impersonation to deliver infostealer
Executive summary Financially motivated eCrime actors will likely continue to expand opportunistic campaigns by impersonating AI platforms. These campaigns generate direct supply chain risk for enterprises, as threat actors target software developer ...
China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures
Executive Summary  EclecticIQ analysts assess with high confidence that, in April 2025, China-nexus nation-state APTs (advanced persistent threat) launched high-temp exploitation campaigns against critical infrastructure networks by targeting SAP NetWeaver Visual ...
Chinese State-Sponsored Cyber Espionage Activity Targeting Semiconductor Industry in East Asia
Executive Summary EclecticIQ analysts identified a cyber espionage campaign where threat actors used a variant of HyperBro loader with a Taiwan Semiconductor Manufacturing (TSMC) lure, likely to target the semiconductor industry in ...
Decrypting Key Group Ransomware: Emerging Financially Motivated Cyber Crime Gang
Executive Summary The Key Group ransomware family was first revealed on January 6, 2023, continuing their operations since then. EclecticIQ researchers assess with high confidence, the Key Group ransomware gang is primarily ...
Malware-as-a-Service: Redline Stealer Variants Demonstrate a Low-Barrier-to-Entry Threat
Multiple New Campaigns in 2023 Demonstrate The Malware Family Has Been Redeveloped to Remain a Popular And Prominent Threat EclecticIQ analysts observe the malware family targeting financial information to be used for ...
Exposed Web Panel Reveals Gamaredon Group’s Automated Spear Phishing Campaigns
Executive Summary On February 09, 2023, EclecticIQ analysts identified a spear phishing campaign targeting Ukrainian government entities like the Foreign Intelligence Service of Ukraine (SZRU) and Security Service of Ukraine (SSU). Analysts ...
Dark Pink APT Group Strikes Government Entities in South Asian Countries
Executive Summary In February 2023, EclecticIQ researchers identified multiple KamiKakaBot malwares which are very likely used to target government entities in ASEAN (Association of Southeast Asian Nations) countries. The latest attacks, which ...
DeFi Hack Recovers Stolen Funds; Blacklotus Bypasses Windows Secure Boot
Tactics, Techniques, And Procedures Executed in Collaboration Between Jump Crypto and Oasis Networks to Hack Their Own Protocol The series of tactics, techniques, and procedures involved relies on the fact that a threat actor ...
Multi-Year Spearphishing Campaign Targets the Maritime Industry Likely for Financial GainÂ
Executive summary In May 2020 EclecticIQ Intelligence and Research Team published a report () on phishing lures impersonating the maritime industry. This research offers new insights and update on the topic. The ...
A Year of the Russia-Ukraine War: Seven Types of Cyberattacks Used Against Ukraine
As EclecticIQ looks back at the year since Russia’s initial invasion of Ukraine, it is clear cyberattacks have been an important part of Russia’s arsenal. This assessment is based on the variety ...
