January 2026 APT Group Trends Report
ID: c277d3f7-8da6-57d4-ac39-67b627683fe9
STIX ID: report--c277d3f7-8da6-57d4-ac39-67b627683fe9
Feed Name: ASEC
This monthly intelligence summary documents multiple active APT campaigns and tools: Sandworm carried out destructive OT/IT attacks using DynoWiper against at least 30 Polish energy facilities causing significant operational disruption; Lazarus shifted to blockchain-based dead drops and developer-targeted supply-chain techniques including VSCode auto-execution and npm hijacking; Konni used AI-generated PowerShell backdoors and sophisticated ad-redirection evasion to target developers and blockchain infrastructure; other groups (UAT-7290, Andariel, Kimsuky) conducted long-term infiltration, supply-chain compromise, credential theft, and exfiltration operations across regions.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.