March 2026 Threat Trend Report on APT Groups

This report aggregates activity from 13 state-affiliated APT groups, highlighting region-specific campaigns (North Korea, Iran, China, Russia, South Asia/Pakistan) that leverage developer-targeted lures, exploitation of repositories and remote access, and modular malware (Node.js/Python/Go, Deno, Python) including wipers and infostealers. It notes sophisticated stealth techniques (kernel/driver-level concealment, trusted-service C2 via cloud storage/BitTorrent), impacts on healthcare and critical infrastructure, and recommends improved visibility into developer environments, cloud usage, email, and remote access paths.