Ransomware/nation-state
Key Questions
Which ransomware groups recently targeted major manufacturers?
Nitrogen ransomware hit Foxconn’s North American factories. Qilin also struck healthcare and real-estate firms such as ROTO Immobilien.
What tactics are Iranian APTs using in 2026 campaigns?
Screening Serpens employs AppDomainManager hijacking and new RAT variants. Other Iran-linked groups use fake job sites and exploit Exchange/Fortinet flaws.
How are fake job sites used by Iranian hackers?
Iran-linked operators weaponize fraudulent recruiting portals to breach defense firms. The campaigns target tech and defense sectors for espionage.
What is Ghostwriter’s activity involving AI?
Ghostwriter has incorporated AI-generated content in operations targeting Ukraine. This marks an evolution in nation-state influence tactics.
Which European law enforcement action disrupted ransomware infrastructure?
Europol dismantled the “First VPN Service” used by at least 25 ransomware groups. The service provided anonymized access for criminal actors.
What malware trends are prominent in 2026 reports?
Telegram C2s, Cloudflare Workers, and wiper malware are among the top four types observed. These techniques support both ransomware and espionage.
Are there recent data breaches tied to these campaigns?
Multiple HIPAA-regulated entities reported breaches affecting thousands of patients. Some incidents overlap with ransomware and nation-state activity.
What new RAT variants are linked to Screening Serpens?
Unit 42 tracks Screening Serpens deploying updated remote access trojans via hijacked .NET mechanisms. Targets include technology and defense organizations.
Nitrogen (Foxconn), Qilin healthcare. Iran campaigns: fake job sites, 6 RATs, Exchange/Fortinet exploits. Ghostwriter AI use on Ukraine. New: Screening Serpens APT with AppDomainManager hijacking + RATs. Connecticut Medicaid breach (22.5k patients) fits healthcare targeting.