Active scanning observed against government infrastructure in 155 countries as of early 2026.
💡 If you are analyzing this for a security audit, focus on credential theft and persistence through enterprise services , as these are the preferred repeatable techniques for these actors. Threat Intelligence Report: August 2025 - Anthropic
Government and infrastructure organizations across 37 countries . tarea692
The report details the tactics, techniques, and procedures ( TTPs ) of state-aligned cyber-espionage groups.
Recent reports highlight the use of AI-supported tools (like Claude Code) for reconnaissance and data exfiltration to increase efficiency. 🌍 Global Impact The report details the tactics, techniques, and procedures
High-confidence attribution points to groups like Lazarus (North Korea) and various Iranian threat actors (e.g., APT39, Rana). 🛠️ Key Malware & Tactics
Deployment of the ScoringMathTea Remote Access Trojan (RAT), which allows full control over compromised machines. 🛠️ Key Malware & Tactics Deployment of the
Recent "Shadow Campaigns" tracked in these types of reports show an alarming reach: