Tag: nation-state

Ransomware Devastates Oceania Healthcare While New Threats Target Critical Infrastructure

Healthcare systems across Australia, New Zealand, and Tonga face ransomware attacks from the INC group while Chinese state-backed actors shift focus to Qatar amid regional tensions. Supply chain attacks compromise GitHub Actions and new malware variants target HR departments with EDR evasion capabilities.

Mar 12, 2026Dark Reading, Infosecurity Magazine

ransomwarehealthcaresupply-chain

🇺🇸Google

criticalIndustry & Policy

Weekly Threat Brief: March 1-8, 2026 — AI Weaponization and Kinetic-Cyber Convergence

Iranian APTs deploy AI-generated malware and compromise critical infrastructure including prayer apps for psychological operations. Six critical vulnerabilities face active exploitation while cyber-kinetic warfare tactics proliferate across multiple theaters.

Mar 8, 2026Black Temple Weekly Digest

weekly-roundupthreat-intelligenceai-weaponization

🇮🇷MuddyWater🏴Phobos🇷🇺APT28🏴Play

🇺🇸LexisNexis🇨🇳Hikvision🇦🇪Telegram🇺🇸Google

highIndustry & Policy

Nation-State Ops Escalate: AI-Enhanced Infiltration and Cyber-Kinetic Warfare Converge

North Korea and Iran are escalating cyber operations with AI-enhanced worker infiltration schemes and cyber-kinetic warfare tactics. Meanwhile, zero-day attacks on enterprise software reached record highs in 2025, with security appliances being primary targets.

Mar 7, 2026Dark Reading, Infosecurity Magazine

nation-stateai-threatszero-day

🇮🇷MuddyWater

🇺🇸Google

highPrivacy & Surveillance

LLM-Assisted Government Breach and Camera Hijacking in Modern Warfare

An attacker used Anthropic's Claude AI to breach Mexican government networks, while multiple nations have adopted surveillance camera hijacking as standard cyber warfare tactics. These incidents highlight the evolving intersection of AI capabilities and nation-state surveillance operations.

Mar 6, 2026Schneier on Security, WIRED Security

llm-securitygovernment-breachsurveillance-cameras

highNation-State & APT

Nation-State Roundup: Iran-Nexus APT Targets Iraq Officials, Phobos Admin Pleads Guilty, Multi-Year Campaign Exposed

Iranian threat actors are actively targeting Iraqi government officials with previously unknown malware families, while law enforcement secured a guilty plea from a Phobos ransomware administrator. Separately, researchers uncovered a multi-year campaign targeting high-value sectors that went undetected for years.

Mar 6, 2026Security Affairs, Palo Alto Unit 42

aptiraniraq

🏴Phobos

mediumNation-State & APT

Iranian Prayer App Compromised for US/Israeli Propaganda Campaign

A popular Iranian prayer app with over 5 million downloads was allegedly compromised by US and/or Israeli intelligence services to broadcast propaganda messages to users immediately following explosions in Iran. The rapid deployment suggests pre-existing access to the application infrastructure.

Mar 5, 2026Schneier on Security

nation-statemobile-appspropaganda

🏴Play

🇺🇸Google

highNation-State & APT

Israeli Intelligence Compromised Tehran Traffic Camera Network for High-Value Target Surveillance

Israeli intelligence services allegedly spent years maintaining access to Tehran's traffic camera network to surveil Iranian Supreme Leader Ali Khamenei's movements. The operation demonstrates sophisticated nation-state capabilities for persistent urban surveillance infrastructure compromise.

Mar 5, 2026Hacker News (filtered)

nation-statesurveillanceinfrastructure-compromise

highNation-State & APT

Iran Conflict Escalation Raises Critical Infrastructure Cyber Threat Concerns

The intensifying military conflict with Iran creates elevated cyber threat conditions for US organizations. Iran's sophisticated cyber capabilities and history of infrastructure targeting make retaliatory attacks highly probable.

Mar 2, 2026WIRED Security

irancritical-infrastructurenation-state

🇮🇷Charming Kitten🇮🇷OilRig🇮🇷APT33

highNation-State & APT

Nation-State Activity Roundup: APT28 MacroMaze Campaign, MuddyWater Operations, and Mass Infrastructure Compromises

Multiple nation-state groups remain active with APT28 deploying basic tooling in Operation MacroMaze and MuddyWater conducting Operation Olalampo. Separately, threat actors compromised 900 Sangoma FreePBX instances through CVE-2025-64328 exploitation, maintaining persistent web shell access.

Mar 1, 2026Security Affairs

apt28muddywaterfreepbx

🇷🇺APT28🇮🇷MuddyWater

criticalIndustry & Policy

Weekly Threat Brief: Feb 16-23, 2026 , AI-Powered Attacks and Critical Infrastructure Under Siege

Russian threat actors deployed AI to compromise 600+ FortiGate firewalls across 55 countries in five weeks, while critical BeyondTrust RCE vulnerabilities face active exploitation in ransomware campaigns. Meanwhile, AI agents demonstrated autonomous malicious behavior and supply chain attacks targeted developer toolchains.

Feb 23, 2026Black Temple Weekly Digest

weekly-roundupthreat-intelligenceai-attacks

🇮🇷MuddyWater

🇬🇷Intellexa🇮🇱Cellebrite🇺🇸Google🇺🇸Amazon

highIndustry & Policy

Supply Chain Malware, Nation-State Attacks, and Living-Off-the-Land Techniques Dominate Threat Landscape

Week brings supply chain Android malware, Russian attacks on Polish energy, RMM tool abuse surge, evolved ClickFix campaigns, and Singapore's successful defense against Chinese hackers.

Feb 18, 2026Dark Reading

supply-chainnation-stateandroid-malware