- In the spotlight this week: Russia-linked threat group “Turla” was reported to be using cyber-attack tools associated with Iran-linked threat group “APT34”, in conjunction with Turla’s own tools. Using tools from another state-linked group means Turla could conduct false-flag operations in the mid- to long-term future (3 months to beyond 12 months).
- Weekly highlights include a campaign dubbed Operation Ghost being linked to “APT29”, targeting foreign-affairs entities in Europe; the “Winnti” threat group umbrella using a previously undocumented backdoor, known as skip-2.0; and the “Gustuff” banking trojan receiving an update.