Positive Technologies
-
UnsolicitedBooker uses LuciDoor and MarsSnake to target Central Asian telecoms
UnsolicitedBooker deployed LuciDoor and MarsSnake backdoors against telecom companies in Kyrgyzstan and Tajikistan using phishing and multiple loaders between September 2025 and January 2026.
-
Kaspersky links new Operation ForumTroll phishing wave to targeted attacks on Russian academics
Kaspersky detected a targeted October 2025 phishing campaign tied to Operation ForumTroll that used eLibrary impersonation and personalized one‑time links to deliver a PowerShell chain and the Tuoni remote access framework to academics in Russia; the group’s origins remain unknown.
-
China-linked APT31 used local cloud services and public tools to target Russian IT sector, Positive Technologies reports
Researchers at Positive Technologies say China-linked APT31 targeted Russian IT firms between 2024 and 2025, using Yandex Cloud and a mix of public and custom tools to maintain long-term access and exfiltrate data.
