Recorded Future
-
Report: North Korean-linked PurpleBravo targeted 3,136 IPs and 20 companies
Recorded Future’s technical analysis found PurpleBravo targeted 3,136 IPs and claimed 20 potential victim companies across multiple regions from August 2024 to September 2025, using infostealers and backdoors to create supply-chain risk.
-
Recorded Future identifies four threat clusters using CastleLoader
Recorded Future’s Insikt Group identified four clusters using the CastleLoader malware loader, assigned the operator the name GrayBravo, and detailed distinct tactics, payloads and a multi-tiered infrastructure while noting the loader’s proliferation among other threat actors.
-
Chinese state-sponsored group RedNovember exploited enterprise network gear in global campaign, researchers say
Recorded Future says a Chinese state-sponsored group called RedNovember ran a global espionage campaign from June 2024 to July 2025, exploiting vulnerabilities in enterprise network appliances to breach defense contractors, government agencies and other organizations and using publicly available tools to maintain persistent access.
-
AI-assisted CopyCop disinformation network expands with hundreds of fake-news sites, researchers say
A Recorded Future Insikt Group study finds that CopyCop, a Kremlin-linked disinformation network, has expanded into hundreds of AI-generated fake-news sites, using self-hosted Llama 3 models to craft content and deepen influence across the U.S., Europe, and Canada, while funding and infrastructure details highlight the scale of the operation.
