Want to read the full story? Subscribe to our newsletter to access the complete Weekly Intelligence Snapshot. Don’t miss out on more intelligence!

Cyber Highlights

Rollups
Industry impacted: Communication Services, Consumer Discretionary, Consumer Staples, Energy, Financials, Government, Health Care, Industrials, Information Technology, Materials, Real Estate, Utilities

• ShinyHunters Claims Responsibility for Exploiting Misconfigured Salesforce Experience Cloud Instances
• Storm-1811 Uses Teams IT Impersonation and Quick Assist to Deploy DNS-Based A0Backdoor
• Dutch Intelligence Services Expose Russian Phishing Campaign Against Signal and WhatsApp Users
• Russian Speaking Actor Drives Sophisticated BlackSanta Operation Targeting HR Workflows
• KadNap Botnet Targeting Asus Routers to Enable Malicious Traffic Proxying
• Iranian MOIS Cyber Units Integrate Cybercrime Malware and Infrastructure into State Operations

Geopolitical and Policy Highlights

US-Israel War With Iran Escalates With Increasing Attacks Against Vessels and Energy Infrastructure In the Gulf

QuoIntelligence is continuously monitoring and analyzing events linked to the war in the Middle East. Over the past week, the US-Israeli coalition has intensified strikes in Iran and Lebanon while Iran appointed Mojtaba Khamenei as supreme leader, signaling continued hardline policies. Iran also expanded missile and drone attacks across Gulf states, with rising maritime incidents and growing attacks on regional energy infrastructure.

Rollups
Industry impacted: Government, Industrials

• Finland To Lift Full Ban On Hosting Nuclear Arms
• Swedish Coast Guard Boards Suspected Stateless Ship in the Baltic Sea

The post Threat Intelligence Snapshot: Week 11, 2026 appeared first on QuoIntelligence.

Want to read the full story? Subscribe to our newsletter to access the complete Weekly Intelligence Snapshot. Don’t miss out on more intelligence!

Cyber Highlights

Iran-Linked Cyber Operations During the Current Escalation: Hacktivism, State Activity, and Broader Threat Dynamics as of 5 March

Within hours of the 28 February strikes, cyberspace actors transitioned to an operationally active posture. Iran’s domestic internet connectivity collapsed concurrently with the initial military action, dropping to between one and four percent of normal traffic levels. Intelligence community assessments concluded that the disruption was intended to degrade IRGC command-and-control capacity.
On the visible surface of the cyber environment, an estimated 60 active hacktivist groups were operating as of 2 March, coordinated in part through an Electronic Operations Room established on 28 February, and including pro-Russian collectives alongside Iran-aligned actors.

Rollups
Industry impacted: Communication Services, Consumer Discretionary, Consumer Staples, Energy, Financials, Government, Health Care, Industrials, Information Technology, Materials, Real Estate, Utilities

• Malicious Extensions Exploit Gemini Integration to Activate Privileged Browser Capabilities
• Fire-Triggered Power Shutdown in AWS Middle East Region Disrupts Core Cloud Services
• Phishing Campaign Uses Digitally Signed Fake Workplace Applications to Deploy Covert RMM Backdoors
• Coruna iOS Exploit Kit Leveraged by UNC6353 and UNC6691 in Espionage and Financial Operations
• APT41 Linked Operator Strengthens Long-Term Access Across Europe and Asia
• Europol Coordinates International Operation Disrupting Tycoon 2FA Phishing Platform Used to Bypass MFA Protections
• Operational Analysis of the Tycoon2FA PhaaS Kit Used in High‑Volume Phishing Operations
• Analysis of Compromised MuddyWater Infrastructure Uncovers Operational Behavior

Geopolitical and Policy Highlights

US and Israeli Attacks Against Iran Trigger Regional Escalation, Disrupting Strategic Sectors

On 28 February, the US and Israel launched coordinated large-scale strikes on Iran targeting leadership, nuclear facilities, and missile infrastructure, resulting in the death of Supreme Leader Ali Khamenei. Iran’s retaliation rapidly expanded the conflict across the region, with missile and drone attacks striking Israeli territory and US assets across several Gulf countries and beyond, including Cyprus, Turkey, and Azerbaijan.
QuoIntelligence examines the war’s impact on the transportation and energy sectors and assesses the terrorist threat arising from the conflict.

Rollups
Industry impacted: Financials, Government, Industrials, Information Technology

• Anthropic Blocks Pentagon’s Use of its AI For Mass Domestic Surveillance and Fully Autonomous Weapons
• US Threatens To Cut Off Swiss Bank MBaer From Financial System Over Alleged Iran, Russia, Venezuela Ties
• Russian Drone Strikes Foreign Cargo Ship Near Ukraine Black Sea port
• China Unveils 15th Five-Year Plan for 2026 to 2030

The post Threat Intelligence Snapshot: Week 10, 2026 appeared first on QuoIntelligence.

Want to read the full story? Subscribe to our newsletter to access the complete Weekly Intelligence Snapshot. Don’t miss out on more intelligence!

Cyber Highlights

Industry impacted: Communication Services, Consumer Discretionary, Consumer Staples, Energy, Financials, Government, Health Care, Industrials, Information Technology, Materials, Real Estate, Utilities

• New TrustConnect MaaS Masquerades As Legitimate Remote Monitoring Tool Using EV-Signed RAT
• Banking Trojan Massiv Distributed through Fake IPTV Applications Targeting Users in Southern Europe
• Android Malware PromptSpy Uses Generative AI to Automate Persistence
• A Russian-Speaking Financially Motivated Threat Actor Leveraged Commercial AI Services to Compromise Over 600 FortiGate Devices
• Malicious OAuth Campaign Uses SaaS Impersonation to Establish Persistent Access in Azure Environments
• Predator Spyware Leveraging Post-compromise Hooks to Evade iOS Recording Indicators
• Active Exploitation of CVE-2026-20127 Enables Root Compromise of Cisco SD-WAN Controllers

Geopolitical and Policy Highlights

Industry impacted: Communication Services, Consumer Discretionary, Consumer Staples, Energy, Financials, Government, Health Care, Industrials, Information Technology, Materials, Real Estate, Utilities

• US Supreme Court Strikes Down Trump’s Global Tariffs
• US President Donald Trump Threatens Countries With Higher Tariffs If They Abandon Trade Deals ; EU Suspends Trade Deal Legislative Process
• Pentagon Sends Ultimatum To Anthropic To Lift AI Restrictions
• Armed Confrontation Between Cuban Coast Guards and Speedboat From the US ; Cuba Reports Terrorist Attack

The post Threat Intelligence Snapshot: Week 9, 2026 appeared first on QuoIntelligence.

Want to read the full story? Subscribe to our newsletter to access the complete Weekly Intelligence Snapshot. Don’t miss out on more intelligence!

Cyber Highlights

Industry impacted: Communication Services, Consumer Discretionary, Consumer Staples, Energy, Financials, Government, Health Care, Industrials, Information Technology, Materials, Real Estate, Utilities

• New Campaign Abuses Google Services To Deliver Lumma Infostealer And Trojanized Ninja Browser
• ClickFix Operators Leverage External DNS to Deliver Second Stage Payloads
• Threat Actors Exploit Atlassian Jira Cloud to Deliver Authenticated Spam at Scale
• AI Web Assistants Enable Covert Command and Control Relays for Malware
• UNC6201 Exploiting Zero-day in Dell RecoverPoint to Achieve Persistent Access

Geopolitical and Policy Highlights

Industry impacted: Energy, Government, Industrials

• US Administration Revokes EPA Climate Endangerment Finding And Vehicle Emission Standards
• ENISA Updates International Strategy to Empower the EU Cybersecurity Ecosystem
• Wave of Sabotage Acts Target Italian Railway Network Amid Winter Olympics
• US Issues Fresh Guidance To Vessels Transiting Strait of Hormuz As Iran Tensions Simmer

The post Threat Intelligence Snapshot: Week 8, 2026 appeared first on QuoIntelligence.

Want to read the full story? Subscribe to our newsletter to access the complete Weekly Intelligence Snapshot. Don’t miss out on more intelligence!

Cyber Highlights

Industry impacted: Communication Services, Consumer Discretionary, Consumer Staples, Energy, Financials, Government, Health Care, Industrials, Information Technology, Materials, Real Estate, Utilities

• Microsoft Exchange URL Rule Error Triggers Widespread Email Quarantine
• ZeroDayRAT Cross Platform Android and iOS Spyware with Broad Surveillance Capabilities
• SSHStalker Campaign Demonstrating Automated SSH Compromise and IRC‑based Botnet Control
• Researchers Find Rogue Virtual Machine Revealing Scattered Spider’s New Operational Methods
• DPRK Operatives Exploit Verified LinkedIn Profiles for Remote‑Work Fraud
• Abuse of Net Monitor and SimpleHelp for Dual Remote Access in Ransomware and Cryptocurrency Theft Operations
• URL Hijack in Outlook Add‑In Leads to Unauthorized Credential Collection

Geopolitical and Policy Highlights

Industry impacted: Government

• European Commission Launches Action Plan to Address Drone Security Risks
• EU Implements 20th Sanctions Package to Sustain Strategic Pressure on Russia Amid War in Ukraine

The post Threat Intelligence Snapshot: Week 7, 2026 appeared first on QuoIntelligence.

Want to read the full story? Subscribe to our newsletter to access the complete Weekly Intelligence Snapshot. Don’t miss out on more intelligence!

Cyber Highlights

Industry impacted: Communication Services, Consumer Discretionary, Consumer Staples, Energy, Financials, Government, Health Care, Industrials, Information Technology, Materials, Real Estate, Utilities

• APT28 Targeting Central and Eastern Europe through CVE‑2026‑21509 Exploitation
• LockBit 5.0 Ransomware New Features Reveal ChaCha20 Encryption Stealth And Modular Cross Platform Capabilities Impacting Windows, Esxi, And Linux
• Interlock Operators Conduct Prolonged Low-Noise Intrusion Ending in Ransomware Deployment
• Large-Scale Citrix NetScaler Reconnaissance Using Residential Proxies and Cloud Infrastructure
• SharePoint Phishing Campaign Abuses Legitimate Microsoft Invitations To Capture Credentials And Bypass MFA
• Attackers Abuse Windows Screensaver Executables to Deploy Unauthorized RMM Agents for Persistent Remote Access
• Chained n8n Sandbox Flaws Expose Multitenant Cloud and Enterprise Credentials
• Bloody Wolf Conducts Targeted Phishing Campaigns Using Java Loaders and NetSupport RAT

Geopolitical and Policy Highlights

Industry impacted: Communication Services, Financials, Government, Industrials, Information Technology

• UK Navy Forces Russian Ship Out of British Waters
• French IT Company Capgemini Sells Its Subsidiary Working For US Immigration Police ICE
• Germany Arrests Five Suspected of Supplying Russian Firms In Sanctions Breach
• UK Authorities Open First Investigations Over Suspected Breaches Of Cyber Sanctions
• European Commission Trials European Open Source Communications Software To Address Dependency On US Tech

The post Threat Intelligence Snapshot: Week 6, 2026 appeared first on QuoIntelligence.

Want to read the full story? Subscribe to our newsletter to access the complete Weekly Intelligence Snapshot. Don’t miss out on more intelligence!

Cyber Highlights

Industry impacted: Communication Services, Consumer Discretionary, Consumer Staples, Energy, Financials, Government, Health Care, Industrials, Information Technology, Materials, Real Estate, Utilities

• ClickFix Workflow Drives Large-Scale Facebook Session Theft
• New Wave of Vishing Campaigns Against Identity Providers Targets Okta, Microsoft, Google, and Cryptocurrency Platforms
• Multi-Stage AiTM Phishing Campaign Targets Energy Sector
• North Korean Threat Group PurpleBravo Exploits Recruitment Lures to Compromise Software Supply Chains
• Late 2025 Cyberattack On Poland Power Grid Linked To Russian APT Sandworm Activity
• Google Disrupts IPIDEA, One of the World’s Largest Residential Proxy Networks

Geopolitical and Policy Highlights

Industry impacted: Energy, Industrials, Information Technology

• French Navy Boards Tanker From Russia’s Shadow Fleet, Detains Captain
• US Military Used Cyber Warfare Arsenal In Nicolas Maduro Capture
• France To Ditch US Platforms Microsoft Teams, Zoom For Sovereign Platform Citing Security Concerns

The post Threat Intelligence Snapshot: Week 5, 2026 appeared first on QuoIntelligence.

QuoIntelligence assesses that the 2026’s threat landscape will almost certainly (95%) be marked by continued expansion of Ransomware-as-a-Service (RaaS) programs, the growing shift toward exfiltration-only attacks, and the persistence of infostealers distributed through social platforms and developer ecosystems.

In early 2025, we released our annual outlook, in which we highlighted that ransomware groups were refining their extortion methods and that the criminal use of AI would increase, particularly in social engineering and tooling development. These trends materialized throughout 2025, and we assess they will very likely (70%) remain central throughout the year ahead. 

Looking toward 2026, QuoIntelligence assesses the threat environment will almost certainly (95%) remain highly dynamics, with strengthened eCrime ecosystems. Ransomware, infostealers, and residential proxy abuse expanding in scale and sophistication. AI will also remain a core enabler for cybercriminals, particularly in social engineering. At the geopolitical level, state-aligned activities will continue to reflect global tension points, with North Korea intensifying supply chain abuse and workforce infiltration, China pursuing espionage goals, and Russia sustaining hybrid operations. Additionally, we expect the US to maintain an assertive and interventionist foreign and trade policy in 2026, leveraging tariffs and military actions to advance strategic interests, a posture that is already straining relations with European partners. 

Ransomware Ecosystem Consolidates Around RaaS Expansion, ESXi Targeting, and Exfiltration-Only Operations

Ransomware-related activities are expected to persist through 2026 with minimal slowdown, driven by evolving Ransomware-as-a-Service (RaaS) models, new alliances, and a shift toward exfiltration-only attacks. Emerging and consolidating trends such as increased ESXi targeting and white-label ransomware services will serve as key indicators to observe for defensive measures and evolvement.

Infostealer MaaS and IAB Markets Intensify Through Developer Ecosystem Abuse and Supply Chain Compromise

Infostealers and Initial Access Brokers (IABs) remain critical enablers of the underground ecosystem in 2026, with Malware-as-a-Service (MaaS) offerings and supply chain compromises driving infection rates. Increasing abuse of developer ecosystems and social platforms, combined with persistent innovation in delivery techniques, signals a growing challenge for detection and mitigation efforts.

Resilient Infrastructure Services Expand as Residential Proxy Abuse Rises

Bulletproof hosting and residential proxies remain critical enablers for threat actors in 2026, with proxy abuse highly likely (85%) expected to increase as a tactic to evade detection and bypass IP reputation controls.

EDR Impairment Tools Proliferate as BYOVD Techniques Lower Barriers for Endpoint Compromise

EDRKillers are likely (55%) to proliferate in 2026, lowering entry barriers for threat actors and increasing the risk of endpoint compromise. The evolution toward BYOVD-based techniques underscores the need for layered security beyond EDR solutions to mitigate kernel-level attacks.

Social Engineering Evolves Through ClickFix Variants and Increasing Criminal Adoption of LLM-Driven Development

ClickFix and its variants are almost certain (90%) to dominate the social engineering threat landscape in terms of techniques throughout 2026, while AI-assisted development accelerates the creation of new techniques. The growing reliance on LLMs for phishing and malware development will likely (70%) reduce entry barriers and expand the threat landscape.

Reactive Hacktivism Continues Amid Geopolitical Flashpoints, While ICS Exposure Sustains Sabotage Risks

Hacktivist activity will highly likely (90%) remain reactive and opportunistic in 2026, with DDoS campaigns continuing as the primary tactic during geopolitical flashpoints. While sabotage targeting ICS environments is still publicly limited, persistent exposure of critical systems creates uncertainty and potential for escalation.

North Korean Intrusion Sets Expand Supply Chain Attacks and Workforce Infiltration to Fund Strategic Programs

North Korean actors will likely (60%) continue their supply chain compromise efforts and employment fraud schemes in 2026, alongside persistent cryptocurrency theft.

China-Nexus Espionage Prioritizes Energy, Telecom, and Edge Device Exploitation Through Shared Tooling

Chinese state-sponsored activities will highly likely (90%) maintain their espionage campaigns in 2026, prioritizing energy, transportation, telecommunications, and edge device exploitation. Current geopolitical tensions between China and the US will highly likely (90%) intensify more persistent and continuous activities, further exacerbating cyber tensions throughout 2026.

Russia Maintains Hybrid Cyber Operations Blending Destructive Attacks, Edge Exploitation, and Global Influence Campaigns

Russian state-sponsored activities will likely (60%) sustain hybrid operations in 2026, combining destructive attacks, edge-device exploitation, and large-scale disinformation campaigns.

Iran Pressuring Israel and Western Critical Sectors

Iranian state-sponsored activity demonstrated a comparatively lower operational tempo in 2025 relative to 2024 but maintained consistent targeting of Israeli entities. We assess it is unlikely (35%) that Iran will significantly evolve its cyber operations in 2026, aside from sustaining its persistent focus on Israel and the wider geopolitical tensions within the country itself.

Middle East: Continued Confrontation Under The Threshold of War, Iran At a Turning Point

In 2026, the Middle East will very likely (85%) remain highly volatile, with conflict continuing below the threshold of full-scale war as Israel sustains military pressure across multiple fronts and Iran faces mounting internal and external constraints. The Iranian regime is approaching a critical turning point, and its survival in its current form is increasingly uncertain.

A More Aggressive and Predatory US To Place the EU At a Strategic Crossroads For its Global Relevance

In 2026, the US will almost certainly (90%) continue pursuing an assertive, interventionist foreign and trade policy, using tariffs and military actions to advance its interests. This increasingly predatory posture will very likely (75%) heighten tensions with European partners, placing the EU at a critical crossroads for its unity, credibility, and role in international affairs.

Want to go deeper? Download now QuoIntelligence’s 2026 Outlook Report

The post Shifting Tradecraft in 2026: Criminal Ecosystems Strengthen, Malware Capabilities Advance, and Geopolitics Drive Operational Tempo appeared first on QuoIntelligence.

Want to read the full story? Subscribe to our newsletter to access the complete Weekly Intelligence Snapshot. Don’t miss out on more intelligence!

Cyber Highlights

Industry impacted: Communication Services, Consumer Discretionary, Consumer Staples, Energy, Financials, Government, Health Care, Industrials, Information Technology, Materials, Real Estate, Utilities

• Attackers Exploit Copilot Deep Links to Hijack User Sessions
• Gootloader Exploits Malformed ZIP Archives for Evasion
• Researchers Expose AWS CodeBuild Regex Flaw Enabling Repository Takeover
• Threat Actors Abuse LinkedIn Direct Messages to Distribute RAT Malware via DLL Sideloading
• North Korean Threat Actors Expand Contagious Interview Campaign With Malicious VS Code Targeting Developers
• Zendesk Support Ticket Systems Abused in Widespread Global Spam Campaign
• ClickFix Workflow Drives Large-Scale Facebook Session Theft

Geopolitical and Policy Highlights

Industry impacted: Communication Services, Consumer Discretionary, Consumer Staples, Energy, Financials, Government, Health Care, Industrials, Information Technology, Materials, Real Estate, Utilities

• US President Donald Trump Threatens Europeans With Tariffs Ove Opposition To Greenland’s Annexation
• European Commission Proposes New Cybersecurity Package To Strengthen Resilience and Capabilities
• US President Donald Trump Backs Down On Greenland-Related Tariffs, Says Deal Framework Reached Over Arctic Security

The post Threat Intelligence Snapshot: Week 4, 2026 appeared first on QuoIntelligence.

Want to read the full story? Subscribe to our newsletter to access the complete Weekly Intelligence Snapshot. Don’t miss out on more intelligence!

Cyber Highlights

Industry impacted: Communication Services, Consumer Discretionary, Consumer Staples, Energy, Financials, Government, Health Care, Industrials, Information Technology, Materials, Real Estate, Utilities

• China-Linked Threat Actors Abused VMware ESXi Vulnerabilities to Escape Virtual Machines
• APT28 Expands Credential-Harvesting Operations Across Europe
• Multi-Stage AsyncRAT Deployment Using Cloudflare Tunnels and Python Environments
• VoidLink: A Modular Linux C2 Framework Targeting Cloud and Container Environments
• Malicious DLL Injection via Signed ahost.exe Enables Global Malware Delivery
• DeadLock Ransomware Leveraging Polygon Smart Contracts for Proxy Rotation

Geopolitical and Policy Highlights

Industry impacted: Energy

• US President Donald Trump Urges US Oil Giants To Repair Venezuela’s Energy Industry, Executives Expressed Skepticism
• New Developments In Iran: At Least 2,571 Killed, Tehran Warns Regional States of Strikes on US Bases if Attacked
• Researchers Identify Network of Domains Impersonating Reputed News Outlet Pushing Pro-China Messaging
• Greenland: Meeting in White House Confirms Fundamental Disagreement Between US and Denmark, Europeans To Send Troops

The post Threat Intelligence Snapshot: Week 3, 2026 appeared first on QuoIntelligence.