PLUGGYAPE Malware Targets Ukrainian Military via Signal and WhatsApp in Espionage Campaign

White Label dc20360f 50

In the ever-evolving landscape of cyber threats, a new sophisticated malware named PluggyApe has emerged, showcasing a dangerous trend: the abuse of legitimate, encrypted communication services for command and control (C2). Unlike traditional malware that uses easily blocked domains or IP addresses, PluggyApe covertly leverages apps like Signal and Telegram to receive instructions and exfiltrate data, slipping past conventional network defenses. This post provides a comprehensive, beginner-friendly breakdown of the PluggyApe malware, its operational mechanics mapped to the MITRE ATT&CK framework, and actionable steps for defenders.

MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors

White Label ced10617 38

The cybersecurity landscape has witnessed a significant evolution in the tools used by advanced persistent threat (APT) groups. In early 2026, the Iranian state-sponsored group known as MuddyWater (also tracked as MERCURY, Static Kitten, or TA450) unveiled a new weapon in its arsenal: a Remote Access Trojan (RAT) written in the Rust programming language, dubbed “RustyWater.” This marks a strategic shift for the group, which has traditionally relied on PowerShell-based scripts and VBScript malware. The RustyWater RAT represents a more sophisticated, evasive, and persistent threat, primarily delivered through spear-phishing campaigns targeting government, telecommunications, and IT service organizations across the Middle East and Europe.

Russia-Aligned Hackers Abuse Viber to Target Ukrainian Military and Government

White Label a132096f 09. viber messenger malware attack

In January 2026, cybersecurity researchers uncovered a sophisticated attack campaign where the Russia-aligned threat actor UAC-0184 (Hive0156) successfully breached Ukrainian military and government systems. Their primary weapon wasn’t a novel malware strain, but the clever abuse of a trusted communication platform: Viber. This Viber messaging attack represents a significant shift in cyber-espionage tactics, moving beyond email to exploit the inherent trust in personal and professional messaging apps.

Transparent Tribe Deploys New RAT Campaigns on Indian Government and Academia

White Label 0acf7da1 05. android rat attack unmasked

In the ever-evolving landscape of cyber threats, few actors are as persistent and regionally focused as Transparent Tribe (APT36). Their latest campaign unveils a sophisticated new Android Remote Access Trojan (RAT), marking a significant escalation in mobile-targeted espionage. This guide breaks down this complex attack into understandable concepts, providing a clear roadmap for beginners in cybersecurity to comprehend, detect, and defend against such malware.