New from @threatinsight.proofpoint.com! North Korean actor UNK_DeadDrop (possibly overlapping with Contagious Interview) conducts a high volume phishing campaign targeting developers with a new technique abusing VSIX extensions and new open source payload Overlord www.proofpoint.com/us/blog/thre...
Check out the newest intel conference to discover the latest insights into all kinds of statecraft!
Bonus: great coverage of our research in an exclusive from one of my fave reporters @ajvicens.bsky.social www.reuters.com/sustainabili...
From phishes to hands-on-keyboard commands 🔥 new @proofpoint.bsky.social research from @nickattfield.bsky.social and @konstantinklinger.bsky.social on Indian state-sponsored actor TA397 (Bitter) with a great story on the steps to technical and political attribution www.proofpoint.com/us/blog/thre...
Thanks to Nate Nelson at @darkreading.bsky.social for covering my report! www.darkreading.com/cyberattacks...
New Iran drop from me tracking an attribution nightmare - UNK_SmudgedSerpent! A little Charming, a little Muddy, and a lot C5. Targeting policy experts with benign conversation starters, health-themed infra, OnlyOffice spoofs, and RMMs. Check out the full story www.proofpoint.com/us/blog/thre...
New from the one and only pun-king @mkyo.bsky.social on the increased and ongoing Chinese targeting of semiconductor-related organisations in Taiwan. Edge device exploitation may be the TTP of the moment, but Chinese groups still go phishing when the chips are down www.proofpoint.com/us/blog/thre...
New DISCARDED podcast drop! Join
@greg-l.bsky.social and me as we talk about our fave North Korean groups, DPRK as the neglected child, TA406 and the Russian connection, and finally, the dreaded but pervasive IT worker problem podcasts.apple.com/us/podcast/c...
open.spotify.com/episode/01d1...
🚨 New threat research: Proofpoint identified a likely North Korea-aligned threat cluster, UNK_DeadDrop, targeting software developers through trusted development platforms and workflows.
Read the blog: www.proofpoint.com/us/blog/thre....
Fun crossover blog about TA829 (RomCom) & TransferLoader with my ecrime pals @selenalarson.bsky.social it’s got it all:
🛰️ Popped routers for sending phish
📊 ACH on attribution
👾 custom protocols
👽 cool malware
🕵️ crime
🎯 espionage
❔many unanswered questions
www.proofpoint.com/us/blog/thre...
By Saher Naumaan, Carlos Rubio, and the Proofpoint Threat Research Team Key Findings Between April and May 2026, Proofpoint Threat Research observed a likely North Korean threat actor
This is a two-part blog series, detailing research undertaken in collaboration with Threatray. Part two of this blog series can be found on their website here. Analyst note: Throughout
Proofpoint would like to thank Josh Miller for his initial research on UNK_SmudgedSerpent and contribution to this report. Key findings Between June and August 2025,
Key findings Between March and June 2025, Proofpoint Threat Research observed three Chinese state-sponsored threat actors conduct targeted phishing campaigns against the Taiwanese
Chinese-linked hackers are targeting the Taiwanese semiconductor industry and investment analysts as part of a string of cyber espionage campaigns, researchers said on Wednesday.
By Saher Naumaan, Carlos Rubio, and the Proofpoint Threat Research Team Key Findings Between April and May 2026, Proofpoint Threat Research observed a likely North Korean threat actor
Threat Research would like to acknowledge and thank the Paranoids, Spur, and Pim Trouerbach for their collaboration to identify, track, and disrupt this activity. Key takeaways
The SOS conference is officially THREE months away! On October 28, we gather to discuss the latest developments in nation-state operations with leading experts!
⏰ CFP Ends September 1st!
🐧 Early Bird Tickets almost sold out!
🕵️ Come talk espionage, sabotage, ORBATs, and more!
stateofstatecraft.com
ThreatInsight
Greg Lesnewich
New from the one and only pun-king @mkyo.bsky.social on the increased and ongoing Chinese targeting of semiconductor-related organisations in Taiwan. Edge device exploitation may be the TTP of the moment, but Chinese groups still go phishing when the chips are down www.proofpoint.com/us/blog/thre...
Video
Key findings Between March and June 2025, Proofpoint Threat Research observed three Chinese state-sponsored threat actors conduct targeted phishing campaigns against the Taiwanese
