Tag
In February 2026, the Fortgale Incident Response team investigated a multi-stage intrusion attributed to Mora_001, a Russian-origin threat actor exploiting Fortinet vulnerabilities. The campaign, internally dubbed “FortiSync Quasar,” revealed an evolution from ransomware operations to strategic espionage, deploying Matanbuchus 3.0, Astarion RAT, and SystemBC. Rapid containment prevented any data exfiltration.
In the evolving landscape of cybersecurity threats, Fortgale is tracking PhishSurf Nebula, an advanced Cyber Espionage group active since 2021 and primarily targeting entities within the Banking & Finance and Real Estate sectors across Europe and North America. In particular, most of the involved companies are Private Equity Firms, Hedge Funds, Venture Capitals and Luxury … Read more
LuminousMoth: China-aligned APT operations against Southeast Asian government and telecom targets, USB-based propagation, custom backdoors and infrastructure overlaps.
BackdoorDiplomacy APT activity against diplomatic missions and telecom operators: tooling, infrastructure overlap with known Chinese clusters and victim profiles.
