Ransomware is no longer just a malicious program deployed by a single attacker — it has evolved into a complex, profit-driven ecosystem operating much like a legitimate business model. Today’s ransomware operations involve multiple specialized actors, automated platforms, and underground services working together to maximize impact and financial gain. From Initial Access Brokers selling compromised […]

Recently, during one of our threat hunting operations, our squad identified multiple malicious domains impersonating major Egyptian service providers, including Fawry, the Egypt Post, and Careem. These domains were likely established to support fraud, phishing campaigns, and other malicious activities targeting users and organizations. Before we begin our analysis, we will provide an overview of […]

Executive Summary APT35, also known as Magic Hound and Charming Kitten, is an Iranian state-backed cyber espionage group active since at least 2014. The threat actor is known for strategic intelligence-gathering, data theft, and disruption operations aligned with Iran’s geopolitical and military objectives. The group’s primary targets include energy, government, defense, and technology sectors, with […]