Weekly Threat Advisory: The Most Active Cyber Adversaries October 06 – October 12, 2025
⚠ Weekly Threat Advisory — Critical Trends Shaping the Cybersecurity Landscape
Top Threat Actors:
Nation-state groups and organized cybercriminal syndicates are ramping up their operations, targeting critical infrastructure and financial sectors with increased sophistication.
Malware Evolution:
Advanced loaders and polymorphic malware variants are successfully evading traditional security controls, highlighting the urgent need for adaptive defense mechanisms.
Ransomware Surge:
Double extortion techniques and Ransomware-as-a-Service (RaaS) models continue to dominate the global threat landscape, driving a sharp rise in high-impact breaches.
C2 Infrastructure:
Adversaries are increasingly using decentralized and fast-flux command-and-control networks to evade detection and maintain long-term persistence.
Active Campaigns:
Spear-phishing and supply chain compromises remain the most prevalent entry vectors, emphasizing the importance of continuous monitoring and third-party risk assessments.
| Adversary | Adversary_Type | IP | DOMAIN | HASH | URL | Total_IOCs |
| Discord Misuse | C2 | 0 | 0 | 0 | 6 | 6 |
| TamperedChef | Malware | 0 | 5 | 82 | 0 | 87 |
| nexus | Malware | 1 | 13 | 2 | 0 | 16 |
| Nezha | Malware | 3 | 2 | 5 | 1 | 11 |
| Shuyal Stealer | Malware | 0 | 0 | 1 | 1 | 8 |
| GhostSocks | Malware | 7 | 0 | 0 | 0 | 7 |
| Stealit | Malware_campaign | 0 | 0 | 12 | 12 | 24 |
| fake job applications | Phishing Campaign | 10 | 0 | 0 | 9 | 19 |
| Fake_Job | Phishing Campaign | 10 | 0 | 0 | 9 | 19 |
| CN_APT_Serbian_Gov | Phishing Campaign | 0 | 3 | 13 | 0 | 16 |
| MS-Infrastructure | Phishing Campaign | 9 | 5 | 0 | 2 | 16 |
| MST infrastructure | Phishing Campaign | 0 | 7 | 0 | 0 | 7 |
| IUAM ClickFix | Phishing Kit | 8 | 38 | 26 | 0 | 72 |
| 1Password_Alerts | Phishing Kit | 0 | 1 | 0 | 0 | 2 |
| Akira Reloaded | Ransomware | 0 | 0 | 20 | 0 | 20 |
| RADAR | Ransomware | 2 | 2 | 1 | 6 | 12 |
| Chaos | Ransomware | 0 | 0 | 9 | 0 | 9 |
| Qilin | Ransomware | 1 | 6 | 0 | 0 | 7 |
| Velociraptor | Ransomware | 1 | 2 | 3 | 0 | 6 |
| Yurei | Ransomware | 0 | 0 | 2 | 2 | 4 |
| Confucius | Threat Actor | 0 | 8 | 8 | 0 | 16 |
| CL0P extortion | Threat Actor | 12 | 0 | 0 | 0 | 14 |
| Detour Dog | Threat Actor | 6 | 8 | 0 | 0 | 14 |
| GoAnywhere Managed File Transfer | Threat Actor | 4 | 0 | 3 | 0 | 7 |
| Larva-25010 | Threat Actor | 1 | 1 | 5 | 0 | 7 |
| ToddyCat | Threat Actor | 0 | 0 | 6 | 0 | 6 |
| Oracle E-Business Suite | Threat Actor | 2 | 0 | 3 | 0 | 5 |
| BatShadow | Threat Actor | 1 | 2 | 0 | 0 | 3 |
Enclosed are the high-risk Indicators of Compromise (IOCs), each accompanied by a confidence score derived through advanced machine learning analysis.
| 185.181.60.11 | 97 |
| 200.107.207.26 | 97 |
| 31.41.244.100 | 90.7778 |
| ozsxj4hwxub7gio347ac7tyqqozvfioty37skqilzo2oqfs4cw2mgtyd.onion | 90 |
| wikileaksv2.com | 90 |
| advertipros.com | 87.3333 |
| 83.222.190.214 | 55.75 |
| 88.214.50.3 | 55.75 |
| 103.124.95.161 | 54.6 |
| 64.29.17.1 | 52 |
| 216.24.57.252 | 50.6667 |
| 216.24.57.4 | 50 |
| 66.33.60.35 | 40.3333 |
| 76.76.21.93 | 34.6667 |
