CW's CTI

Inside APT-29: Dissecting a Multi-Stage Phishing Campaign Targeting Government Infrastructure

April 2, 2026 8 min read

Lorem ipsum dolor sit amet, consectetur adipiscing elit. In late Q1 2026, analysts observed a resurgence of spear-phishing activity attributed with high confidence to APT-29 (Cozy Bear). The campaign leveraged novel HTML smuggling techniques combined with legitimate cloud storage providers to deliver a previously undocumented loader, bypassing perimeter controls at multiple NATO-aligned government agencies.

Malware

Ransomware TTPs in 2026: How Threat Actors Are Evolving Their Extortion Playbooks

March 28, 2026 6 min read

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium. Ransomware operators have shifted from opportunistic spray-and-pray tactics to highly targeted intrusions with median dwell times exceeding three weeks. This post examines MITRE ATT&CK technique clusters observed across 14 incidents in Q1 2026, including novel data exfiltration via DNS tunnelling and living-off-the-land binaries to evade EDR solutions.