The past 24 hours have seen a significant rise in high-impact cybersecurity incidents, from international law enforcement actions against cryptocurrency scams to sophisticated state-sponsored cyberattacks on European critical infrastructure. This report synthesizes key developments from ten major incidents reported globally, highlighting evolving threat vectors, response strategies, and emerging trends in the cybersecurity landscape.
State-Sponsored Cyberattacks and Sanctions
The Council of the European Union imposed sanctions on three companies—Integrity Technology Group (China), Anxun Information Technology (China), and Emennet Pasargad (Iran)—along with two individuals, for cyberattacks targeting EU critical infrastructure. The sanctions follow multi-year investigations linking these entities to:
- Integrity Technology Group: Operated the Raptor Train botnet, infecting 65,000+ devices across six EU states (2022–2023) and growing to 260,000 devices by 2025. Linked to Chinese state-sponsored actor Flax Typhoon (FBI/U.S. Treasury).
- Anxun Information Technology (i-Soon): Provided hacker-for-hire services, with a 2024 data leak exposing its offensive toolkit. Sanctioned by the U.S. DOJ in March 2025 for attacks dating back to 2011.
- Emennet Pasargad: Conducted influence operations, including hijacking Paris Olympics billboards (2024) and breaching a Swedish SMS service and Charlie Hebdo’s subscriber database (230,000 records offered for sale in 2023).
Sanctions include asset freezes, travel bans, and prohibitions on EU entities providing funds/resources to the listed firms. The attacks employed MITRE ATT&CK techniques such as exploitation of public-facing apps (T1190), spearphishing (T1566.001), and disinformation campaigns (T1585).
State-Sponsored Cyberattacks and Sanctions
The Council of the European Union imposed sanctions on three companies—Integrity Technology Group (China), Anxun Information Technology (China), and Emennet Pasargad (Iran)—along with two individuals, for cyberattacks targeting EU critical infrastructure. The sanctions follow multi-year investigations linking these entities to:
- Integrity Technology Group: Operated the Raptor Train botnet, infecting 65,000+ devices across six EU states (2022–2023) and growing to 260,000 devices by 2025. Linked to Chinese state-sponsored actor Flax Typhoon (FBI/U.S. Treasury).
- Anxun Information Technology (i-Soon): Provided hacker-for-hire services, with a 2024 data leak exposing its offensive toolkit. Sanctioned by the U.S. DOJ in March 2025 for attacks dating back to 2011.
- Emennet Pasargad: Conducted influence operations, including hijacking Paris Olympics billboards (2024) and breaching a Swedish SMS service and Charlie Hebdo’s subscriber database (230,000 records offered for sale in 2023).
Sanctions include asset freezes, travel bans, and prohibitions on EU entities providing funds/resources to the listed firms. The attacks employed MITRE ATT&CK techniques such as exploitation of public-facing apps (T1190), spearphishing (T1566.001), and disinformation campaigns (T1585).
These sanctions mark a significant escalation in geopolitical cyber warfare, emphasizing the growing trend of state-sponsored actors targeting critical infrastructure. The EU’s response highlights the increasing global cooperation needed to counter cross-border cyber threats. This development underscores the broader trend of nations using cyberattacks as a tool for geopolitical influence and disruption. As seen in the geopolitical cyber threats, these incidents are part of a larger pattern where cyber warfare is becoming a norm in international conflicts.
Social Engineering and Vishing Attacks
Microsoft Teams Vishing: Microsoft’s Detection and Response Team (DART) detailed a November 2025 vishing attack where threat actors impersonated IT support via Microsoft Teams voice calls to gain remote access through Windows Quick Assist. The attack chain:
- Initial Access: Attacker called multiple employees; the third victim granted Quick Assist access.
- Payload Delivery: Victim directed to a spoofed credential-harvesting page, triggering a trojanized MSI package that sideloaded a malicious DLL.
- Lateral Movement: Encrypted loaders and proxy-based C2 connectivity established.
- Containment: Microsoft DART isolated systems and blocked attacker activity within hours.
Microsoft DART recommends restricting Teams communications from unmanaged external accounts, auditing/disabling remote monitoring tools, conducting vishing awareness training, and enabling conditional access policies and anomaly detection.
Shipping-Themed Phishing Scams: Group-IB researchers reported a surge in shipping-related phishing scams in the Middle East and Africa (MEA), leveraging the Darcula phishing-as-a-service platform. Attackers used SMS-based phishing links optimized for mobile devices, with localized URLs (e.g., meapostal[.]click) to mimic regional postal services. The scams exploited user trust in tracking links, redirecting victims to credential-harvesting pages. Users should avoid clicking unsolicited tracking links and verify delivery status via official courier websites. Businesses should implement public education and domain security tools.
Financial Fraud and Insider Threats
A CBI Court in Visakhapatnam sentenced Vempadapu Santhoshi Ramu (former Clerk-cum-Cashier, Andhra Bank) and Mahanthi Ramana (private individual) to five years’ imprisonment and a ₹1.71 crore fine for misappropriating ₹1.71 crore meant for the Cheepurupalli Rural Electric Co-operative Society. The fraud, registered in 2018, involved criminal breach of trust and conspiracy to divert funds collected for power consumption charges. The incident highlights the persistent threat of insider fraud within financial institutions, emphasizing the need for robust internal controls and monitoring systems. Such incidents underscore the necessity for continuous auditing and stringent enforcement of regulatory compliance measures. Insider threats often exploit vulnerabilities within organizational frameworks, making it critical to implement comprehensive oversight mechanisms and regular training programs to mitigate risks. The sentencing serves as a stern reminder of the legal consequences for perpetrators, reinforcing the importance of ethical conduct and accountability within the financial sector.
Final words
The incidents reported on March 18, 2026, underscore the evolving sophistication of cyber threats, from state-sponsored botnets to AI-enhanced phishing and abuse of legitimate tools. While law enforcement and private-sector collaborations demonstrate progress, the human factor remains the weakest link. Organizations must prioritize user training, identity-centric security, and resilience planning to mitigate risks in an era where attacks are inevitable. The sanctions against Chinese and Iranian firms signal a geopolitical dimension to cybersecurity, necessitating global cooperation to counter cross-border threats.