my photo

John Z Black

Brunswick, ME • (207) 245-1010 • contact@johnzblack.com

Blog / #apt

Persistent Espionage: Mustang Panda's LOTUSLITE Campaign Hits Banking

John Z Black Apr 27, 2026

Threat Intelligence #mustang-panda #apt #espionage #supply-chain #nation-state

A refreshed LOTUSLITE variant from Mustang Panda is targeting Indian banks and South Korean policy groups. Nation-states aren't extortionists. They're collectors. And they're patient.

Read More

China's TA416 Is Back in Europe After Two Years. They Brought New Tricks.

John Z Black Apr 6, 2026

Threat Intelligence #china #ta416 #plugx #oauth #phishing #espionage #eu #apt

TA416 has resumed targeting EU government and diplomatic organizations with PlugX malware, now abusing OAuth redirects to slip past traditional phishing defenses.

Read More

Three Chinese Hacker Groups Hit the Same Government. At the Same Time.

John Z Black Mar 31, 2026

Threat Intelligence #china #apt #mustang-panda #unit42 #espionage #southeast-asia #usb-worm #hiupan #nation-state

Read More

Iran Is Running Every Cyberattack at Once

John Z Black Mar 28, 2026

Threat Intelligence #iran #unit42 #apt #wiper #handala #stryker #nation-state #bearlyfy #geopolitics #cyber-warfare

Iran isn't running a cyber campaign right now. It's running all of them simultaneously, and Unit 42's latest brief documents exactly that.

Read More

China's BPFDoor Got an Upgrade. Passive Defenses Still Can't See It.

John Z Black Mar 28, 2026

Threat Intelligence #bpfdoor #china #red-menshen #telecom #apt #nation-state #threat-hunting #backdoor

Red Menshen's upgraded BPFDoor backdoor now hides even better inside telecom backbone networks, and the only way to find it is active threat hunting that most carriers aren't doing.

Read More

Two Spy Campaigns, Two Completely Different Playbooks

John Z Black Mar 16, 2026

Threat Intelligence #espionage #apt #china #russia #signal #asean #military #threat-intelligence

A Chinese APT has been sitting inside Southeast Asian military networks for six years. Meanwhile, Russian hackers are stealing Signal accounts with fake support messages. Same goal, wildly different approaches.

Read More

China's Been Quietly Spying on Southeast Asian Militaries for Years

John Z Black Mar 13, 2026

Nation-State Threats #china #apt #espionage #southeast-asia #military #unit42 #nation-state

Unit 42 documented a suspected Chinese state-sponsored espionage campaign with years of undetected access to military networks across Southeast Asia. This is what patient intelligence collection looks like.

Read More