Cisco Talos Archives

In this picture taken near the truce village of Panmunjom inside the demilitarized zone (DMZ) separating the two Koreas, a bird flies near a North Korean flag fluttering in the wind at the propaganda village of Gijungdong in North Korea on October 4, 2022. (Photo by ANTHONY WALLACE/AFP via Getty Images)

North Korean operatives spotted using evasive techniques to steal data and cryptocurrency

Research from Cisco Talos and Google Threat Intelligence Group underscores the extent to which North Korea-aligned attackers attempt to avoid detection.

Oct 16, 2025 By Matt Kapko

DHS, Department of Homeland Security, cybersecurity, Cyber Storm — (Getty Images)

CISA alerts federal agencies of widespread attacks using Cisco zero-days

Cisco said it was investigating state-sponsored espionage attacks in May. CISA did not explain why it waited four months to issue an emergency directive.

Sep 25, 2025 By Matt Kapko

fancy bear phishing email — (Getty Images)

Russian cyber group exploits seven-year-old network vulnerabilities for long-term espionage

The group, linked to FSB Center 16, has been scanning the internet for end-of-life software, which it has found in droves.

Aug 20, 2025 By Greg Otto

‘Highly evasive’ Vietnamese-speaking hackers stealing data from thousands of victims in 62+ nations

SentinelOne and Beazley Security say the group has been evolving its techniques of late, all with the goal of making money off stolen data.

Aug 4, 2025 By Tim Starks

BlackSuit site seizure notice — Seizure notice displayed on BlackSuit’s extortion site. (State Criminal Police Office Lower Saxony, Germany)

Details emerge on BlackSuit ransomware takedown

The Russian cybercrime group attacked more than 180 organizations before members abandoned the brand and dispersed to new ransomware groups earlier this year.

Aug 4, 2025 By Matt Kapko

Identity lapses ensnared organizations at scale in 2024

Cisco Talos observed identity-based attacks in 60% of the incidents it responded to last year.

Apr 1, 2025 By Matt Kapko

The Cisco Systems logo is displayed at the Mobile World Congress (MWC) in Barcelona on February 25, 2019. (GABRIEL BOUYS / AFP)

Salt Typhoon gained initial access to telecoms through Cisco devices

The Chinese nation-state threat group primarily gained access to Cisco devices with legitimate login credentials, according to Cisco Talos.

Feb 20, 2025 By Matt Kapko

Hacker with covered face in his operating room with multiple displays. (Sutthichai Supapornpasupad/Getty Images)

Chinese-aligned hacking group targeted more than a dozen government agencies, researchers find

The activity highlights a rapidly evolving, aggressive cyberespionage operation that played out across Africa, Europe, the Middle East and Asia, a Talos report says.

Jun 21, 2024 By AJ Vicens

Photo of monitor while downloading a file from the “Internet to My Computer”. (spxChrome/Getty Images)

Decade-old malware haunts Ukrainian police

A virus dating to 2015 is still hitting targets in Ukraine, showing its enduring power.

Apr 17, 2024 By AJ Vicens

A laptop displays a message after being infected by a ransomware as part of a worldwide cyberattack on June 27, 2017. (Rob Engelaar / ANP / AFP)

Report: New ransomware gang emerges in Vietnam

Researchers discovered a new ransomware gang that appears to be in the early stages of their extortion campaigns.

Aug 7, 2023 By Christian Vasquez