Overview LAB52 has been monitoring a campaign dubbed “Operation MacroMaze”, which, based on its characteristics, can be attributed to APT28, also known as Fancy Bear, Forest Blizzard or FROZENLAKE. The campaign has been active at least since late September 2025 through January 2026, targeting specific entities in Western and Central Europe. The campaign relies on […]
Black Industry: IRGC-Linked offensive OT framework
Actor Background and Tool Distribution A new offensive OT framework has been identified and offered for sale on a platform accessible via the TOR network, promoted by the “APT IRAN” channel. The administrators have indicated that this is the most extensive industrial and military control network framework to date within the Black Industry (BI) ecosystem. […]