New Joint Advisories
Threat Content Highlights
Threat Profiles
“Trending & Emerging Threats” weekly update: New Joint Advisories- On May 21, 2025, U.S. cybersecurity authorities and international partners released two joint cybersecurity advisories, which usually contain rich behavioral intelligence around widely relevant threats. This Threat Profile includes the new Campaign objects we published that cover these two advisories:
- Advisory AA25-141A detailed a long-running espionage campaign tied to Russian state-sponsored actors targeting "Western" logistics entities and technology companies associated with the supply of foreign assistance to Ukraine. The actors, attributed to Unit 26165 of the Russian General Staff Main Intelligence Directorate (GRU) military organization (an entity associated with APT28 and various other monikers), used a range of behaviors to surveil and harvest data from entities "across virtually all transportation modes" and even targeted Internet-exposed cameras on Ukraine's border to monitor and track aid shipments.
- Advisory AA25-141B detailed behaviors used by unspecified threat actors to deploy the LummaC2 (aka Lumma Stealer) information stealer (infostealer) malware. The advisory covered activity observed from November 2023 through May 2025. (Separately on May 21, U.S. & international agencies and private sector partners announced coordinated efforts to seize thousands of domains associated with Lumma Stealer distribution, including its "central command structure".)
- Advisory AA25-141A detailed a long-running espionage campaign tied to Russian state-sponsored actors targeting "Western" logistics entities and technology companies associated with the supply of foreign assistance to Ukraine. The actors, attributed to Unit 26165 of the Russian General Staff Main Intelligence Directorate (GRU) military organization (an entity associated with APT28 and various other monikers), used a range of behaviors to surveil and harvest data from entities "across virtually all transportation modes" and even targeted Internet-exposed cameras on Ukraine's border to monitor and track aid shipments.