ATO’s 76th summit, which will be held June 24-25, 2025, in The Hague, Netherlands, comes at a time as the alliance’s member countries grapple with a rapidly changing global security dynamic. Russia continues to press on with its war campaign in Ukraine despite efforts to achieve a cease fire. Deep questions remain over the U.S. military commitment to Ukraine and if the U.S. would assist Europe if a conflict surfaced as required under Article 5 of NATO’s founding treaty. Israel undertook bombing strikes against Iran on the pretence that Iran was edging close to building viable nuclear weapons, which was followed by U.S. airstrikes. Since the previous summit, the leaders of European NATO countries have shown a dramatic change in rhetoric regarding the need to take on greater responsibility for security on the European continent, particularly as it pertains to increases in defense spending and military assistance to Ukraine. With an anticipated ambitious agenda, evidence of a clear rift in transatlantic relations and the alliance’s global super power distracted with other priorities, the summit could be hampered by disruption and division. This environment is ripe for cyber threats, prompting NATO member states to be on the look out for activity that could impact critical infrastructure entities. These threats could come from ideological and politically motivated attackers, who may seek to draw attention through distributed denial-of-service (DDoS) attacks, data leaks and website defacements affecting NATO nations. This blog, which draws on Intel 471’s Cyber Geopolitical Intelligence, will outline the issues at hand at the summit, the challenges facing NATO and look at the possible cyber threats.

In 2024, authorities took aim at ransomware gangs, malware developers, cybercriminal infrastructure and cryptocurrency thieves. Here's a look at the…

Russia has long been a military power, a nuclear power, a space power and in recent decades, a cyber power. It has been one of the most capable cyber actors, going back to the late 1990s when Russian state hackers stole classified documents and military research from U.S. universities and government agencies. The stolen documents, if stacked on top of one another, would have been taller than the Washington Monument (555 feet or 169 meters). These incidents, dubbed “Moonlight Maze” as described in Thomas Rid’s book “Rise of the Machines,” marked one of the world’s first advanced persistent threat (APT) attacks. Russia’s intelligence and security agencies continue to operate highly skilled groups of offensive attackers. Those APT groups are spread across its intelligence and security agencies and the Ministry of Defense. They engage in a broad range of cyber and influence operations tied to Russia’s strategic objectives. These include exploiting adversary systems, establishing footholds, conducting cyber espionage operations and running disinformation and misinformation campaigns designed to undermine Western narratives. One of the most effective and long-running Russian groups is Turla, a unit known as Center 16 housed within Russia’s Federal Security Service, or FSB. Researchers found that this group, which is active today, may have been connected with Moonlight Maze.

In 2023, threat actors continued to exploit a variety of vulnerabilities — both newly discovered weaknesses and unresolved issues — to carry out sophisticated attacks on global organizations. The number of documented software vulnerabilities continued to rise, and threat actors were quick to capitalize on new vulnerabilities and leverage recent releases of publicly available vulnerability research and exploit code to target entities. However, while there was a high number of vulnerabilities released in the reporting period, only a handful actually were weaponized in attacks. The ones of most interest are those that threat actors use for exploitation. In this report, we’ll analyze the numbers and types of vulnerabilities in 2023 with a view to understanding attack trends and how organizations can better defend themselves.

Whether Conti has rebranded as Monti in a bid to mock the former strain or it is just another new ransomware variant on the block.

KillNet will continue to grow as the war in Ukraine continues, but the group is limited in its capabilities.

A full technical breakdown of a prolific pay-per-install service.