Fireeye and other users of SolarWinds Orion IT monitoring and management software had been compromised by SolarWinds Supply Chain Attack. Threat actor behind this attack is identified as UNC2452 or Dark Halo.

GravityRAT aim to go cross platform. It is available for Windows OS, macOS, and Android. The reported distribution methods are malicious applications, infected email attachments, malicious online activities, social engineering, and software cracks.

GravityRAT makes a come back with versions for Android and MAC. It was previously know as for spying on Windows users only. It is capable of retrieving device data, contact lists, email addresses, call logs and SMS messages and can ex-filtrate various types of documents and files.

Pysa Ransomware, also know by its former name Mespinoza Ransomware is typically distributed via malspam, malvertising campaign, exploit kits, drive-by downloads, and brute-forcing accounts on servers that have RDP exposed to the Internet. Pysa encrypts data using AES-256 the keys for which are then encrypted with RSA.

PowerPepper is a Windows in-memory PowerShell backdoor that can execute remotely sent shell commands. It is associated with DeathStalker (formerly called Deceptikons), a threat actor know to be active since 2012. The threat actor consistently used what is called "dead-drop resolvers" (DDRs), which is an obfuscated content hosted on major public web services like YouTube, Twitter or Reddit, once decoded by malware this content reveals a command-and-control (C2) server address.