Canadian organizations are being targeted by the STAC6565 threat cluster, which has evolved from cyber espionage to hybrid operations involving ransomware. The threat group, linked to Gold Blade, uses spear-phishing and sophisticated malware like QWCrypt and RedLoader to conduct cyberattacks, primarily focusing on Canadian firms. #GoldBlade #QWCrypt
Keypoints
- The STAC6565 threat actor targets Canadian organizations through spear-phishing campaigns using legitimate recruitment platforms.
- The group is believed to be linked with Gold Blade, known for data theft and ransomware deployment.
- Recent attacks have involved custom malware such as QWCrypt and tools like RedLoader for reconnaissance and payload delivery.
- Active since late 2018, the threat actor shifts tactics and uses sophisticated obfuscation methods, including WebDAV servers and signed drivers.
- Most attacks are mitigated, but successful ransomware deployments have led to data theft and operational disruptions.
Read More: https://thehackernews.com/2025/12/stac6565-targets-canada-in-80-of.html