Analyst note: Proofpoint uses the UNK_ designator to define clusters of activity that are still developing and have not been observed for long enough to receive a numerical TA designation. This report reflects Proofpoint Threat Research’s observations as of the date of publication and does not constitute geopolitical analysis or policy commentary.
What happened
On 28 February 2026, the US and Isra...
The strongest version of this narrative highlights the immediate and opportunistic exploitation of geopolitical conflict by state-aligned cyber actors. The report credibly documents a surge in phishing campaigns, with actors from multiple nations leveraging the US-Israel-Iran crisis as both a lure and a justification for intelligence collection. The inclusion of technical details—such as malware hashes, C&C domains, and attack chains—lends credibility to the assessment of coordinated cyber opera...