State-sponsored threats: Different objectives, similar access paths

Title: State-sponsored threats: Different objectives, similar access paths

URL Source: https://blog.talosintelligence.com/state-sponsored-threats-different-objectives-similar-access-paths/

Published Time: 2026-04-14T13:49:46.000Z

Markdown Content: # State-sponsored threats: Different objectives, similar access paths

[Blog](https://blog.talosintelligence.com/)

- [x]

[](https://talosintelligence.com/)

* [Intelligence Center](https://talosintelligence.com/reputation) - [x] * [# Intelligence Center](https://talosintelligence.com/reputation) * BACK * [Intelligence Search](https://talosintelligence.com/reputation_center) * [Email & Spam Trends](https://talosintelligence.com/reputation_center/email_rep)

* [Vulnerability Research](https://talosintelligence.com/vulnerability_info) - [x] * [# Vulnerability Research](https://talosintelligence.com/vulnerability_info) * BACK * [Vulnerability Reports](https://talosintelligence.com/vulnerability_reports) * [Microsoft Advisories](https://talosintelligence.com/ms_advisories)

* [Incident Response](https://talosintelligence.com/incident_response) - [x] * [# Incident Response](https://blog.talosintelligence.com/incident_response) * BACK * [Reactive Services](https://talosintelligence.com/incident_response/services#reactive-services) * [Proactive Services](https://talosintelligence.com/incident_response/services#proactive-services) * [Emergency Support](https://talosintelligence.com/incident_response/contact)

* [Blog](https://blog.talosintelligence.com/) * [Support](https://support.talosintelligence.com/)

More

* Security Resources - [x]

# Security Resources

* BACK

Security Resources * [Open Source Security Tools](https://talosintelligence.com/software) * [Intelligence Categories Reference](https://talosintelligence.com/categories) * [Secure Endpoint Naming Reference](https://talosintelligence.com/secure-endpoint-naming)

* Media - [x]

# Media

* BACK

Media * [Talos Intelligence Blog](https://blog.talosintelligence.com/) * [Threat Source Newsletter](https://blog.talosintelligence.com/category/threat-source-newsletter/) * [Beers with Talos Podcast](https://talosintelligence.com/podcasts/shows/beers_with_talos) * [Talos Takes Podcast](https://talosintelligence.com/podcasts/shows/talos_takes) * [Talos Videos](https://www.youtube.com/channel/UCPZ1DtzQkStYBSG3GTNoyfg/featured)

* Company - [x]

# Company

* BACK

Company * [About Talos](https://talosintelligence.com/about) * [Careers](https://talosintelligence.com/careers)


# State-sponsored threats: Different objectives, similar access paths

By [Hazel Burton](https://blog.talosintelligence.com/author/hazel-burton/)

Tuesday, April 14, 2026 09:49

[2025YiR](https://blog.talosintelligence.com/category/2025yir/)[Year In Review](https://blog.talosintelligence.com/category/year-in-review/)

Across the[Talos 2025 Year in Review](https://blog.talosintelligence.com/2025yearinreview/), state-sponsored threat activity from China, Russia, North Korea, and Iran all had varying motivations, such as espionage, disruption, financial gain, and geopolitical influence.

But when you look at how these operations actually unfold, similar tactics, techniques, and procedures (TTPs) keep appearing: access through vulnerabilities and identity, and access that remains under the radar for a considerable period of time.

Here a […]

[… 4,268 Zeichen — nächste Zone: keyword-dense paragraphs …]

[### [Video] The TTP Ep. 22: The Collapse of the Patch Window April 10, 2026 11:29 In this episode of The Talos Threat Perspective, we discuss how vulnerability exploitation is accelerating, and why attacker speed, AI, and exposed systems are affecting the patch window.](https://blog.talosintelligence.com/video-the-ttp-ep-22-the-collapse-of-the-patch-window/)

Newly disclosed vulnerabilities were exploited almost immediately (e.g., ToolShell), sometimes before patches were widely available. At the same time, long-standing, unpatched vulnerabilities in networking devices and widely used software continued to provide reliable entry points for these types of adversary.

 Common malware families like Dark Crystal RAT (DCRAT), Remcos RAT, and Smoke Loader appeared frequently in Talos investigations on operations against Ukraine in 2025. These families aren’t exclusive to Russia-nexus threat actors, but they continue to be effective in environments where patching and visibility are inconsistent, and should therefore be high priority targets for defense and monitoring.

ShroudedSnooper is an APT that public reporting widely[attributes](https://cloud.google.com/blog/topics/threat-intelligence/unc1860-iran-middle-eastern-networks) to Iran’s Ministry of Intelligence and Security (MOIS). It is very likely an initial access group that passes operations off to secondary threat actors for long term espionage or destructive attacks.

* [](https://www.facebook.com/sharer.php?u=https://blog.talosintelligence.com/state-sponsored-threats-different-objectives-similar-access-paths/ "Share this on Facebook") * [](https://x.com/share?url=https://blog.talosintelligence.com/state-sponsored-threats-different-objectives-similar-access-paths/ "Post This") * [](https://www.linkedin.com/sharing/share-offsite/?url=https://blog.talosintelligence.com/state-sponsored-threats-different-objectives-similar-access-paths/ "Share this on LinkedIn") * [](https://www.reddit/submit?url=https://blog.talosintelligence.com/state-sponsored-threats-different-objectives-similar-access-paths/ "Reddit This") * […]

[### Talos Takes: 2025's ransomware trends and zombie vulnerabilities April 7, 2026 08:03 In this episode of Talos Takes, Amy and Pierre Cadieux unpack the […]

Campa […]

[… 3,820 Zeichen — nächste Zone: tail …]

* * ###### [Incident Response](https://talosintelligence.com/incident_response)

* [Reactive Services](https://talosintelligence.com/incident_response/services#reactive-services) * [Proactive Services](https://talosintelligence.com/incident_response/services#proactive-services) * [Emergency Support](https://talosintelligence.com/incident_response/contact)

* * ###### Security Resources

* [Open Source Security Tools](https://talosintelligence.com/software) * [Intelligence Categories Reference](https://talosintelligence.com/categories) * [Secure Endpoint Naming Reference](https://talosintelligence.com/secure-endpoint-naming)

* * ###### Media

* [Talos Intelligence Blog](https://blog.talosintelligence.com/) * [Threat Source Newsletter](https://blog.talosintelligence.com/category/threat-source-newsletter/) * [Beers with Talos Podcast](https://talosintelligence.com/podcasts/shows/beers_with_talos) * [Talos Takes Podcast](https://talosintelligence.com/podcasts/shows/talos_takes) * [Talos Videos](https://www.youtube.com/channel/UCPZ1DtzQkStYBSG3GTNoyfg/featured)

* * ###### Support

* [Support Documentation](https://support.talosintelligence.com/)

* * ###### Company

* [About Talos](https://talosintelligence.com/about) * [Careers](https://talosintelligence.com/careers) * [Cisco Security](https://www.cisco.com/c/en/us/products/security/product-listing.html)

###### Follow us

* [](https://x.com/talossecurity) * [](https://www.youtube.com/channel/UCPZ1DtzQkStYBSG3GTNoyfg/featured) * [](https://www.linkedin.com/company/cisco-talos-intelligence-group/)

[](http://tools.cisco.com/security/center/home.x) © Cisco Systems, Inc. and/or its affiliates. All rights reserved. View our [Privacy Policy.](http://www.cisco.com/web/siteassets/legal/privacy_full.html)