Cybercriminals are increasingly using emojis to evade detection and coordinate attacks across platforms like Telegram and Discord. According to threat intelligence firm Flashpoint, emojis help bad actors bypass keyword filters and communicate more effectively in multilingual environments, with symbols representing everything from stolen credentials to malware commands — like Pakistan-linked group UTA0137's "Disgomoji" malware that used camera emojis for screenshots and skull emojis to terminate processes. While emojis alone aren't decisive indicators, security teams can leverage emoji analysis to track threat actors and detect emerging campaigns, since attackers often fall into recognizable patterns when using these symbols.

Russia's APT28 hacking group has been conducting a global espionage campaign by exploiting vulnerabilities in small office and home routers from manufacturers like MikroTik and TP-Link. The attackers modify just one DNS setting in these compromised routers to redirect internet traffic through servers they control, allowing them to steal login credentials for email and web services without deploying any malware. The campaign has affected over 200 organizations worldwide, including government ministries, law enforcement agencies, and critical infrastructure across 23 US states, prompting a Justice Department disruption effort called Operation Masquerade.