Kaspersky’s 2019 APT review highlights several major developments across the threat landscape, including supply-chain compromise, public leaks of alleged Iranian activity, legacy tool disclosures, and expanding mobile implant use. The excerpt describes Operation ShadowHammer as a supply-chain attack in which attackers backdoored a hardware vendor’s update utility and hardcoded more than 600 MAC addresses to select true targets from a much larger distribution pool. It also covers leaks involving alleged OilRig, MuddyWater, and RANA institute materials, noting that targeting and TTPs were partly consistent with known actors while some origins remained unconfirmed. Additional sections discuss DarkUniverse, WhatsApp exploitation attributed in litigation to NSO Group, FinSpy mobile implants, and iOS exploitation chains delivered through water-holed websites.