MUKILTEO, Wash. — Pacific Northwest leaders on Thursday celebrated the official launch of the Cascadia Sustainable Aviation Accelerator, an initiative that aspires to establish the region as a leader in sustainable aviation fuel (SAF).

“We have all the pieces in place to ensure this once-in-a-generation economic opportunity is realized, and this accelerator will make that happen,” said Washington Gov. Bob Ferguson.

SAF is widely viewed as the most promising, scalable solution for cutting carbon emissions from aviation. The fuel is typically made from plant-based sources and can be blended with conventional fossil fuels used to power aircraft. But it costs twice as much or more than existing fuels, and the industry has struggled to take off in the U.S. or internationally despite sustainability pledges by airlines and others.

The new accelerator hopes to close that price gap, create a SAF marketplace and boost fuel production. It’s kicking off with $10 million in state funding and a $10 million philanthropic gift.

Guy Palumbo, Amazon’s director of public policy, said the company is a SAF customer, buying 3.7 million gallons of the fuel in 2024 to make a small dent in the carbon impact of its air cargo transportation. And it would buy much more, he added, but the fuel isn’t available.

“This is a systems issue that no one company can solve,” Palumbo said. “You’ve got great companies up here in this room right now that are ready to use this fuel, but we have to make it available.”

The event highlighted the initiative’s public-private partnership by featuring speakers that also included Washington State Department of Commerce Director Joe Nguyen, Washington State University President Elizabeth Cantwell, county and state elected officials, leaders from Alaska Airlines, Boeing, SkyNRG and others.

The accelerator has a multi-pronged strategy that includes:

• Providing R&D resources for startups and other fuel manufacturers, including equipment and expertise.
• Promoting SAF-friendly policies.
• Helping facilitate funding for SAF producers, including purchase agreements with SAF customers.
• Developing feedstock supply chains for the fuel, which can include waste from agriculture and logging, algae, cooking oils, animal fats and manure.
• Supporting infrastructure development for transporting and blending low-carbon fuels with traditional aviation fuels to create SAF.

Establishing the sector is a Herculean task, but supporters argue this region is well-positioned for a SAF hub, citing its status as Boeing’s original home, its robust aviation industry, the availability of feedstocks, its strong environmental policies, and other strengths.

Despite years of work by organizations in Washington and around the globe, SAF comprises less than 1% of the aviation fuel in use today. And geopolitics — most recently including President Trump’s plans to begin cranking up oil production in Venezuela — continue to complicate progress.

“This is going to be a tremendous challenge. It’s going to be hard,” said Sen. Marko Liias of Mulkilteo. But, he added, “we know the rest of the world is going all in on SAF and this is the fuel of the future. There’s no better place than Washington state to catalyze the production of sustainable aviation fuel at scale.”

The need is pressing. Aviation’s impact on carbon emissions is growing as flights serving passenger travel and air cargo increase. There are companies developing sustainable aircraft, such as those powered by batteries and hydrogen fuel cells, but that technology will take decades to scale and its applications are uncertain. SAF, on the other hand, can be used in existing aircraft.

Multiple SAF companies are already operating in the Pacific Northwest:

• SkyNRG is a Dutch company building a SAF facility in Walla Walla, Wash., and will use renewable natural gas that’s captured at landfills and from dairy waste as a feedstock. On Thursday the company announced it has secured key environmental approvals from the state, and plans to start commercial operations in 2030.
• Montana Renewables is manufacturing approximately 30 million gallons of synthetic paraffinic kerosene, or SPK, each year, which is blended with jet fuel to make SAF. The Montana company employs used cooking oils, animal fat from meat production, and plant oils as its feedstock and plans to dramatically increase production.
• NXTClean Fuels has plans to develop two clean fuels facilities in Oregon. Its flagship site, a $3 billion plant at Port Westward on the Columbia River, is in the final stages of federal permitting and could break ground this year, with operations starting in late 2028 at the earliest.
• Twelve is a California-based company that broke ground in 2023 on a SAF facility called AirPlant One in Moses Lake, Wash., and is currently commissioning its facility. It plans to use liquid ethanol produced in the state as its carbon source.

In the coming months, the Cascadia Sustainable Aviation Accelerator is moving temporarily into a commercial space at Everett’s Paine Field airport. Initial funding has been secured to build a new facility, with the hope of completing construction no later than 2029.

The accelerator effort took root two years ago when Snohomish County Executive Dave Somers announced plans for a SAF center and state legislators from the county committed to seek funding for the initiative.

“Washington has been the SAF leader from the beginning,” said SkyNRG executive and former state Sen. Andy Billig. The first commercial test flight using SAF came from a Washington producer and was used on a Virgin Atlantic Boeing 747-400 flying from London to Amsterdam in 2008.

Hacktivism and geopolitically motivated APT groups have become a significant threat to many regions of the world in recent years, damaging infrastructure and important functions of government, business, and society. In late 2022 we predicted that the involvement of hacktivist groups in all major geopolitical conflicts from now on will only increase and this is what we’ve been observing throughout the years. With regard to the Ukrainian-Russian conflict, this has led to a sharp increase of activities carried out by groups that identify themselves as either pro-Ukrainian or pro-Russian.

The rise in cybercrime amid geopolitical tensions is alarming. Our Kaspersky Cyber Threat Intelligence team has been observing several geopolitically motivated threat actors and hacktivist groups operating in various conflict zones. Through collecting and analyzing extensive data on these groups’ tactics, techniques, and procedures (TTPs), we’ve discovered a concerning trend: hacktivists are increasingly interconnected with financially motivated groups. They share tools, infrastructure, and resources.

This collaboration has serious implications. Their campaigns may disrupt not only business operations but also ordinary citizens’ lives, affecting everything from banking services to personal data security or the functioning of the healthcare system. Moreover, monetized techniques can spread exponentially as profit-seeking actors worldwide replicate and refine them. We consider these technical findings a valuable resource for global cybersecurity efforts. In this report, we share observations on threat actors who identify themselves as pro-Ukrainian.

About this report

The main goal of this report is to provide technical evidence supporting the theory we’ve proposed based on our previous research: that most of the groups we describe here actively collaborate, effectively forming three major threat clusters.

This report includes:

• A library of threat groups, current as of 2025, with details on their main TTPs and tools.
• A technical description of signature tactics, techniques, procedures, and toolsets used by these groups. This information is intended for practical use by SOC, DFIR, CTI, and threat hunting professionals.

What this report covers

This report contains information on the current TTPs of hacktivists and APT groups targeting Russian organizations particularly in 2025, however they are not limited to Russia as a target. Further research showed that among some of the groups’ targets, such as CloudAtlas and XDSpy, were assets in European, Asian, and Middle Eastern countries. In particular, traces of infections were discovered in 2024 in Slovakia and Serbia. The report doesn’t include groups that emerged in 2025, as we didn’t have sufficient time to research their activity. We’ve divided all groups into three clusters based on their TTPs:

• Cluster I combines hacktivist and dual-purpose groups that use similar tactics, techniques, and tools. This cluster is characterized by:
• Shared infrastructure
• A unique software suite
• Identical processes, command lines, directories, and so on
• Distinctive TTPs
• Cluster II comprises APT groups that have different TTPs from the hacktivists. Among these, we can distinguish simple APTs (characterized by their use of third-party utilities, scripts that carry out all the malicious logic, shared domain registrars, and concealing their real infrastructure behind reverse proxy systems – for example, using Cloudflare services), and more sophisticated ones (distinguished by their unique TTPs).
• Cluster III includes hacktivist groups for which we’ve observed no signs of collaboration with other groups described here.

Example: Cyberthreat landscape in Russia in 2025

Hacktivism remains the key threat to Russian businesses and businesses in other conflict areas today, and the scale and complexity of these attacks keep growing. Traditionally, the term “hacktivism” refers to a blend of hacking and activism, where attackers use their skills to achieve social or political goals. Over the past few years, these threat actors have become more experienced and organized, collaborating with one another and sharing knowledge and tools to achieve common objectives.

Additionally, a new phenomenon known as “dual-purpose groups” has appeared in the Russian threat landscape in recent years. We’ve detected links between hacktivists and financially motivated groups. They use the same tools, techniques, and tactics, and even share common infrastructure and resources. Depending on the victim, they may pursue a variety of goals: demanding a ransom to decrypt data, causing irreparable damage, or leaking stolen data to the media. This suggests that these attackers belong to a single complex cluster.

Beyond this, “traditional” categories of attackers continue to operate in Russia and other regions: groups engaged in cyberespionage and purely financially motivated threat actors also remain a significant problem. Like other groups, geopolitically motivated groups are cybercriminals who undermine the secure and trustworthy use of digitalization opportunities and they can change and adapt their target regions depending on political developments.

That is why it is important to also be aware of the TTPs used by threat actors who appear to be attacking other targets. We will continue to monitor geopolitically motivated threat actors and publish technical reports about their TTPs.

Recommendations

To defend against the threats described in this report, Kaspersky experts recommend the following:

• Provide your SOC teams with access to up-to-date information on the latest attacker tactics, techniques, and procedures (TTPs). Threat intelligence feeds from reliable providers, like Kaspersky Threat Intelligence, can help with this.
• Use a comprehensive security solution that combines centralized monitoring and analysis, advanced threat detection and response, and security incident investigation tools. The Kaspersky NEXT XDR platform provides this functionality and is suitable for medium and large businesses in any industry.
• Protect every component of modern and legacy industrial automation systems with specialized OT security solutions. Kaspersky Industrial CyberSecurity (KICS) — an XDR-class platform — ensures reliable protection for critical infrastructure in energy, manufacturing, mining, and transportation.
• Conduct regular security awareness training for employees to reduce the likelihood of successful phishing and other social engineering attacks. Kaspersky Automated Security Awareness Platform is a good option for this.

The report is available for our partners and customers. If you are interested, please contact report@kaspersky.com