Tag: cyberespionage
-
Russian Nation-State Hackers Join Forces to Target Ukraine
First-Ever Malware Tie-Up Spotted Between FSB’s Turla and Gamaredon Hacking Groups. Two long-running advanced persistent threat groups tied to Russia’s Federal Security Service, the FSB, called Turla and Gamaredon, appear for the first time to be running a joint cyberespionage operation using their separate malware arsenals, designed to hit high-value targets in Ukraine. First seen…
-
Russland und China nehmen deutsche Wirtschaft ins Visier
Laut einer Bitkom-Umfrage kommen die meisten Cyberangriffe auf Unternehmen hierzulande noch immer aus Russland und China.Knapp drei von vier Unternehmen hierzulande berichten von zunehmenden Angriffen analog und digital. Der Schaden wird auf rund 289 Milliarden Euro geschätzt. Das geht aus einer repräsentativen Befragung von mehr als 1.000 Unternehmen unterschiedlicher Branchen durch den Digitalverband Bitkom hervor. Demnach…
-
What’s Old Is New Again as Iranian Hackers Exploit Macros
MuddyWater Also Embraces Bulletproof Hosts and Custom Malware. The Iranian nation-state cyberespionage group MuddyWater is going back to the future with attacks featuring Microsoft Office documents with malicious macros. It is also shifting to homegrown malware in place of commercial remote monitoring and management tools, said researchers. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/whats-old-new-again-as-iranian-hackers-exploit-macros-a-29465
-
Czech cyber agency NUKIB flags Chinese espionage risks to critical infrastructure
Tags: china, cyber, cyberespionage, cybersecurity, espionage, group, healthcare, infrastructure, risk, threatCzech cybersecurity agency NUKIB warns of Chinese cyber threats to critical infrastructure, citing the cyberespionage group APT31 and risky devices. The Czech Republic’s National Cyber and Information Security Agency (NUKIB) warns of growing risks from Chinese-linked technologies in critical sectors like energy, healthcare, transport, and government. The agency warns of risks from Chinese-made devices (phones,…
-
Russian-Linked ATP29 Makes Another Run at Microsoft Credentials
Amazon researchers disrupted a watering hole campaign by Russian-linked cyberespionage group APT29 designed to use compromised websites to trick users into giving the threat actors access to their Microsoft accounts and data via the tech giant’s device code authentication flow. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/russian-linked-atp29-makes-another-run-at-microsoft-credentials/
-
Dutch intelligence warn that China-linked APT Salt Typhoon targeted local critical infrastructure
Dutch intelligence reports Chinese cyber spies (Salt Typhoon, RedMike) targeted the Netherlands, hitting critical infrastructure. The Dutch intelligence and security services MIVD and AIVD say Chinese cyber spies linked to Salt Typhoon (RedMike) targeted the Netherlands in a campaign hitting global critical infrastructure. In late 2024, a large-scale Chinese cyberespionage campaign targeting global telecoms was…
-
China linked UNC6384 targeted diplomats by hijacking web traffic
The China-linked APT group UNC6384 targeted diplomats by hijacking web traffic to redirect it to a website that delivered malware. China-linked cyberespionage group UNC6384 targeted diplomats by hijacking web traffic to redirect to a website used to deliver malware, Google’s Threat Intelligence Group (GTIG) warns. Cyberspies hijacked a network’s captive portal using an advanced adversary-in-the-middle…
-
Fertigungsbranche zunehmend Ziel von Cyberspionage
Die Fertigungsindustrie gerät zunehmend ins Visier gezielter Cyberangriffe. Der ‘Verizon Data Breach Investigations Report” (DBIR) für das Jahr 2025 zeigt: Die Zahl der bestätigten Datenschutzverletzungen in dieser Branche hat sich in der EMEA-Region im Vergleich zum Vorjahr nahezu verdoppelt. Besonders alarmierend ist der Anstieg staatlich motivierter Spionageangriffe, die inzwischen 20 % aller Vorfälle ausmachen. Gleichzeitig…
-
China linked Silk Typhoon targeted diplomats by hijacking web traffic
The China-linked APT group Silk Typhoon targeted diplomats by hijacking web traffic to redirect it to a website that delivered malware. China-linked cyberespionage group Silk Typhoon targeted diplomats by hijacking web traffic to redirect to a website used to deliver malware, Google’s Threat Intelligence Group (GTIG) warns. Cyberspies hijacked a network’s captive portal using an…
-
Russian Hackers Hitting Critical Infrastructure, FBI Warns
Tags: cisco, cyberespionage, espionage, exploit, government, group, hacker, infrastructure, intelligence, russia, vulnerabilityState-Sponsored Espionage Group Tied to Exploits of No-Longer-Supported Cisco Gear. Russian intelligence hackers are using obsolete and unpatched equipment made by networking mainstay Cisco Systems to further stealthy and ongoing cyberespionage operations, the U.S. federal government warned Wednesday. Hackers exploit a vulnerability in the Smart Install feature of Cisco devices. First seen on govinfosecurity.com Jump…
-
Ballooning PolarEdge Botnet a Suspected Cyberespionage Op
PolarNet Has Hallmarks of an Operational Relay Box. Nearly 40,000 enterprise-grade devices and consumer-class routers, IP cameras and more are infected with malware researchers codenamed PolarEdge, controlled by a botnet of the same name, which experts suspect is designed to hide traffic tied to cyberespionage operations. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ballooning-polaredge-botnet-suspected-cyberespionage-op-a-29246
-
Cyberspionage via Sicherheitslücke in WinRAR
ESET-Forscher haben eine bisher unbekannte Schwachstelle im beliebten Komprimierungsprogramm entdeckt, die von der russlandnahen Hackergruppe Romcom ausgenutzt wurde. Laut ESET-Telemetriedaten hat die Gruppe zwischen dem 18. und 21. Juli 2025 bösartige Archive in Spear-Phishing-Kampagnen eingesetzt, die sich gegen Finanz-, Fertigungs-, Rüstungs- und Logistikunternehmen in Europa und Kanada richteten. Das Ziel der Angriffe war Cyberspionage. […]…
-
Blizzard Group’s ApolloShadow Malware Installs Root Certificates to Trust Malicious Sites
Tags: blizzard, cyber, cyberespionage, data-breach, group, intelligence, Internet, malicious, malware, microsoft, russia, service, threatMicrosoft Threat Intelligence has exposed a sophisticated cyberespionage operation orchestrated by the Russian state-sponsored actor tracked as Secret Blizzard, which has been actively compromising foreign embassies in Moscow through an adversary-in-the-middle (AiTM) technique to deploy the custom ApolloShadow malware. This campaign, ongoing since at least 2024, leverages an AiTM position at the Internet Service Provider…
-
Russia-linked APT Secret Blizzard targets foreign embassies in Moscow with ApolloShadow malware
Russia-linked Secret Blizzard targets foreign embassies in Moscow via ISP-level AitM attacks, deploying custom ApolloShadow malware. Microsoft researchers uncovered a cyberespionage campaign by the Russia-linked APT group Secret Blizzard (aka Turla, Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) targeting foreign embassies in Moscow. The threat actor uses an adversary-in-the-middle (AiTM) method at the ISP level to deploy custom malware called ApolloShadow. This…
-
The Kremlin’s Most Devious Hacking Group Is Using Russian ISPs to Plant Spyware
The FSB cyberespionage group known as Turla seems to have used its control of Russia’s network infrastructure to meddle with web traffic and trick diplomats into infecting their computers. First seen on wired.com Jump to article: www.wired.com/story/russia-fsb-turla-secret-blizzard-apolloshadow-isp-cyberespionage/
-
CISA Pledges to Release Salt Typhoon Report
Senator Declines to Lift Hold on Trump’s CISA Nominee Without Clear Timeline. The U.S. Cybersecurity and Infrastructure Security Agency plans to release a report on telecom vulnerabilities exploited in the Salt Typhoon cyberespionage campaign to help move along President Donald Trump’s nomination to lead the agency – but Sen. Ron Wyden still intends to delay…
-
China-linked group Fire Ant exploits VMware and F5 flaws since early 2025
Tags: access, breach, china, cyberespionage, cybersecurity, exploit, flaw, group, infrastructure, vcenter, vmware, vulnerabilityChina-linked group Fire Ant exploits VMware and F5 flaws to stealthily breach secure systems, reports cybersecurity firm Sygnia. China-linked cyberespionage group Fire Ant is exploiting VMware and F5 vulnerabilities to stealthily access secure, segmented systems, according to Sygnia. Since early 2025, the group has targeted virtualization and networking infrastructure, primarily VMware ESXi and vCenter environments.…
-
APT41 Unleashes Full Arsenal in Rare African Cyberespionage Campaign
Tags: cyberespionageThe post APT41 Unleashes Full Arsenal in Rare African Cyberespionage Campaign appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/apt41-unleashes-full-arsenal-in-rare-african-cyberespionage-campaign/
-
APT41 Hackers Exploiting Atexec and WmiExec Windows Modules for Malware Deployment
Kaspersky MDR analysts recently uncovered a sophisticated targeted attack by the Chinese-speaking cyberespionage group APT41 against government IT services in the African region, marking a notable escalation in the group’s activity on the continent, which had previously seen minimal incidents from this actor. The attackers embedded hardcoded names of internal services, IP addresses, and proxy…
-
Fancy Bear Hackers Target Governments and Military Entities with Advanced Tools
Tags: cyber, cyberespionage, cybersecurity, espionage, finance, government, group, hacker, military, russia, toolFancy Bear, designated as APT28 by cybersecurity experts, represents a sophisticated Russian cyberespionage collective operational since 2007, renowned for infiltrating governments, military organizations, and strategic entities globally. This group, also known under aliases such as Sofacy, Sednit, STRONTIUM, and Unit 26165, pursues motivations encompassing financial gain, reputational sabotage, espionage, and political agendas. Their operations frequently…
-
Chinese State-Sponsored Hackers Target Semiconductor Industry with Weaponized Cobalt Strike
Proofpoint Threat Research has identified a sophisticated multi-pronged cyberespionage campaign targeting Taiwan’s semiconductor industry between March and June 2025. Three distinct Chinese state-sponsored threat actors, designated as UNK_FistBump, UNK_DropPitch, and UNK_SparkyCarp, conducted coordinated phishing operations against organizations spanning semiconductor manufacturing, design, testing, supply chain entities, and financial investment analysts specializing in the Taiwanese semiconductor market.…
-
DoNot APT is expanding scope targeting European foreign ministries
DoNot APT, likely an India-linked cyberespionage group, targets European foreign ministries with LoptikMod malware. The DoNot APT group, likely linked to India, has expanded its operations and is targeting European foreign ministries with a new malware, called LoptikMod. The Donot Team (also known as APT-C-35 and Origami Elephant) has been active since 2016, focusing on government entities, foreign…
-
Italian Police Arrest Alleged Chinese Hacker Wanted by FBI
Shanghai Man Tied to Beijing-Backed Silk Typhoon Cyberespionage Attacks. Italian police arrested Chinese national Xu Zewei, 33, based on a U.S. arrest warrant charging the Shanghai resident with participating in Silk Typhoon cyberespionage attacks, including targeting novel coronavirus vaccine development information from the University of Texas. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/italian-police-arrest-alleged-chinese-hacker-wanted-by-fbi-a-28914
-
Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant
Italian police arrested a Chinese national linked to Silk Typhoon APT group at Milan’s Malpensa Airport on a U.S. warrant. Italian police arrested a Chinese national, Zewei Xu (33), at Milan’s Malpensa Airport on a U.S. warrant. Xu was arrested at Malpensa Airport on July 3rd after arriving on a flight from China. Authorities accused…
-
Alleged Chinese hacker tied to Silk Typhoon arrested for cyberespionage
A Chinese national was arrested in Milan, Italy, last week for allegedly being linked to the state-sponsored Silk Typhoon hacking group, which responsible for cyberattacks against American organizations and government agencies. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/alleged-chinese-hacker-tied-to-silk-typhoon-arrested-for-cyberespionage/
-
BladedFeline Exploits Whisper and PrimeCache to Breach IIS and Microsoft Exchange Servers
ESET researchers have uncovered a series of malicious tools deployed by BladedFeline, an Iran-aligned advanced persistent threat (APT) group, targeting Kurdish and Iraqi government officials. Active since at least 2017, BladedFeline has been linked with medium confidence to the notorious OilRig APT group, known for cyberespionage across the Middle East. Sophisticated Cyberespionage Campaign The group’s…
-
Erneute Cyberattacke auf Internationalen Strafgerichtshof
Tags: cyber, cyberattack, cybercrime, cyberespionage, cyersecurity, germany, hacker, infrastructure, intelligence, Internet, ransomware, service, ukraine, usaDer Internationale Strafgerichtshof wurde bereists zum zweiten Mal von einer Cyberattacke getroffen.Der Internationale Strafgerichtshof (IStGH) ist Opfer eines raffinierten Cyberangriffs geworden, dem zweiten großen Cyberspionageversuch gegen das Kriegsverbrechertribunal innerhalb von nur zwei Jahren. Der jüngste Vorfall ereignete sich während des NATO-Gipfels in Den Haag im Juni, als die Aufmerksamkeit der Weltöffentlichkeit auf die niederländische Hauptstadt…
-
North Korean crypto thieves deploy custom Mac backdoor
North Korean threat actors are targeting companies from the Web3 and crypto industries with a backdoor designed for macOS written in niche programming language Nim. The attackers are also using AppleScript for early stage payloads, including a fake Zoom update.”North Korean-aligned threat actors have previously experimented with Go and Rust, similarly combining scripts and compiled…
-
Chinesische Hacker haben über 1.000 SOHO-Geräte infiziert
Tags: backdoor, china, cisco, cyberattack, cybercrime, cyberespionage, hacker, iot, linux, malware, office, usa, vulnerability, windowsDutzende Cybercrime-Kampagnen mit Fokus auf Asien und die USA wurden als angebliche LAPD-Aktionen getarnt.Cybersecurity-Experten haben ein Netzwerk von mehr als 1.000 kompromittierten Small-Office- und Home-Office-Geräten (SOHO) entdeckt. Die Devices wurden laut den Experten dazu genutzt, eine langwierige Cyberspionage-Infrastrukturkampagne für chinesische Hacker-Gruppen zu ermöglichen. Das Strike-Team von SecurityScorecard entdeckte das dazugehörige Operational-Relay-Box (ORB)-Netzwerk und gab ihm…
-
New Mustang Panda cyberespionage campaign sets sights on Tibet
Tags: cyberespionageFirst seen on scworld.com Jump to article: www.scworld.com/brief/new-mustang-panda-cyberespionage-campaign-sets-sights-on-tibet