Tag: cyberespionage
-
Suspected Chinese Cyberespionage Operation Hits 53 Telecoms
Google Unmasks, Disrupts Group Using Sheets for Command-and-Control Purposes. Likely Chinese nation-state hackers used online spreadsheets as infrastructure for hacking campaigns that affected at least 53 telecom operators across 42 countries, Google disclosed Wednesday. Incident responders discovered a backdoor being remotely controlled through Google Sheets. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/suspected-chinese-cyberespionage-operation-hits-53-telecoms-a-30857
-
Google disrupts Сhina-linked cyberespionage campaign spanning dozens of countries
A cyberespionage campaign carried out by a China-linked threat actor affected at least 53 government and telecom organizations across 42 countries, Google said. First seen on therecord.media Jump to article: therecord.media/china-cyber-espionage-google-disrupt
-
China-linked hackers used Google Sheets to spy on telecoms and governments across 42 countries
Tags: access, api, apt, china, cloud, communications, cyber, cyberespionage, data, defense, endpoint, espionage, google, government, group, hacker, infrastructure, intelligence, linux, mandiant, monitoring, network, phone, radius, service, spy, theft, threat, vpnHow Mandiant found it: The campaign came to light during a Mandiant Threat Defense investigation, when analysts flagged unusual activity on a CentOS server. A binary named xapt, designed to masquerade as the apt package manager on Debian-based Linux systems, had already escalated to root and was running shell commands to confirm its access level,…
-
China-linked hackers exploited Dell zero-day since 2024 (CVE-2026-22769)
A suspected China-linked cyberespionage group has been covertly exploiting a critical zero-day flaw (CVE-2026-22769) in Dell’s RecoverPoint for Virtual Machines software since … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/18/exploited-dell-zero-day-cve-2026-22769-brickstorm-grimbolt/
-
Fresh Cyberespionage Operation Tied to Iranian Surveillance
Malware Campaign Uses Lures With Positive Portrayal of Anti-Tehran Protests. A new malware campaign is using a positive-sounding report into the recent protests in Iran, accompanied by real photos and videos, as lures in an apparent cyberespionage operation designed to conduct surveillance of dissident researchers and global communities, warn security researchers. First seen on govinfosecurity.com…
-
Norway Says Salt Typhoon Hackers Hit Vulnerable Systems
Security Service Says China-Linked Actor Compromised Vulnerable Network Devices. Norway’s security service confirmed it was targeted by the China-linked Salt Typhoon campaign, marking one of Europe’s clearest public acknowledgements that the cyberespionage operation extended beyond U.S. telecom and federal networks into allied infrastructure. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/norway-says-salt-typhoon-hackers-hit-vulnerable-systems-a-30721
-
Unit 42 meldet Aufdeckung weltweiter Cyberspionage-Kampagne gegen Regierungen
Tags: cyberespionageFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/unit-42-aufdeckung-weltweit-cyberspionage-kampagne-regierungen
-
State actor targets 155 countries in ‘Shadow Campaigns’ espionage op
A new state-aligned cyberespionage threat group tracked as TGR-STA-1030/UNC6619, has conducted a global-scale operation dubbed the “Shadow Campaigns,” where it targeted government infrastructure in 155 countries. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/state-actor-targets-155-countries-in-shadow-campaigns-espionage-op/
-
China’s Salt Typhoon hackers broke into Norwegian companies
Norway’s government accused China’s Salt Typhoon hacking group of conducting a cyberespionage campaign in the country. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/06/chinas-salt-typhoon-hackers-broke-into-norwegian-companies/
-
Threat Group Running Espionage Operations Against Dozens of Governments
Unit 42 researchers say an Asian threat group behind what they call the Shadow Campaigns has targeted government agencies in 37 countries in a wide-ranging global cyberespionage campaign that has involved phishing attacks and the exploitation of a more than a dozen known vulnerabilities. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/threat-group-running-espionage-operations-against-dozens-of-governments/
-
Researchers uncover vast cyberespionage operation targeting dozens of governments worldwide
Unit 42 tracked the compromise of at least 70 institutions across the 37 countries, with the hackers maintaining access to some victims for months. In one country, the hackers gained access to the parliament and a senior elected official. First seen on therecord.media Jump to article: therecord.media/research-cyber-espionage-targeting-dozens-worldwide
-
Amaranth-Dragon Zielgerichtete Cyberspionage gegen Behörden in Südostasien
Check Point Software Technologies hat über die Sicherheitsforscher von Check Point Research (CPR) hochgradig zielgerichtete Cyberspionagekampagnen aufgedeckt. Sie richteten sich im Jahr 2025 gegen Regierungs- und Strafverfolgungsbehörden in der ASEAN-Region. Die Aktivitäten werden einem bislang öffentlich nicht dokumentierten Bedrohungsakteur namens ‘Amaranth-Dragon” zugeschrieben, der eng mit dem chinesisch zugeordneten APT-41-Ökosystem verbunden ist. Die wichtigsten Ergebnisse im…
-
New Amaranth Dragon cyberespionage group exploits WinRAR flaw
Tags: attack, china, cyberespionage, espionage, exploit, flaw, government, group, law, threat, vulnerabilityA new threat actor called Amaranth Dragon, linked to APT41 state-sponsored Chinese operations, exploited the CVE-2025-8088 vulnerability in WinRAR in espionage attacks on government and law enforcement agencies. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-amaranth-dragon-cyberespionage-group-exploits-winrar-flaw/
-
Lazarus Hackers Target European Drone Manufacturers in Active Campaign
The North Korean state-sponsored Lazarus hacking group has launched a sophisticated cyberespionage campaign targeting European defense contractors involved in uncrewed aerial vehicle (UAV) manufacturing. The attacks appear directly linked to North Korea’s efforts to accelerate its domestic drone production capabilities through industrial espionage. The targeted organizations include a metal engineering firm, an aircraft component manufacturer,…
-
Credential-harvesting attacks by APT28 hit Turkish, European, and Central Asian organizations
Russia-linked cyberespionage group APT28 targets energy, nuclear, and policy staff in Turkey, Europe, North Macedonia, and Uzbekistan with credential-harvesting attacks. Between February and September 2025, Recorded Future’s Insikt Group observed Russia-linked group APT28 (aka UAC-0001, Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) running credential-harvesting campaigns. Targets included Turkish energy and nuclear agency staff, European think tank personnel, and organizations…
-
Chinese Hackers Deploy Rootkit to Stealthily Mask ToneShell Malware
Tags: apt, backdoor, china, cyber, cyberespionage, government, group, hacker, malicious, malware, technology, toolA sophisticated cyberespionage campaign leveraging kernel-mode rootkit technology has been discovered targeting government organizations across Southeast and East Asia, with Myanmar and Thailand bearing the brunt of attacks. Security researchers identified a malicious driver delivering the ToneShell backdoor, a hallmark tool of the Chinese-nexus HoneyMyte APT group, also tracked as Mustang Panda or Bronze President.…
-
Evasive Panda cyberespionage campaign uses DNS poisoning to install MgBot backdoor
China-linked APT Evasive Panda used DNS poisoning to deliver the MgBot backdoor in targeted cyber-espionage attacks in Türkiye, China, and India. Kaspersky researchers spotted the China-linked APT group Evasive Panda (aka Daggerfly, Bronze Highland, and StormBamboo) running a targeted cyber-espionage campaign using DNS poisoning to deliver the MgBot backdoor against victims in Türkiye, China, and…
-
Russian Credential-Harvesting Apes Ukraine Webmail Platform
Widely Used ukr.net Is a Repeat Focus for APT28 Cyberespionage Operations. Don’t expect cyber spies to respect distinctions between military and civilian networks, especially in times of war, warn researchers tracking persistent Russian military intelligence credential-harvesting attacks against users of Ukraine’s popular, commercial UKR.NET webmail platform. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/russian-credential-harvesting-apes-ukraine-webmail-platform-a-30325
-
Russische APT-Gruppe greift westliche KRITIS-Betreiber an
Tags: access, apt, authentication, backup, blizzard, cloud, credentials, cve, cyberattack, cyberespionage, infrastructure, intelligence, kritis, malware, mfa, mssp, router, service, threat, veeam, vpn, vulnerability, zero-dayEine russische Cyberspionage-Kampagne zielt auf Energieversorger.Das Team von Amazon Threat Intelligence stellte fest, dass eine vom russischen Staat geförderte Cyberspionagegruppe vermehrt Energieunternehmen und Anbieter kritischer Infrastrukturen (KRITIS) ins Visier genommen hat.Die Gruppe ist demnach seit mindestens 2021 aktiv und hat es vor allem auf Fehlkonfigurationen von Geräten abgesehen. Die Angreifer nutzen aber auch bekannte Schwachstellen…
-
Russische APT-Gruppe greift westliche KRITIS-Betreiber an
Tags: access, apt, authentication, backup, blizzard, cloud, credentials, cve, cyberattack, cyberespionage, infrastructure, intelligence, kritis, malware, mfa, mssp, router, service, threat, veeam, vpn, vulnerability, zero-dayEine russische Cyberspionage-Kampagne zielt auf Energieversorger.Das Team von Amazon Threat Intelligence stellte fest, dass eine vom russischen Staat geförderte Cyberspionagegruppe vermehrt Energieunternehmen und Anbieter kritischer Infrastrukturen (KRITIS) ins Visier genommen hat.Die Gruppe ist demnach seit mindestens 2021 aktiv und hat es vor allem auf Fehlkonfigurationen von Geräten abgesehen. Die Angreifer nutzen aber auch bekannte Schwachstellen…
-
Russische APT-Gruppe greift westliche KRITIS-Betreiber an
Tags: access, apt, authentication, backup, blizzard, cloud, credentials, cve, cyberattack, cyberespionage, infrastructure, intelligence, kritis, malware, mfa, mssp, router, service, threat, veeam, vpn, vulnerability, zero-dayEine russische Cyberspionage-Kampagne zielt auf Energieversorger.Das Team von Amazon Threat Intelligence stellte fest, dass eine vom russischen Staat geförderte Cyberspionagegruppe vermehrt Energieunternehmen und Anbieter kritischer Infrastrukturen (KRITIS) ins Visier genommen hat.Die Gruppe ist demnach seit mindestens 2021 aktiv und hat es vor allem auf Fehlkonfigurationen von Geräten abgesehen. Die Angreifer nutzen aber auch bekannte Schwachstellen…
-
GOLD BLADE: Custom QWCrypt Locker for Data Exfiltration and Ransomware Deployment
Between February 2024 and August 2025, security researchers uncovered a significant campaign orchestrated by the GOLD BLADE threat group, previously known as RedCurl, RedWolf, and Earth Kapre. The investigation of nearly 40 intrusions linked to STAC6565 reveals a sophisticated threat actor that has evolved from traditional cyberespionage into a hybrid operation combining data theft with…
-
GOLD BLADE: Custom QWCrypt Locker for Data Exfiltration and Ransomware Deployment
Between February 2024 and August 2025, security researchers uncovered a significant campaign orchestrated by the GOLD BLADE threat group, previously known as RedCurl, RedWolf, and Earth Kapre. The investigation of nearly 40 intrusions linked to STAC6565 reveals a sophisticated threat actor that has evolved from traditional cyberespionage into a hybrid operation combining data theft with…
-
GOLD BLADE: Custom QWCrypt Locker for Data Exfiltration and Ransomware Deployment
Between February 2024 and August 2025, security researchers uncovered a significant campaign orchestrated by the GOLD BLADE threat group, previously known as RedCurl, RedWolf, and Earth Kapre. The investigation of nearly 40 intrusions linked to STAC6565 reveals a sophisticated threat actor that has evolved from traditional cyberespionage into a hybrid operation combining data theft with…
-
GOLD BLADE: Custom QWCrypt Locker for Data Exfiltration and Ransomware Deployment
Between February 2024 and August 2025, security researchers uncovered a significant campaign orchestrated by the GOLD BLADE threat group, previously known as RedCurl, RedWolf, and Earth Kapre. The investigation of nearly 40 intrusions linked to STAC6565 reveals a sophisticated threat actor that has evolved from traditional cyberespionage into a hybrid operation combining data theft with…
-
Hackers Exploit Ivanti Connect Secure Vulnerabilities to Spread MetaRAT Malware
LAC’s Cyber Emergency Center has identified a sophisticated cyberespionage campaign targeting Japanese shipping and transportation companies. The operation, orchestrated by a China-based threat actor in April 2025, leveraged critical vulnerabilities in Ivanti Connect Secure (ICS) to deploy >>MetaRAT,
-
Hackers Exploit Ivanti Connect Secure Vulnerabilities to Spread MetaRAT Malware
LAC’s Cyber Emergency Center has identified a sophisticated cyberespionage campaign targeting Japanese shipping and transportation companies. The operation, orchestrated by a China-based threat actor in April 2025, leveraged critical vulnerabilities in Ivanti Connect Secure (ICS) to deploy >>MetaRAT,
-
OceanLotus Targets Xinchuang Ecosystem with Sophisticated Supply Chain Attacks
The advanced persistent threat (APT) group known as OceanLotus (APT32) has been observed launching a sophisticated cyberespionage campaign specifically targeting China’s >>Xinchuang
-
OceanLotus Targets Xinchuang Ecosystem with Sophisticated Supply Chain Attacks
The advanced persistent threat (APT) group known as OceanLotus (APT32) has been observed launching a sophisticated cyberespionage campaign specifically targeting China’s >>Xinchuang
-
OceanLotus Targets Xinchuang Ecosystem with Sophisticated Supply Chain Attacks
The advanced persistent threat (APT) group known as OceanLotus (APT32) has been observed launching a sophisticated cyberespionage campaign specifically targeting China’s >>Xinchuang