Tag: cyberespionage
-
North Korean Hackers Target UAV Industry to Steal Confidential Data
ESET researchers have uncovered a sophisticated cyberespionage campaign targeting European defense companies specializing in unmanned aerial vehicle (UAV) technology. The attacks, attributed to the North Korea-aligned Lazarus group operating under Operation DreamJob, reveal a coordinated effort to steal proprietary manufacturing data and design specifications from critical players in the drone industry. The campaign, observed beginning…
-
North Korean Hackers Target UAV Industry to Steal Confidential Data
ESET researchers have uncovered a sophisticated cyberespionage campaign targeting European defense companies specializing in unmanned aerial vehicle (UAV) technology. The attacks, attributed to the North Korea-aligned Lazarus group operating under Operation DreamJob, reveal a coordinated effort to steal proprietary manufacturing data and design specifications from critical players in the drone industry. The campaign, observed beginning…
-
PassiveNeuron Cyberespionage Resurfaces: APT Abuses MS SQL Servers to Deploy Stealthy Neursite Backdoor
The post PassiveNeuron Cyberespionage Resurfaces: APT Abuses MS SQL Servers to Deploy Stealthy Neursite Backdoor appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/passiveneuron-cyberespionage-resurfaces-apt-abuses-ms-sql-servers-to-deploy-stealthy-neursite-backdoor/
-
PassiveNeuron Targets High-Profile Servers to Deploy Malware
A sophisticated cyberespionage campaign dubbed PassiveNeuron has emerged from the shadows after months of dormancy, with security researchers uncovering fresh details about its operations and attack methods. The campaign, first detected in June 2024, has resurfaced with renewed vigor, targeting government, financial and industrial organizations across Asia, Africa and Latin America with previously unknown malware…
-
Salt Typhoon Targets European Telecom
Attack Began With Citrix NetScaler Gateway Compromise, Darktrace Said. The Chinese cyberespionage hackers commonly tracked as Salt Typhoon haven’t stopped their campaign against global telecoms, says managed threat detection firm Darktrace. The group has made telecoms and other digital infrastructure a primary target. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/salt-typhoon-targets-european-telecom-a-29766
-
Flax Typhoon APT exploited ArcGIS server for over a year as a backdoor
China-linked cyberespionage group Flax Typhoon hijacked an ArcGIS system for over a year and used it as a backdoor. China-linked APT group Flax Typhoon (aka Ethereal Panda or RedJuliett) compromised an ArcGIS system for over a year, using it as a backdoor. ArcGIS, a key GIS platform for mapping and analysis, supports vital services like…
-
Arrests Underscore Fears of Teen Cyberespionage Recruitment
Telegram Used to Lure Teen Recon Recruits. The late September arrest of two teenagers in the Netherlands on suspicion of capturing Wi-Fi signals for pro-Russian hackers has sparked warnings from security analysts over a digital drive for low-skill reconnaissance tasks by nation-state spymasters. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/arrests-underscore-fears-teen-cyberespionage-recruitment-a-29681
-
Chinese Hackers Deploy New PlugX Variant
Sophisticated Cyberespionage Campaign Targets Asian Telecom, Manufacturing Sectors. A remote access Trojan that’s a staple of Chinese nation-state hacking is part of an ongoing campaign targeting telecom and manufacturing sectors in Central and South Asian countries. The threat actor, tracked as Naikon, apparently has access to a new variant of PlugX malware. First seen on…
-
Russian Nation-State Hackers Join Forces to Target Ukraine
First-Ever Malware Tie-Up Spotted Between FSB’s Turla and Gamaredon Hacking Groups. Two long-running advanced persistent threat groups tied to Russia’s Federal Security Service, the FSB, called Turla and Gamaredon, appear for the first time to be running a joint cyberespionage operation using their separate malware arsenals, designed to hit high-value targets in Ukraine. First seen…
-
Russland und China nehmen deutsche Wirtschaft ins Visier
Laut einer Bitkom-Umfrage kommen die meisten Cyberangriffe auf Unternehmen hierzulande noch immer aus Russland und China.Knapp drei von vier Unternehmen hierzulande berichten von zunehmenden Angriffen analog und digital. Der Schaden wird auf rund 289 Milliarden Euro geschätzt. Das geht aus einer repräsentativen Befragung von mehr als 1.000 Unternehmen unterschiedlicher Branchen durch den Digitalverband Bitkom hervor. Demnach…
-
What’s Old Is New Again as Iranian Hackers Exploit Macros
MuddyWater Also Embraces Bulletproof Hosts and Custom Malware. The Iranian nation-state cyberespionage group MuddyWater is going back to the future with attacks featuring Microsoft Office documents with malicious macros. It is also shifting to homegrown malware in place of commercial remote monitoring and management tools, said researchers. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/whats-old-new-again-as-iranian-hackers-exploit-macros-a-29465
-
Czech cyber agency NUKIB flags Chinese espionage risks to critical infrastructure
Tags: china, cyber, cyberespionage, cybersecurity, espionage, group, healthcare, infrastructure, risk, threatCzech cybersecurity agency NUKIB warns of Chinese cyber threats to critical infrastructure, citing the cyberespionage group APT31 and risky devices. The Czech Republic’s National Cyber and Information Security Agency (NUKIB) warns of growing risks from Chinese-linked technologies in critical sectors like energy, healthcare, transport, and government. The agency warns of risks from Chinese-made devices (phones,…
-
Russian-Linked ATP29 Makes Another Run at Microsoft Credentials
Amazon researchers disrupted a watering hole campaign by Russian-linked cyberespionage group APT29 designed to use compromised websites to trick users into giving the threat actors access to their Microsoft accounts and data via the tech giant’s device code authentication flow. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/russian-linked-atp29-makes-another-run-at-microsoft-credentials/
-
Dutch intelligence warn that China-linked APT Salt Typhoon targeted local critical infrastructure
Dutch intelligence reports Chinese cyber spies (Salt Typhoon, RedMike) targeted the Netherlands, hitting critical infrastructure. The Dutch intelligence and security services MIVD and AIVD say Chinese cyber spies linked to Salt Typhoon (RedMike) targeted the Netherlands in a campaign hitting global critical infrastructure. In late 2024, a large-scale Chinese cyberespionage campaign targeting global telecoms was…
-
China linked UNC6384 targeted diplomats by hijacking web traffic
The China-linked APT group UNC6384 targeted diplomats by hijacking web traffic to redirect it to a website that delivered malware. China-linked cyberespionage group UNC6384 targeted diplomats by hijacking web traffic to redirect to a website used to deliver malware, Google’s Threat Intelligence Group (GTIG) warns. Cyberspies hijacked a network’s captive portal using an advanced adversary-in-the-middle…
-
Fertigungsbranche zunehmend Ziel von Cyberspionage
Die Fertigungsindustrie gerät zunehmend ins Visier gezielter Cyberangriffe. Der ‘Verizon Data Breach Investigations Report” (DBIR) für das Jahr 2025 zeigt: Die Zahl der bestätigten Datenschutzverletzungen in dieser Branche hat sich in der EMEA-Region im Vergleich zum Vorjahr nahezu verdoppelt. Besonders alarmierend ist der Anstieg staatlich motivierter Spionageangriffe, die inzwischen 20 % aller Vorfälle ausmachen. Gleichzeitig…
-
China linked Silk Typhoon targeted diplomats by hijacking web traffic
The China-linked APT group Silk Typhoon targeted diplomats by hijacking web traffic to redirect it to a website that delivered malware. China-linked cyberespionage group Silk Typhoon targeted diplomats by hijacking web traffic to redirect to a website used to deliver malware, Google’s Threat Intelligence Group (GTIG) warns. Cyberspies hijacked a network’s captive portal using an…
-
Russian Hackers Hitting Critical Infrastructure, FBI Warns
Tags: cisco, cyberespionage, espionage, exploit, government, group, hacker, infrastructure, intelligence, russia, vulnerabilityState-Sponsored Espionage Group Tied to Exploits of No-Longer-Supported Cisco Gear. Russian intelligence hackers are using obsolete and unpatched equipment made by networking mainstay Cisco Systems to further stealthy and ongoing cyberespionage operations, the U.S. federal government warned Wednesday. Hackers exploit a vulnerability in the Smart Install feature of Cisco devices. First seen on govinfosecurity.com Jump…
-
Ballooning PolarEdge Botnet a Suspected Cyberespionage Op
PolarNet Has Hallmarks of an Operational Relay Box. Nearly 40,000 enterprise-grade devices and consumer-class routers, IP cameras and more are infected with malware researchers codenamed PolarEdge, controlled by a botnet of the same name, which experts suspect is designed to hide traffic tied to cyberespionage operations. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ballooning-polaredge-botnet-suspected-cyberespionage-op-a-29246
-
Cyberspionage via Sicherheitslücke in WinRAR
ESET-Forscher haben eine bisher unbekannte Schwachstelle im beliebten Komprimierungsprogramm entdeckt, die von der russlandnahen Hackergruppe Romcom ausgenutzt wurde. Laut ESET-Telemetriedaten hat die Gruppe zwischen dem 18. und 21. Juli 2025 bösartige Archive in Spear-Phishing-Kampagnen eingesetzt, die sich gegen Finanz-, Fertigungs-, Rüstungs- und Logistikunternehmen in Europa und Kanada richteten. Das Ziel der Angriffe war Cyberspionage. […]…
-
Blizzard Group’s ApolloShadow Malware Installs Root Certificates to Trust Malicious Sites
Tags: blizzard, cyber, cyberespionage, data-breach, group, intelligence, Internet, malicious, malware, microsoft, russia, service, threatMicrosoft Threat Intelligence has exposed a sophisticated cyberespionage operation orchestrated by the Russian state-sponsored actor tracked as Secret Blizzard, which has been actively compromising foreign embassies in Moscow through an adversary-in-the-middle (AiTM) technique to deploy the custom ApolloShadow malware. This campaign, ongoing since at least 2024, leverages an AiTM position at the Internet Service Provider…
-
Russia-linked APT Secret Blizzard targets foreign embassies in Moscow with ApolloShadow malware
Russia-linked Secret Blizzard targets foreign embassies in Moscow via ISP-level AitM attacks, deploying custom ApolloShadow malware. Microsoft researchers uncovered a cyberespionage campaign by the Russia-linked APT group Secret Blizzard (aka Turla, Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) targeting foreign embassies in Moscow. The threat actor uses an adversary-in-the-middle (AiTM) method at the ISP level to deploy custom malware called ApolloShadow. This…
-
The Kremlin’s Most Devious Hacking Group Is Using Russian ISPs to Plant Spyware
The FSB cyberespionage group known as Turla seems to have used its control of Russia’s network infrastructure to meddle with web traffic and trick diplomats into infecting their computers. First seen on wired.com Jump to article: www.wired.com/story/russia-fsb-turla-secret-blizzard-apolloshadow-isp-cyberespionage/
-
CISA Pledges to Release Salt Typhoon Report
Senator Declines to Lift Hold on Trump’s CISA Nominee Without Clear Timeline. The U.S. Cybersecurity and Infrastructure Security Agency plans to release a report on telecom vulnerabilities exploited in the Salt Typhoon cyberespionage campaign to help move along President Donald Trump’s nomination to lead the agency – but Sen. Ron Wyden still intends to delay…
-
China-linked group Fire Ant exploits VMware and F5 flaws since early 2025
Tags: access, breach, china, cyberespionage, cybersecurity, exploit, flaw, group, infrastructure, vcenter, vmware, vulnerabilityChina-linked group Fire Ant exploits VMware and F5 flaws to stealthily breach secure systems, reports cybersecurity firm Sygnia. China-linked cyberespionage group Fire Ant is exploiting VMware and F5 vulnerabilities to stealthily access secure, segmented systems, according to Sygnia. Since early 2025, the group has targeted virtualization and networking infrastructure, primarily VMware ESXi and vCenter environments.…
-
APT41 Unleashes Full Arsenal in Rare African Cyberespionage Campaign
Tags: cyberespionageThe post APT41 Unleashes Full Arsenal in Rare African Cyberespionage Campaign appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/apt41-unleashes-full-arsenal-in-rare-african-cyberespionage-campaign/
-
APT41 Hackers Exploiting Atexec and WmiExec Windows Modules for Malware Deployment
Kaspersky MDR analysts recently uncovered a sophisticated targeted attack by the Chinese-speaking cyberespionage group APT41 against government IT services in the African region, marking a notable escalation in the group’s activity on the continent, which had previously seen minimal incidents from this actor. The attackers embedded hardcoded names of internal services, IP addresses, and proxy…
-
Fancy Bear Hackers Target Governments and Military Entities with Advanced Tools
Tags: cyber, cyberespionage, cybersecurity, espionage, finance, government, group, hacker, military, russia, toolFancy Bear, designated as APT28 by cybersecurity experts, represents a sophisticated Russian cyberespionage collective operational since 2007, renowned for infiltrating governments, military organizations, and strategic entities globally. This group, also known under aliases such as Sofacy, Sednit, STRONTIUM, and Unit 26165, pursues motivations encompassing financial gain, reputational sabotage, espionage, and political agendas. Their operations frequently…