Tag: cyberespionage
-
APT41 Uses Google Calendar as Covert C2 in Stealthy Cyberespionage Campaign
In an example of cloud service abuse, Google Threat Intelligence Group (GTIG) has uncovered a new APT41 campaign First seen on securityonline.info Jump to article: securityonline.info/apt41-uses-google-calendar-as-covert-c2-in-stealthy-cyberespionage-campaign/
-
Staatlich unterstützte Hackergruppe TA406 – Nordkoreanische Cyberspionage in der Ukraine
First seen on security-insider.de Jump to article: www.security-insider.de/nordkorea-cyberangriffe-ukraine-hackergruppe-ta406-a-6caace65608b32dd6fc70ce3ca08621c/
-
Trojanized Word files harnessed in new Russian cyberespionage campaign
First seen on scworld.com Jump to article: www.scworld.com/brief/trojanized-word-files-harnessed-in-new-russian-cyberespionage-campaign
-
Void Blizzard: New Russian Cyberespionage Group Targets NATO and Ukraine
Microsoft Threat Intelligence has identified a cyberespionage campaign by a newly recognized Russia-affiliated actor named Void Blizzard, also First seen on securityonline.info Jump to article: securityonline.info/void-blizzard-new-russian-cyberespionage-group-targets-nato-and-ukraine/
-
Microsoft Alerts on Void Blizzard Hackers Targeting Telecommunications and IT Sectors
Microsoft Threat Intelligence Center (MSTIC) has issued a critical warning about a cluster of global cloud abuse activities orchestrated by a threat actor tracked as Void Blizzard, also known as LAUNDRY BEAR. Assessed with high confidence to be Russia-affiliated, Void Blizzard has been active since at least April 2024, focusing its cyberespionage operations on NATO…
-
Ivanti EPMM flaws leveraged in global Chinese cyberespionage attacks
First seen on scworld.com Jump to article: www.scworld.com/brief/ivanti-epmm-flaws-leveraged-in-global-chinese-cyberespionage-attacks
-
Russian Hackers Target Western Firms Aiding Ukraine, Spy on Shipments
Russian military hackers are targeting Western firms aiding Ukraine, using cyberespionage to infiltrate logistics networks and spy on arms shipments. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/russian-hackers-target-western-firms/
-
Russia-linked APT28 targets western logistics entities and technology firms
CISA warns Russia-linked group APT28 is targeting Western logistics and tech firms aiding Ukraine, posing an elevated threat to supply chains Russia-linked cyberespionage group APT28 intensifies its operations against Western logistics and technology companies moving supplies into Ukraine, US CISA warns. TheAPT28group (akaFancy Bear,Pawn Storm,Sofacy Group,Sednit,BlueDelta, andSTRONTIUM)has been active since at least 2007 and it…
-
Russian hackers breach orgs to track aid routes to Ukraine
A Russian state-sponsored cyberespionage campaign attributed to APT28 (Fancy Bear/Forest Blizzard) hackers has been targeting and compromising international organizations since 2022 to disrupt aid efforts to Ukraine. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-hackers-breach-orgs-to-track-aid-routes-to-ukraine/
-
Mass federal worker layoffs exploited by Chinese cyberespionage campaign
First seen on scworld.com Jump to article: www.scworld.com/brief/mass-federal-worker-layoffs-exploited-by-chinese-cyberespionage-campaign
-
Global government webmail servers targeted by Russian cyberespionage operation
First seen on scworld.com Jump to article: www.scworld.com/brief/global-government-webmail-servers-targeted-by-russian-cyberespionage-operation
-
Operation RoundPress: Sednit Weaponizes XSS to Breach Global Webmail Servers
ESET researchers have exposed a covert cyberespionage campaign, dubbed Operation RoundPress, believed to be orchestrated by the Russia-aligned First seen on securityonline.info Jump to article: securityonline.info/operation-roundpress-sednit-weaponizes-xss-to-breach-global-webmail-servers/
-
After helping Russia on the ground North Korea targets Ukraine with cyberespionage
Tags: credentials, cyber, cyberespionage, email, government, hacker, identity, intelligence, korea, microsoft, north-korea, phishing, resilience, risk, russia, ukraineCredential harvesting: Before the phishing emails, the same Ukrainian government entities were targeted with email alerts impersonating Microsoft and claiming unusual sign-in activity was detected on their accounts. The victims were asked to perform identity verification by clicking on a button, which took them to credential harvesting pages.The Proofpoint researchers didn’t manage to obtain any…
-
Government webmail hacked via XSS bugs in global spy campaign
Hackers are running a worldwide cyberespionage campaign dubbed ‘RoundPress,’ leveraging zero-day and n-day flaws in webmail servers to steal email from high-value government organizations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/government-webmail-hacked-via-xss-bugs-in-global-spy-campaign/
-
Russian Hackers Exploit XSS Vulnerabilities to Inject Malicious Code into Email Servers
Tags: blizzard, cyber, cyberespionage, cybersecurity, email, exploit, group, hacker, malicious, russia, vulnerability, xssA sophisticated cyberespionage campaign, dubbed Operation RoundPress, has been uncovered by cybersecurity researchers at ESET. Attributed with medium confidence to the Russian-linked Sednit group-also known as APT28, Fancy Bear, and Forest Blizzard-this operation targets high-value webmail servers using cross-site scripting (XSS) vulnerabilities. Active since at least 2004, Sednit has a notorious history, including alleged involvement…
-
Turkish Group Hacks Zero-Day Flaw to Spy on Kurdish Forces
Tags: credentials, cyberespionage, exploit, flaw, group, malware, microsoft, military, mitigation, spy, theft, zero-dayMicrosoft Researchers Link Turkish Spy Group to Output Messenger Zero-Day Hack. A Turkish-linked cyberespionage group known as Marbled Dust exploited a zero-day in the Output Messenger Server Manager application to spy on Kurdish military operations in Iraq. Microsoft reported the hack and called for immediate mitigation to block credential theft and malware delivery. First seen…
-
Output Messenger zero-day leveraged in ongoing cyberespionage campaign
First seen on scworld.com Jump to article: www.scworld.com/brief/output-messenger-zero-day-leveraged-in-ongoing-cyberespionage-campaign
-
North Korea Targets Ukraine With Cyberespionage Operations
Tags: cyber, cyberespionage, cybersecurity, hacker, intelligence, korea, north-korea, phishing, risk, ukrainePhishing Campaigns Appear to Be Solely Intelligence-Gathering for DPRK Leadership. North Korea nation-state hackers appear to have entered the Ukrainian cyber operations fray, albeit solely for cyberespionage purposes for gathering intelligence to help North Korean leadership determine the current risk to its forces already in the theater, cybersecurity researchers report. First seen on govinfosecurity.com Jump…
-
Output Messenger flaw exploited as zero-day in espionage attacks
A Türkiye-backed cyberespionage group exploited a zero-day vulnerability to attack Output Messenger users linked to the Kurdish military in Iraq. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/output-messenger-flaw-exploited-as-zero-day-in-espionage-attacks/
-
Russia-linked ColdRiver used LostKeys malware in recent attacks
Tags: apt, attack, cyberespionage, espionage, google, government, group, intelligence, malware, russia, threatSince early 2025, Russia-linked ColdRiver has used LostKeys malware to steal files in espionage attacks on Western governments and organizations. Google’s Threat Intelligence Group discovered LOSTKEYS, a new malware used by Russia-linked APT COLDRIVER, in recent attacks to steal files and gather system info. TheColdRiverAPT (aka “Seaborgium”, “Callisto”, “Star Blizzard”,”TA446″) is a Russian cyberespionage group…
-
Iranian Hackers Posing as Model Agency to Target Victims
Unit 42, the threat intelligence arm of Palo Alto Networks, has exposed a covert operation likely orchestrated by Iranian cyber actors. The campaign involves a fraudulent website, megamodelstudio[.]com, meticulously designed to impersonate the Hamburg-based Mega Model Agency. Cyberespionage Campaign Uncovered Registered on February 18, 2025, and hosted at IP address 64.72.205[.]32 since March 1, 2025,…
-
NSO Group Ordered to Pay $168 Million to WhatsApp in US Spyware Verdict
A federal jury in California has ordered Israeli spyware maker NSO Group to pay approximately $168 million in damages to WhatsApp. The verdict, delivered on Tuesday, represents a pivotal victory in the ongoing global battle against commercial cyberespionage and sets a new precedent for the accountability of spyware vendors. The ruling concludes a six-year legal…
-
Iranian Hackers Breach Middle East Infrastructure
Tags: breach, credentials, cyberespionage, fortinet, group, hacker, infrastructure, iran, middle-east, network, technology, theft, threatFortinet Uncovers Long-Term Cyberespionage in Region. An Iranian state-sponsored threat group conducted a years-long cyberespionage campaign targeting a Middle East critical infrastructure provider, with its operational technology network a key target. The attackers focused reconnaissance activity and credential theft on the OT network. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/iranian-hackers-breach-middle-east-infrastructure-a-28284
-
SentinelOne warns of threat actors targeting its systems and high-value clients
SentinelOne warns China-linked APT group PurpleHaze attempted reconnaissance on its systems and high-value clients. Cybersecurity firm SentinelOne warns that a China-linked APT group, tracked as PurpleHaze, attempted to conduct reconnaissance on its infrastructure and high-value clients. The activity suggests targeted cyberespionage efforts aimed at gathering information for potential future attacks. SentinelOne first identified PurpleHaze’s activity…
-
Enterprise-specific zero-day exploits on the rise, Google warns
Tags: access, apple, apt, attack, china, cisco, cloud, crime, crimes, cyberespionage, detection, endpoint, exploit, finance, flaw, google, group, Hardware, incident response, injection, Internet, ivanti, korea, lessons-learned, mandiant, microsoft, mitigation, network, north-korea, remote-code-execution, russia, service, strategy, technology, threat, tool, update, vpn, vulnerability, zero-daySurge in network edge device exploitation: Of the 33 zero-day vulnerabilities in enterprise-specific products, 20 targeted hardware appliances typically located at the network edge, such as VPNs, security gateways, and firewalls. Notable targets last year included Ivanti Cloud Services Appliance, Palo Alto Networks’ PAN-OS, Cisco Adaptive Security Appliance, and Ivanti Connect Secure VPN.Targeted attacks against…
-
Earth Kurma APT Targets Southeast Asia with Stealthy Cyberespionage
In a newly released report, Trend Research has unveiled the operations of an advanced persistent threat (APT) group, First seen on securityonline.info Jump to article: securityonline.info/earth-kurma-apt-targets-southeast-asia-with-stealthy-cyberespionage/
-
China-linked BRICKSTORM backdoor involved in Europe-targeted cyberespionage
First seen on scworld.com Jump to article: www.scworld.com/brief/china-linked-brickstorm-backdoor-involved-in-europe-targeted-cyberespionage
-
Breach Roundup: Cyber Insurance Market Set to Double by 2030
Also, a ‘Perfect Tool’ for Cyberespionage and EU Stocks Up on Burner Phones. This week, the cyber insurance market could double, Europe to use burner phones in the U.S., a BPFDoor campaign, Alcasec faces Spanish prison, a Thai harassment campaign and charges in Taiwan for a Chinese captain. China stonewalled a Swedish cable cutting investigation.…