Tag: espionage

Confucius Hacker Group Weaponizes Documents to Infect Windows Systems with AnonDoor Malware

Oct 3, 2025 8:41 AM

Tags: attack, backdoor, cyber, email, espionage, group, hacker, hacking, malware, phishing, social-engineering, tactics, windows

The Confucius hacking group, a long-running cyber-espionage operation with suspected state-sponsored ties, has significantly evolved its attack methodologies over the past year, transitioning from document stealers like WooperStealer to sophisticated Python-based backdoors including AnonDoor malware. The December 2024 campaign demonstrated Confucius’ refined social engineering tactics, utilizing phishing emails with weaponized PowerPoint presentations (Document.ppsx) that displayed…
Confucius APT Evolves: Espionage Group Shifts from WooperStealer to Advanced Python Backdoor AnonDoor

Oct 3, 2025 5:41 AM

Tags: apt, backdoor, espionage, group

The post Confucius APT Evolves: Espionage Group Shifts from WooperStealer to Advanced Python Backdoor AnonDoor appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/confucius-apt-evolves-espionage-group-shifts-from-wooperstealer-to-advanced-python-backdoor-anondoor/
Confucius Shifts from Document Stealers to Python Backdoors

Oct 2, 2025 4:41 PM

Tags: backdoor, cyber, espionage, group, tactics

The Confucius cyber-espionage group has shifted its tactics from document-focused stealers to Python-based backdoors like AnonDoor First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/confucius-shifts-doc-stealers/
China-linked APT Phantom Taurus uses Net-Star malware in espionage campaigns against key sectors

Oct 2, 2025 10:41 AM

Tags: apt, china, espionage, government, malware, middle-east, tactics

China-linked APT Phantom Taurus targets government and telecom orgs with Net-Star malware for espionage, using unique tactics over two years. China-nexus APT Phantom Taurus has targeted government and telecom organizations for espionage, using Net-Star malware and distinct TTPs. Phantom Taurus is a previously undocumented Chinese APT, it has targeted entities in Africa, the Middle East,…
New Chinese Nexus APT Group Targeting Organizations to Deploy NET-STAR Malware Suite

Sep 30, 2025 5:08 PM

Tags: apt, china, cyber, espionage, government, group, malware, middle-east, threat

China-linked advanced persistent threat (APT) group Phantom Taurus has intensified espionage operations against government and telecommunications targets across Africa, the Middle East, and Asia, deploying a newly discovered .NET malware suite called NET-STAR. First tracked by Unit 42 in June 2023 as cluster CL-STA-0043 and temporarily designated TGR-STA-0043 (Operation Diplomatic Specter) in May 2024, the…
Two Dutch Teenagers Arrested for Wi-Fi Sniffing Activities

Sep 29, 2025 9:09 AM

Tags: cyber, cybersecurity, espionage, russia, wifi

Dutch authorities have arrested two 17-year-old boys on suspicion of >>state interference
RedNovember: Chinese APT Expands Global Espionage to U.S. Defense, Aerospace, and Tech Firms

Sep 29, 2025 5:08 AM

Tags: apt, china, defense, espionage

The post RedNovember: Chinese APT Expands Global Espionage to U.S. Defense, Aerospace, and Tech Firms appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/rednovember-chinese-apt-expands-global-espionage-to-u-s-defense-aerospace-and-tech-firms/
Russia-Linked COLDRIVER Group Expands Toolset, Using New Malware in ClickFix Espionage Campaign

Sep 29, 2025 5:08 AM

Tags: espionage, group, malware, russia

The post Russia-Linked COLDRIVER Group Expands Toolset, Using New Malware in ClickFix Espionage Campaign appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/russia-linked-coldriver-group-expands-toolset-using-new-malware-in-clickfix-espionage-campaign/
Cisco Firewall and VPN Zero Day Attacks: CVE-2025-20333 and CVE-2025-20362

Sep 27, 2025 4:08 PM

Tags: access, advisory, ai, attack, authentication, awareness, backdoor, best-practice, breach, china, cisa, cisco, cloud, compliance, control, cve, cyber, cybersecurity, data, data-breach, defense, encryption, endpoint, espionage, exploit, firewall, firmware, flaw, group, Hardware, identity, infrastructure, Internet, Intruder, login, malicious, malware, mfa, mitigation, monitoring, network, password, phishing, PurpleTeam, radius, risk, risk-assessment, service, software, technology, theft, threat, training, unauthorized, update, vpn, vulnerability, zero-day, zero-trust

IntroductionOn September 25, 2025, Cisco released a security advisory to patch three security flaws impacting the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) and Cisco Secure Firewall Threat Defense (FTD) software, which have been exploited in the wild. These three vulnerabilities are tracked as CVE-2025-20333, CVE-2025-20362, and CVE-2025-20363. The sophisticated state-sponsored campaign has been…
Salt Typhoon: China’s State-Sponsored Espionage Group Infiltrates Global Telecoms for Long-Term Cyber Warfare

Sep 27, 2025 5:08 AM

Tags: china, cyber, espionage, group, warfare

The post Salt Typhoon: China’s State-Sponsored Espionage Group Infiltrates Global Telecoms for Long-Term Cyber Warfare appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/salt-typhoon-chinas-state-sponsored-espionage-group-infiltrates-global-telecoms-for-long-term-cyber-warfare/
CVE-2025-20333, CVE-2025-20362: Frequently Asked Questions About Zero-Day Cisco Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) Vulnerabilities

Sep 26, 2025 6:16 AM

Tags: access, advisory, attack, cisco, cve, cyber, defense, espionage, exploit, firewall, group, malicious, malware, mitigation, network, remote-code-execution, service, software, threat, unauthorized, update, vpn, vulnerability, zero-day

Cisco published advisories and a supplemental post about three zero-day vulnerabilities, two of which were exploited in the wild by an advanced threat actor associated with the ArcaneDoor campaign. Update September 25: This FAQ blog has been updated to include a reference to an NCSC report on associated malware linked to this campaign. View Change…
CVE-2025-20333, CVE-2025-20362: Frequently Asked Questions About Zero-Day Cisco Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) Vulnerabilities

Sep 26, 2025 6:16 AM

Tags: access, advisory, attack, cisco, cve, cyber, defense, espionage, exploit, firewall, group, malicious, malware, mitigation, network, remote-code-execution, service, software, threat, unauthorized, update, vpn, vulnerability, zero-day

Cisco published advisories and a supplemental post about three zero-day vulnerabilities, two of which were exploited in the wild by an advanced threat actor associated with the ArcaneDoor campaign. Update September 25: This FAQ blog has been updated to include a reference to an NCSC report on associated malware linked to this campaign. View Change…
New Chinese Espionage Hacking Group Uncovered

Sep 26, 2025 12:16 AM

Tags: china, cybersecurity, espionage, group, hacking, threat

‘RedNovember’ Has Hacked Organizations in the US, Asia and Europe. A hacking group associated with widespread compromise of edge devices is a Chinese-state-aligned group, says cybersecurity firm Recorded Future. The firm says the threat actor, which it now tracks as RedNovember, is highly likely a Chinese state-sponsored threat activity group. First seen on govinfosecurity.com Jump…
CISA alerts federal agencies of widespread attacks using Cisco zero-days

Sep 25, 2025 10:16 PM

Tags: attack, cisa, cisco, espionage, zero-day

Cisco said it was investigating state-sponsored espionage attacks in May. CISA did not explain why it waited four months to issue an emergency directive. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisa-emergency-directive-cisco-zero-days/
Chinese APT Drops ‘Brickstorm’ Backdoors on Edge Devices

Sep 25, 2025 10:16 PM

Tags: apt, backdoor, china, cyber, edr, espionage, group, network

The China-linked cyber-espionage group UNC5221 is compromising network appliances that cannot run traditional EDR agents to deploy new versions of the Brickstorm backdoor. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/chinese-apt-brickstorm-backdoors-edge-devices
RedNovember Hackers Targeting Government and Tech Organizations to Install Backdoor

Sep 25, 2025 5:16 PM

Tags: backdoor, china, cyber, data-breach, espionage, government, group, hacker, threat

In July 2024, Recorded Future’s Insikt Group publicly exposed TAG-100, a cyber-espionage campaign leveraging the Go-based backdoor Pantegana against high-profile government, intergovernmental and private organizations worldwide. New evidence now attributes TAG-100 to a Chinese state-sponsored threat actor, designated RedNovember. Between June 2024 and July 2025, RedNovember”, overlapping with Storm-2077″, has expanded its operations to target…
Chinese State-Sponsored Hackers Targeting Telecommunications Infrastructure to Steal Sensitive Data

Sep 25, 2025 5:16 PM

Tags: china, communications, cyber, data, espionage, exploit, group, hacker, infrastructure, intelligence, network, threat

Chinese state-sponsored cyber threat group Salt Typhoon has intensified long-term espionage operations against global telecommunications infrastructure, according to recent legal and intelligence reporting. Aligned with the Ministry of State Security (MSS) and active since at least 2019, Salt Typhoon has systematically exploited network edge devices to establish deep persistence and exfiltrate highly sensitive communications metadata,…
Chinese State-Sponsored Hackers Targeting Telecommunications Infrastructure to Steal Sensitive Data

Sep 25, 2025 5:16 PM

Tags: china, communications, cyber, data, espionage, exploit, group, hacker, infrastructure, intelligence, network, threat

Chinese state-sponsored cyber threat group Salt Typhoon has intensified long-term espionage operations against global telecommunications infrastructure, according to recent legal and intelligence reporting. Aligned with the Ministry of State Security (MSS) and active since at least 2019, Salt Typhoon has systematically exploited network edge devices to establish deep persistence and exfiltrate highly sensitive communications metadata,…
Iranian APT >>Nimbus Manticore<< Intensifies Cyber Espionage in Europe

Sep 24, 2025 5:16 AM

Tags: apt, cyber, espionage, iran

The post Iranian APT >>Nimbus Manticore
Iranian Hacking Group Nimbus Manticore Expands European Targeting

Sep 23, 2025 5:16 PM

Tags: cyber, defense, espionage, group, hacking, iran

Nimbus Manticore intensified European cyber-espionage, targeting aerospace, telecom, defense sectors First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/iran-nimbus-manticore-european/
Subtle Snail: Iran-Linked Espionage Campaign Targets European Telecom, Aerospace, and Defense

Sep 23, 2025 5:16 AM

Tags: defense, espionage, iran

The post Subtle Snail: Iran-Linked Espionage Campaign Targets European Telecom, Aerospace, and Defense appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/subtle-snail-iran-linked-espionage-campaign-targets-european-telecom-aerospace-and-defense/
Subtle Snail Impersonation Tactics: How HR Representatives Can Engage Employees to Steal Login Credentials

Sep 22, 2025 2:15 PM

Tags: attack, credentials, cyber, defense, espionage, group, iran, login, network, tactics

Subtle Snail, an Iran-linked espionage group also tracked as UNC1549 under the Unyielding Wasp (Tortoiseshell) umbrella of the Charming Kitten network, has shifted its focus to European telecom, aerospace, and defense firms since June 2022. In a recent wave of attacks, the group compromised 34 devices across 11 organizations by masquerading as human resources representatives…
MI6 Opens Dark Web Portal >>Silent Courier<< for Russians to Share Secrets

Sep 22, 2025 10:16 AM

Tags: dark-web, espionage, russia, spy

The UK’s spy agency, MI6, has launched a new dark web portal called Silent Courier to securely recruit agents worldwide, particularly from Russia. Learn how this shift to the dark web marks a new era in modern espionage and national security. First seen on hackread.com Jump to article: hackread.com/mi6-dark-web-portal-silent-courier-russia-secrets/
Pentagon Bans China-Based Engineers Over Hacking Concerns

Sep 21, 2025 10:16 PM

Tags: china, cloud, espionage, hacking, risk, supply-chain

The Pentagon bans China-based staff from cloud work after reports warn of espionage risks and urge tighter supply chain security. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/pentagon-bans-china-based-engineers-over-hacking-concerns/
UNC1549 Hacks 34 Devices in 11 Telecom Firms via LinkedIn Job Lures and MINIBIKE Malware

Sep 19, 2025 7:15 PM

Tags: cyber, cybersecurity, espionage, group, iran, jobs, linkedin, malware

An Iran-nexus cyber espionage group known as UNC1549 has been attributed to a new campaign targeting European telecommunications companies, successfully infiltrating 34 devices across 11 organizations as part of a recruitment-themed activity on LinkedIn.Swiss cybersecurity company PRODAFT is tracking the cluster under the name Subtle Snail. It’s assessed to be affiliated with Iran’s Islamic First…
Russian State Hackers Collaborate in Attacks Against Ukraine

Sep 19, 2025 4:16 PM

Tags: attack, espionage, group, hacker, russia, tool, ukraine

ESET found that the FSB-affiliated groups, Gamaredon and Turla, are sharing tools to help conduct espionage attacks against Ukrainian organizations First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-state-hackers-collaborate/
Russian CopyCop Network Expands: 200+ Fake News Sites Target US, Canada, and France

Sep 18, 2025 11:15 AM

Tags: cyber, disinformation, espionage, network, russia

The Russian covert influence network known as CopyCop has significantly expanded its disinformation operations, creating over 200 new fake websites since March 2025 to target audiences in the United States, France, and Canada. Digital fingerprint over the Russian flag symbolizing Russian GRU cyber espionage and influence operations This dramatic escalation represents the largest documented expansion…
China-linked APT41 targets government, think tanks, and academics tied to US-China trade and policy

Sep 17, 2025 11:15 PM

Tags: attack, china, cyber, espionage, government, group, phishing

China-linked group APT41 impersonated a U.S. lawmaker in phishing attacks on government, think tanks, and academics tied to US-China trade and policy. Proofpoint observed China-linked cyber espionage group APT41 impersonating a U.S. lawmaker in a phishing campaign targeting government, think tanks, and academics tied to U.S.-China trade and policy. APT41, known also as Amoeba, BARIUM,…
China-Aligned TA415 Exploits Google Sheets Calendar for C2

Sep 17, 2025 3:16 PM

Tags: china, cloud, control, cyber, detection, espionage, exploit, google, government, hacker, intelligence, malicious, service

China-aligned TA415 hackers have adopted Google Sheets and Google Calendar as covert command-and-control (C2) channels in a sustained espionage campaign targeting U.S. government, academic, and think tank entities. By blending malicious operations into trusted cloud services, TA415 aims to evade detection and harvest intelligence on evolving U.S.China economic policy discussions. Throughout July and August 2025,…
China-Aligned TA415 Exploits Google Sheets Calendar for C2

Sep 17, 2025 3:16 PM

Tags: china, cloud, control, cyber, detection, espionage, exploit, google, government, hacker, intelligence, malicious, service

China-aligned TA415 hackers have adopted Google Sheets and Google Calendar as covert command-and-control (C2) channels in a sustained espionage campaign targeting U.S. government, academic, and think tank entities. By blending malicious operations into trusted cloud services, TA415 aims to evade detection and harvest intelligence on evolving U.S.China economic policy discussions. Throughout July and August 2025,…