Tag: espionage
-
AI as Cyberattacker
From Anthropic: In mid-September 2025, we detected suspicious activity that later investigation determined to be a highly sophisticated espionage campaign. The attackers used AI’s “agentic” capabilities to an unprecedented degree”, using AI not just as an advisor, but to execute the cyberattacks themselves. The threat actor”, whom we assess with high confidence was a Chinese…
-
APT24 Deploys BADAUDIO in Years-Long Espionage Hitting Taiwan and 1,000+ Domains
A China-nexus threat actor known as APT24 has been observed using a previously undocumented malware dubbed BADAUDIO to establish persistent remote access to compromised networks as part of a nearly three-year campaign.”While earlier operations relied on broad strategic web compromises to compromise legitimate websites, APT24 has recently pivoted to using more sophisticated vectors targeting First…
-
APT24 Deploys BADAUDIO in Years-Long Espionage Hitting Taiwan and 1,000+ Domains
A China-nexus threat actor known as APT24 has been observed using a previously undocumented malware dubbed BADAUDIO to establish persistent remote access to compromised networks as part of a nearly three-year campaign.”While earlier operations relied on broad strategic web compromises to compromise legitimate websites, APT24 has recently pivoted to using more sophisticated vectors targeting First…
-
Inside Iran’s Cyber Objectives: What Do They Want?
The regime’s cyber-espionage strategy employs dual-use targeting, collecting info that can support both military needs and broader political objectives. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/iran-cyber-objectives
-
Google exposes BadAudio malware used in APT24 espionage campaigns
China-linked APT24 hackers have been using a previously undocumented malware called BadAudio in a three-year espionage campaign that recently switched to more sophisticated attack methods. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-exposes-badaudio-malware-used-in-apt24-espionage-campaigns/
-
Massive Hacking Operation WrtHug Compromises Thousands of ASUS Routers Worldwide
Your home router, the device connecting you to the internet, may have been silently compromised as part of a coordinated global espionage campaign. SecurityScorecard’s STRIKE team has uncovered Operation WrtHug. This massive hacking operation has infiltrated thousands of ASUS routers worldwide, establishing what appears to be a state-sponsored infrastructure for persistent network access and deep…
-
Massive Hacking Operation WrtHug Compromises Thousands of ASUS Routers Worldwide
Your home router, the device connecting you to the internet, may have been silently compromised as part of a coordinated global espionage campaign. SecurityScorecard’s STRIKE team has uncovered Operation WrtHug. This massive hacking operation has infiltrated thousands of ASUS routers worldwide, establishing what appears to be a state-sponsored infrastructure for persistent network access and deep…
-
China”‘linked PlushDaemon hijacks DNS via ‘EdgeStepper’ to weaponize software updates
Hijacked update to backdoor deployment: With the network device serving as a stealthy redirect, PlushDaemon then exploits the hijacked update channel to gain access to end-systems. ESET observed how typical victim software (such as a Chinese input-method application) issues an HTTP GET to its update server, but because DNS was hijacked, the request lands at…
-
Chinese APT Group Exploits DLL Sideloading to Breach Government and Media Targets
A China-nexus advanced persistent threat (APT) group has been conducting a sustained espionage campaign targeting government and media sectors across Southeast Asia, leveraging sophisticated DLL sideloading techniques as a primary attack vector. The threat actor, tracked as Autumn Dragon, has targeted multiple nations surrounding the South China Sea, including Indonesia, Singapore, the Philippines, Cambodia, and Laos,…
-
Iranian APT hacks helped direct missile strikes in Israel and the Red Sea
MuddyWater uses hacked CCTV cameras to help guide missiles: Amazon also found supporting threat intel evidence for another Iran-linked incident involving cyber espionage and missile strikes that has received some official confirmation.After the US strikes against Iran’s nuclear sites in June, Iran retaliated by launching a barrage of missiles against Israel, targeting cities such as…
-
How the classic anime ‘Ghost in the Shell’ predicted the future of cybersecurity 30 years ago
The story of the Ghost in the Shell’s main villain the Puppet Master hinted at a future where governments use hackers for espionage, at a time when most of the world had never connected to the internet. First seen on techcrunch.com Jump to article: techcrunch.com/2025/11/19/how-the-classic-anime-ghost-in-the-shell-predicted-the-future-of-cybersecurity-30-years-ago/
-
PlushDaemon Hackers Unleash New Malware in China-Aligned Spy Campaigns
The cyber espionage group uses a previously undocumented network implant to drop two downloaders, LittleDaemon and DaemonLogistics, which deliver a backdoor First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/plushdaemon-new-malware-china-spy/
-
Tens of thousands more ASUS routers pwned by suspected, evolving China operation
Researchers say attacks are laying the groundwork for stealthy espionage activity First seen on theregister.com Jump to article: www.theregister.com/2025/11/19/thousands_more_asus_routers_pwned/
-
Anthropic Disruption of an AI-Run Attack and What It Means for Agentic Identity
4 min readAnthropic’s recent disclosure of an AI-driven espionage campaign it halted represents less a new class of attack than a faster, more persistent version of patterns the industry has seen before. What distinguishes this incident is the continuity of activity an autonomous system can sustain once it is given the ability to interpret its…
-
Anthropic AI-powered cyberattack causes a stir
Tags: ai, attack, china, cyber, cyberattack, cybersecurity, espionage, finance, government, group, hacking, programming, technology, toolAI “‹”‹company Anthropic recently announced that companies worldwide have been attacked by an AI-powered cyber espionage campaign. It is purported to be the first publicly documented case of a cyberattack carried out by an AI model.According to the research report, around 30 organizations worldwide were affected by the attacks. These included large technology companies, financial institutions,…
-
Iranian Hackers Use DEEPROOT and TWOSTROKE Malware in Aerospace and Defense Attacks
Suspected espionage-driven threat actors from Iran have been observed deploying backdoors like TWOSTROKE and DEEPROOT as part of continued attacks aimed at aerospace, aviation, and defense industries in the Middle East.The activity has been attributed by Google-owned Mandiant to a threat cluster tracked as UNC1549 (aka Nimbus Manticore or Subtle Snail), which was first documented…
-
UNC1549 Hackers With Custom Tools Attacking Aerospace and Defense Systems to Steal Logins
The Iran-nexus cyber espionage group UNC1549 has significantly expanded its arsenal of custom tools and sophisticated attack techniques in an ongoing campaign targeting aerospace, aviation, and defense industries since mid-2024, according to new findings from Mandiant. The threat actor, which overlaps with Tortoiseshell and has suspected links to Iran’s Islamic Revolutionary Guard Corps (IRGC), demonstrates…
-
Anthropic: China-backed hackers launch first large-scale autonomous AI cyberattack
China-linked actors used Anthropic’s AI to automate and run cyberattacks in a sophisticated 2025 espionage campaign using advanced agentic tools. China-linked threat actors used Anthropic’s AI to automate and execute cyberattacks in a highly sophisticated espionage campaign in September 2025. The cyber spies leveraged advanced “agentic” capabilities rather than using AI only for guidance. Attackers…
-
Chinese state hackers used Anthropic AI systems in dozens of attacks
Artificial intelligence giant Anthropic found that a Chinese espionage group used the company’s AI systems to handle the majority of tasks during cyberattacks on about 30 entities, several of which were successfully breached. First seen on therecord.media Jump to article: therecord.media/chinese-hackers-anthropic-cyberattacks
-
Inside the First AI-Driven Cyber Espionage Campaign
Anthropic uncovered the first large-scale cyber espionage campaign powered largely by autonomous AI. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/inside-the-first-ai-driven-cyber-espionage-campaign/
-
Anthropic claims of Claude AI-automated cyberattacks met with doubt
Anthropic reports that a Chinese state-sponsored threat group, tracked as GTG-1002, carried out a cyber-espionage operation that was largely automated through the abuse of the company’s Claude Code AI model. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/anthropic-claims-of-claude-ai-automated-cyberattacks-met-with-doubt/
-
Inside the First AI-Driven Cyber Espionage Campaign
Anthropic uncovered the first large-scale cyber espionage campaign powered largely by autonomous AI. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/inside-the-first-ai-driven-cyber-espionage-campaign/
-
Anthropic warns state-linked actor abused its AI tool in sophisticated espionage campaign
Researchers said a China-backed adversary conducted powerful attacks with almost no human intervention.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/anthropic-state-actor-ai-tool-espionage/805550/
-
Chinese State Hackers Jailbroke Claude AI Code for Automated Breaches
Anthropic, the developer behind Claude AI, says a Chinese state sponsored group used its model to automate most of a cyber espionage operation against about 30 companies with Claude handling up to 90% of the technical work. First seen on hackread.com Jump to article: hackread.com/chinese-hackers-jailbroke-claude-ai-breaches/
-
Iranian Hackers Launch ‘SpearSpecter’ Spy Operation on Defense & Government Targets
The Iranian state-sponsored threat actor known as APT42 has been observed targeting individuals and organizations that are of interest to the Islamic Revolutionary Guard Corps (IRGC) as part of a new espionage-focused campaign.The activity, detected in early September 2025 and assessed to be ongoing, has been codenamed SpearSpecter by the Israel National Digital Agency (INDA).”The…
-
Chinese Hackers Use Anthropic’s AI to Launch Automated Cyber Espionage Campaign
State-sponsored threat actors from China used artificial intelligence (AI) technology developed by Anthropic to orchestrate automated cyber attacks as part of a “highly sophisticated espionage campaign” in mid-September 2025.”The attackers used AI’s ‘agentic’ capabilities to an unprecedented degree using AI not just as an advisor, but to execute the cyber attacks themselves,” the AI upstart…
-
Emulating the Espionage-Oriented Group SideWinder
Tags: attack, cyber, espionage, exploit, government, group, microsoft, military, office, phishing, spear-phishing, threat, vulnerabilityAttackIQ has released a new attack graph that emulates the behaviors exhibited by SideWinder, a threat actor with a long history of cyber espionage dating back to 2012. The group has primarily targeted government, military, and maritime sectors across South Asia and nearby regions through sophisticated spear-phishing campaigns, exploitation of Microsoft Office vulnerabilities, and the…
-
Emulating the Espionage-Oriented Group SideWinder
Tags: attack, cyber, espionage, exploit, government, group, microsoft, military, office, phishing, spear-phishing, threat, vulnerabilityAttackIQ has released a new attack graph that emulates the behaviors exhibited by SideWinder, a threat actor with a long history of cyber espionage dating back to 2012. The group has primarily targeted government, military, and maritime sectors across South Asia and nearby regions through sophisticated spear-phishing campaigns, exploitation of Microsoft Office vulnerabilities, and the…