Tag: espionage

FBI Issues Updated Warning on Salt Typhoon’s Global Cyber-Espionage Operations

Aug 28, 2025 6:23 PM

Tags: china, cyber, espionage, government, group, hacker, infrastructure

The FBI has released new findings on a long-running cyber campaign that quietly infiltrated major U.S. telecommunications providers and critical infrastructure around the world. The campaign, carried out by a group of hackers linked to the Chinese government, is known as Salt Typhoon. According to federal officials, the operation has been active since at least……
Dutch intelligence agencies report country was targeted by Chinese cyber spies

Aug 28, 2025 2:23 PM

Tags: china, country, cyber, espionage, infrastructure, intelligence

The Netherlands announced on Thursday that it was targeted by a Chinese cyber-espionage campaign tracked as Salt Typhoon and RedMike that has been compromising critical infrastructure globally. First seen on therecord.media Jump to article: therecord.media/dutch-intelligence-cyber-spies-salt
Chinese Tech Firms Linked to Salt Typhoon Espionage Campaigns

Aug 28, 2025 12:23 PM

Tags: china, cyber, espionage

The US, UK and allies have called out China’s “commercial cyber ecosystem” for enabling large-scale Salt Typhoon campaigns First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-tech-firms-salt-typhoon/
An Espionage System: NSA, CISA, Partners Expose Chinese APT Groups

Aug 28, 2025 6:24 AM

Tags: apt, china, cisa, espionage, group

The post An Espionage System: NSA, CISA, Partners Expose Chinese APT Groups appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/an-espionage-system-nsa-cisa-partners-expose-chinese-apt-groups/
TAG-144: Actors Attacking Government Entities With New Tactics, Techniques, and Procedures

Aug 27, 2025 3:23 PM

Tags: apt, cyber, espionage, government, group, tactics, threat

The threat actor known as TAG-144, also referred to as Blind Eagle or APT-C-36, has been linked to five distinct activity clusters operating from May 2024 through July 2025, primarily targeting Colombian government entities at local, municipal, and federal levels. This cyber threat group, active since at least 2018, employs a sophisticated blend of cyber-espionage…
Google Threat Intelligence Exposes UNC6384’s Stealthy Espionage Campaign

Aug 27, 2025 5:23 AM

Tags: espionage, google, intelligence, threat

The post Google Threat Intelligence Exposes UNC6384’s Stealthy Espionage Campaign appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/google-threat-intelligence-exposes-unc6384s-stealthy-espionage-campaign/
China-Based Threat Actor Mustang Panda’s TTPs Leaked

Aug 26, 2025 9:23 PM

Tags: china, cyber, cybersecurity, data-breach, espionage, group, tactics, threat

A significant milestone for cybersecurity experts is the disclosure of specific tactics, methods, and procedures (TTPs) used by Mustang Panda, an advanced persistent threat (APT) group based in China, which has illuminated their intricate activities. First observed in 2017 but potentially active since 2014, Mustang Panda is a state-sponsored actor specializing in cyber espionage, targeting…
Chinese UNC6384 Hackers Use Valid Code-Signing Certificates to Evade Detection

Aug 26, 2025 12:54 PM

Tags: attack, china, cyber, detection, espionage, google, group, hacker, intelligence, tactics, threat

Google Threat Intelligence Group (GTIG) has uncovered a multifaceted cyber espionage operation attributed to the PRC-nexus threat actor UNC6384, believed to be associated with TEMP.Hex (also known as Mustang Panda). This campaign, aligned with China’s strategic interests, primarily targeted diplomats in Southeast Asia alongside global entities, employing advanced tactics such as adversary-in-the-middle (AitM) attacks, captive…
Pakistan-linked APT36 abuses Linux .desktop files to drop custom malware in new campaign

Aug 25, 2025 10:54 AM

Tags: apt, attack, data, defense, espionage, government, group, india, linux, malware, theft, threat

APT36 uses Linux .desktop files in new attacks on Indian gov & defense, aiming for data theft and persistent espionage access. Transparent Tribe (aka APT36, Operation C-Major, and Mythic Leopard), a Pakistan-linked threat actor, is using Linux .desktop files to load malware in new attacks against government and defense entities in India. The APT group…
Linux Under Attack: APT36 Launches New Cyber-Espionage Campaign on Indian Govt

Aug 25, 2025 5:54 AM

Tags: attack, cyber, espionage, government, india, linux

The post Linux Under Attack: APT36 Launches New Cyber-Espionage Campaign on Indian Govt appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/linux-under-attack-apt36-launches-new-cyber-espionage-campaign-on-indian-govt/
Cybersecurity Snapshot: Industrial Systems in Crosshairs of Russian Hackers, FBI Warns, as MITRE Updates List of Top Hardware Weaknesses

Aug 22, 2025 10:54 PM

Tags: access, ai, attack, automation, cisa, cisco, cloud, conference, control, credentials, cve, cyber, cybersecurity, data, data-breach, deep-fake, detection, docker, espionage, exploit, flaw, framework, fraud, google, government, group, guide, hacker, hacking, Hardware, identity, infrastructure, intelligence, Internet, iot, LLM, microsoft, mitigation, mitre, mobile, network, nist, risk, russia, scam, service, side-channel, software, strategy, switch, technology, threat, tool, update, vulnerability, vulnerability-management, windows

Check out the FBI’s alert on Russia-backed hackers infiltrating critical infrastructure networks via an old Cisco bug. Plus, MITRE dropped a revamped list of the most important critical security flaws. Meanwhile, NIST rolled out a battle plan against face-morphing deepfakes. And get the latest on the CIS Benchmarks and on vulnerability prioritization strategies! Here are…
China-nexus hacker Silk Typhoon targeting cloud environments

Aug 22, 2025 6:54 PM

Tags: china, citrix, cloud, espionage, exploit, flaw, group, hacker, zero-day

The state-linked espionage group has exploited zero-day flaws in Commvault and Citrix Netscaler, researchers say. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/china-hacker-silk-typhoon-cloud/758409/
China-nexus hacker Silk Typhoon targeting cloud environments

Aug 22, 2025 6:54 PM

Tags: china, citrix, cloud, espionage, exploit, flaw, group, hacker, zero-day

The state-linked espionage group has exploited zero-day flaws in Commvault and Citrix Netscaler, researchers say. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/china-hacker-silk-typhoon-cloud/758409/
Chinese Hackers Murky, Genesis, and Glacial Panda Escalate Cloud and Telecom Espionage

Aug 22, 2025 2:54 PM

Tags: access, breach, china, cloud, cyber, cybersecurity, espionage, group, hacker, malicious, vulnerability, zero-day

Cybersecurity researchers are calling attention to malicious activity orchestrated by a China-nexus cyber espionage group known as Murky Panda that involves abusing trusted relationships in the cloud to breach enterprise networks.”The adversary has also shown considerable ability to quickly weaponize N-day and zero-day vulnerabilities and frequently achieves initial access to their targets by First seen…
Malicious PDFs in Play: UAC-0057 Leveraging Invitations to Trigger Shell Script Attacks

Aug 22, 2025 11:54 AM

Tags: attack, cyber, espionage, malicious, threat, ukraine

The Belarusian-affiliated threat actor UAC-0057, also known as UNC1151, FrostyNeighbor, or Ghostwriter, has been using weaponized archives that contain phony PDFs that are posing as official invitations and documents to target organizations in Poland and Ukraine in a sophisticated cyber espionage campaign. Since April 2025, these operations have utilized compressed archives, such as RAR and…
The Imperative of Tunnel-Free Trusted Cloud Edge Architectures

Aug 21, 2025 10:54 PM

Tags: access, ai, attack, authentication, backup, business, china, cloud, communications, compliance, computing, control, corporate, cyber, cybersecurity, data, data-breach, defense, encryption, endpoint, espionage, finance, framework, GDPR, healthcare, HIPAA, identity, infrastructure, Internet, iot, malicious, military, mobile, network, office, PCI, privacy, radius, regulation, resilience, risk, service, software, strategy, technology, threat, tool, unauthorized, vpn, zero-trust
CrowdStrike warns of uptick in Silk Typhoon attacks this summer

Aug 21, 2025 8:54 PM

Tags: attack, china, crowdstrike, espionage, group, incident response

The China-affiliated espionage group, which CrowdStrike tracks as Murky Panda, has been linked to more than a dozen incident response cases since late spring. First seen on cyberscoop.com Jump to article: cyberscoop.com/crowdstrike-silk-typhoon-murky-panda-china-espionage/
Russian Hackers Hitting Critical Infrastructure, FBI Warns

Aug 21, 2025 5:54 PM

Tags: cisco, cyberespionage, espionage, exploit, government, group, hacker, infrastructure, intelligence, russia, vulnerability

State-Sponsored Espionage Group Tied to Exploits of No-Longer-Supported Cisco Gear. Russian intelligence hackers are using obsolete and unpatched equipment made by networking mainstay Cisco Systems to further stealthy and ongoing cyberespionage operations, the U.S. federal government warned Wednesday. Hackers exploit a vulnerability in the Smart Install feature of Cisco devices. First seen on govinfosecurity.com Jump…
Russian Espionage Group Static Tundra Targets Legacy Cisco Flaw

Aug 21, 2025 4:54 PM

Tags: cisco, espionage, exploit, flaw, group, hacker, russia, vulnerability

Russian state-backed hackers are exploiting a seven-year-old Cisco Smart Install vulnerability (CVE-2018-0171) in end-of-life devices, prompting warnings from the FBI and Cisco Talos First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-espionage-group-targets/
Russian hackers exploit old Cisco flaw to target global enterprise networks

Aug 21, 2025 2:56 PM

Tags: access, advisory, attack, business, cisco, control, credentials, cve, data, espionage, exploit, firmware, flaw, group, hacker, infrastructure, intelligence, malware, network, resilience, russia, service, software, threat, update, vulnerability

Six-year-old vulnerability still wreaking havoc: At the heart of this campaign lies CVE-2018-0171, a critical vulnerability that affected Cisco IOS software’s Smart Install feature and allowed unauthenticated remote attackers to execute arbitrary code or trigger denial-of-service conditions.Despite Cisco patching the flaw in 2018, Static Tundra continued exploiting unpatched devices, particularly those that reached end-of-life status,…
Russian Hackers Exploit 7-Year-Old Cisco Flaw to Steal Industrial System Configs

Aug 21, 2025 2:56 PM

Tags: cisco, cyber, data, espionage, exploit, flaw, group, hacker, intelligence, network, russia, threat

Static Tundra, a Russian state-sponsored threat actor connected to the FSB’s Center 16 unit, has been responsible for a sustained cyber espionage effort, according to information released by Cisco Talos. Operating for over a decade, this group specializes in compromising network devices to facilitate long-term intelligence gathering, with a focus on extracting configuration data from…
FBI: Russia-linked group Static Tundra exploit old Cisco flaw for espionage

Aug 21, 2025 10:54 AM

Tags: access, cisco, cyber, espionage, exploit, flaw, group, network, russia, threat, vulnerability

FBI warns FSB-linked group Static Tundra is exploiting a 7-year-old Cisco IOS/IOS XE flaw to gain persistent access for cyber espionage. The FBI warns that Russia-linked threat actor Static Tundra exploits Simple Network Management Protocol (SNMP) and end-of-life networking devices running an unpatched vulnerability (CVE-2018-0171) in Cisco Smart Install (SMI) to target organizations in the…
A Decade of Espionage: How a Russian APT Exploited Cisco Devices (CVE-2018-0171) for Years

Aug 21, 2025 5:54 AM

Tags: apt, cisco, espionage, exploit, russia

The post A Decade of Espionage: How a Russian APT Exploited Cisco Devices (CVE-2018-0171) for Years appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/a-decade-of-espionage-how-a-russian-apt-exploited-cisco-devices-cve-2018-0171-for-years/
Hack of North Korean Spy’s Computer Exposes 8.9 GB of Espionage Operations

Aug 21, 2025 5:54 AM

Tags: breach, china, computer, email, espionage, government, north-korea, phishing, spy

A North Korean spy’s computer was hacked, leaking phishing logs, stolen South Korean government email platform source code, and links to Chinese hackers. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-north-korea-spy-hack-espionage/
Russian state cyber group Static Tundra exploiting Cisco devices, FBI warns

Aug 20, 2025 9:54 PM

Tags: cisco, cyber, espionage, exploit, group, russia, vulnerability

A Russian cyber-espionage group is increasingly targeting unpatched Cisco networking devices through a vulnerability first discovered in 2018, the FBI warned. First seen on therecord.media Jump to article: therecord.media/russia-cisco-fsb-static-tundra
FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage

Aug 20, 2025 8:56 PM

Tags: access, attack, cisco, cyber, espionage, exploit, flaw, group, hacker, russia, software

A Russian state-sponsored cyber espionage group known as Static Tundra has been observed actively exploiting a seven-year-old security flaw in Cisco IOS and Cisco IOS XE software as a means to establish persistent access to target networks.Cisco Talos, which disclosed details of the activity, said the attacks single out organizations in telecommunications, higher education and…
Russian cyber group exploits seven-year-old network vulnerabilities for long-term espionage

Aug 20, 2025 5:54 PM

Tags: cyber, espionage, exploit, group, Internet, network, russia, software, vulnerability

The group, linked to FSB Center 16, has been scanning the internet for end-of-life software, which it has found in droves. First seen on cyberscoop.com Jump to article: cyberscoop.com/russian-static-tundra-hacks-cisco-network-devices-cve-2018-0171/
Russian state-sponsored espionage group Static Tundra compromises unpatched end-of-life network devices

Aug 20, 2025 3:54 PM

Tags: cisco, espionage, exploit, group, intelligence, network, russia, vulnerability

A Russian state-sponsored group, Static Tundra, is exploiting an old Cisco IOS vulnerability to compromise unpatched network devices worldwide, targeting key sectors for intelligence gathering. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/static-tundra/
Russian state-sponsored espionage group Static Tundra compromises unpatched end-of-life network devices

Aug 20, 2025 3:54 PM

Tags: cisco, espionage, exploit, group, intelligence, network, russia, vulnerability

A Russian state-sponsored group, Static Tundra, is exploiting an old Cisco IOS vulnerability to compromise unpatched network devices worldwide, targeting key sectors for intelligence gathering. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/static-tundra/
North Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ Firms

Aug 20, 2025 11:53 AM

Tags: attack, cyber, email, espionage, github, korea, north-korea, phishing, spear-phishing, threat

North Korean threat actors have been attributed to a coordinated cyber espionage campaign targeting diplomatic missions in their southern counterpart between March and July 2025.The activity manifested in the form of at least 19 spear-phishing emails that impersonated trusted diplomatic contacts with the goal of luring embassy staff and foreign ministry personnel with convincing meeting…