Tag: espionage

New Iranian-Linked APT UNK_SmudgedSerpent Uses RMM Tools and M365 Spoofing for Espionage

Nov 6, 2025 5:19 AM

Tags: apt, espionage, iran, tool

The post New Iranian-Linked APT UNK_SmudgedSerpent Uses RMM Tools and M365 Spoofing for Espionage appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/new-iranian-linked-apt-unk_smudgedserpent-uses-rmm-tools-and-m365-spoofing-for-espionage/
New Iranian-Linked APT UNK_SmudgedSerpent Uses RMM Tools and M365 Spoofing for Espionage

Nov 6, 2025 5:19 AM

Tags: apt, espionage, iran, tool

The post New Iranian-Linked APT UNK_SmudgedSerpent Uses RMM Tools and M365 Spoofing for Espionage appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/new-iranian-linked-apt-unk_smudgedserpent-uses-rmm-tools-and-m365-spoofing-for-espionage/
APT60 Targets Japan: New SpyGlace Malware Uses VHDX LNK and GitHub Tasking for Persistent Espionage

Nov 6, 2025 5:19 AM

Tags: apt, espionage, github, malware

The post APT-C-60 Targets Japan: New SpyGlace Malware Uses VHDX LNK and GitHub Tasking for Persistent Espionage appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/apt-c-60-targets-japan-new-spyglace-malware-uses-vhdx-lnk-and-github-tasking-for-persistent-espionage/
Russia-linked ‘Curly COMrades’ turn to malicious virtual machines for digital spy campaigns

Nov 5, 2025 3:19 PM

Tags: cyber, detection, espionage, hacker, malicious, russia, spy

A cyber-espionage operation installed lightweight virtual machines to evade detection, researchers said, in the latest sign of Russia-linked hackers adapting their tactics. First seen on therecord.media Jump to article: therecord.media/virtual-machines-cyber-espionage-russia-linked-curly-comrades
Silent Lynx APT New Attack Targeting Governmental Employees Posing as Officials

Nov 5, 2025 7:19 AM

Tags: apt, attack, cyber, espionage, government, group, phishing, spear-phishing, threat

Seqrite Labs’ APT Team has documented fresh campaigns from Silent Lynx, a sophisticated threat actor group known for orchestrating spear-phishing operations that impersonate government officials to target diplomatic and governmental employees across Central Asia. The group, also tracked under aliases including YoroTrooper, Sturgeon Phisher, and Cavalry Werewolf, continues its espionage-focused activities with minimal operational security…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Cyber-espionage campaign mirroring Sandworm TTPs hit Russian and Belarusian military

Nov 3, 2025 2:19 PM

Tags: cyber, espionage, military, phishing, russia, spear-phishing

A spear-phishing campaign aimed to compromise Russian and Belarusian military personnel by using military-themed documents as a lure has been flagged by Cyble and Seqrite … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/03/russian-belarusian-military-spear-phishing/
Cyble Detects Advanced Backdoor Targeting Defense Systems via Belarus Military Lure

Nov 3, 2025 11:19 AM

Tags: access, backdoor, cyber, defense, espionage, intelligence, malicious, military

Cyble Research and Intelligence Labs (CRIL) have uncovered a cyber-espionage operation that used a weaponized ZIP archive to infiltrate defense-sector systems. The malicious file”, disguised as a Belarusian military document titled “Ð¢Ð›Ð“ Ð½Ð° ÑƒÐ±Ñ‹Ñ‚Ð¸Ðµ Ð½Ð° Ð¿ÐµÑ€ÐµÐ¿Ð¾Ð´Ð³Ð¾Ñ‚Ð¾Ð²ÐºÑƒ.pdf” (“TLG for departure for retraining.pdf”)”, delivered a highly advanced backdoor capable of establishing covert access through SSH and Tor. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/belarus-military-hit-by-ssh-tor-backdoor/
Cyble Detects Advanced Backdoor Targeting Defense Systems via Belarus Military Lure

Nov 3, 2025 11:19 AM

Tags: access, backdoor, cyber, defense, espionage, intelligence, malicious, military

Cyble Research and Intelligence Labs (CRIL) have uncovered a cyber-espionage operation that used a weaponized ZIP archive to infiltrate defense-sector systems. The malicious file”, disguised as a Belarusian military document titled “Ð¢Ð›Ð“ Ð½Ð° ÑƒÐ±Ñ‹Ñ‚Ð¸Ðµ Ð½Ð° Ð¿ÐµÑ€ÐµÐ¿Ð¾Ð´Ð³Ð¾Ñ‚Ð¾Ð²ÐºÑƒ.pdf” (“TLG for departure for retraining.pdf”)”, delivered a highly advanced backdoor capable of establishing covert access through SSH and Tor. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/belarus-military-hit-by-ssh-tor-backdoor/
China-linked hackers exploited Lanscope flaw as a zero-day in attacks

Nov 1, 2025 5:19 PM

Tags: attack, china, cyber, endpoint, espionage, exploit, flaw, hacker, vulnerability, zero-day

China-linked cyber-espionage actors tracked as ‘Bronze Butler’ (Tick) exploited a Motex Lanscope Endpoint Manager vulnerability as a zero-day to deploy an updated version of their Gokcpdoor malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/china-linked-hackers-exploited-lanscope-flaw-as-a-zero-day-in-attacks/
China-linked UNC6384 exploits Windows zero-day to spy on European diplomats

Nov 1, 2025 4:19 PM

Tags: apt, china, cyber, espionage, exploit, google, group, spy, windows, zero-day

A China-linked APT group UNC6384 exploits a Windows zero-day in an active cyber espionage targeting European diplomats. Arctic Wolf Labs researchers uncovered a cyber espionage campaign by China-linked APT UNC6384 targeting diplomatic entities in Hungary, Belgium, and other EU nations. UNC6384 is a China-nexus actor recently detailed by Google TAG, has expanded from targeting Southeast…
China-Linked Tick Group Exploits Lanscope Zero-Day to Hijack Corporate Systems

Oct 31, 2025 3:19 PM

Tags: china, corporate, cve, cyber, endpoint, espionage, exploit, flaw, group, vulnerability, zero-day

The exploitation of a recently disclosed critical security flaw in Motex Lanscope Endpoint Manager has been attributed to a cyber espionage group known as Tick.The vulnerability, tracked as CVE-2025-61932 (CVSS score: 9.3), allows remote attackers to execute arbitrary commands with SYSTEM privileges on on-premise versions of the program. JPCERT/CC, in an alert issued this month,…
Windows LNK UI Spoofing Vulnerability Weaponized for Remote Code Execution

Oct 31, 2025 10:19 AM

Tags: china, cyber, espionage, exploit, google, remote-code-execution, social-engineering, threat, vulnerability, windows

A sophisticated cyber espionage campaign targeting European diplomatic institutions has been uncovered, signaling a strategic escalation by Chinese-affiliated threat actor UNC6384. Central to this campaign is the exploitation of the Windows shortcut (LNK) UI misrepresentation vulnerability”, ZDI-CAN-25373, first disclosed in March 2025″, paired with tailored social engineering schemes mimicking authentic diplomatic conferences. UNC6384, previously documented…
Windows LNK UI Spoofing Vulnerability Weaponized for Remote Code Execution

Oct 31, 2025 10:19 AM

Tags: china, cyber, espionage, exploit, google, remote-code-execution, social-engineering, threat, vulnerability, windows

A sophisticated cyber espionage campaign targeting European diplomatic institutions has been uncovered, signaling a strategic escalation by Chinese-affiliated threat actor UNC6384. Central to this campaign is the exploitation of the Windows shortcut (LNK) UI misrepresentation vulnerability”, ZDI-CAN-25373, first disclosed in March 2025″, paired with tailored social engineering schemes mimicking authentic diplomatic conferences. UNC6384, previously documented…
Diplomatic entities in Belgium and Hungary hacked in China-linked spy campaign

Oct 30, 2025 8:19 PM

Tags: china, cyber, espionage, malware, spy

A cyber-espionage operation attributed to China used the PlugX malware against Belgian and Hungarian diplomatic entities over the last two months, according to a new report. First seen on therecord.media Jump to article: therecord.media/belgium-hungary-diplomatic-entities-hacked-unc6384
Year-Long Nation-State Hack Hits US Telecom Ribbon Communications

Oct 30, 2025 6:19 PM

Tags: attack, breach, communications, espionage, risk, supply-chain

Ribbon Communications discloses a year-long breach by nation-state actors. The attack highlights critical supply chain risk, reflecting the Salt Typhoon and F5 espionage trends. First seen on hackread.com Jump to article: hackread.com/nation-state-hack-us-telecom-ribbon-communications/
Year-Long Nation-State Hack Hits US Telecom Ribbon Communications

Oct 30, 2025 6:19 PM

Tags: attack, breach, communications, espionage, risk, supply-chain

Ribbon Communications discloses a year-long breach by nation-state actors. The attack highlights critical supply chain risk, reflecting the Salt Typhoon and F5 espionage trends. First seen on hackread.com Jump to article: hackread.com/nation-state-hack-us-telecom-ribbon-communications/
Year-Long Nation-State Hack Hits US Telecom Ribbon Communications

Oct 30, 2025 6:19 PM

Tags: attack, breach, communications, espionage, risk, supply-chain

Ribbon Communications discloses a year-long breach by nation-state actors. The attack highlights critical supply chain risk, reflecting the Salt Typhoon and F5 espionage trends. First seen on hackread.com Jump to article: hackread.com/nation-state-hack-us-telecom-ribbon-communications/
Typo hackers sneak cross-platform credential stealer into 10 npm packages

Oct 30, 2025 4:19 PM

Tags: attack, captcha, cloud, corporate, credentials, data, email, espionage, hacker, linux, macOS, malicious, password, router, supply-chain, theft, threat

Payload for IP fingerprinting and credential theft: Once the fake CAPTCHA interaction occurs, the installer sends the victim’s IP address to the attacker’s server, a step that allows tracking, geofencing, and exclusion of unwanted targets.It then downloads the payload from the same host, which is a 24 MB Pyinstaller-packed application that contains hundreds of thousands…
BlueNoroff reemerges with new campaigns for crypto theft and espionage

Oct 29, 2025 1:26 PM

Tags: attack, blockchain, credentials, crypto, espionage, github, group, jobs, lazarus, malware, social-engineering, supply-chain, theft, tool

Fake recruiters with real malware: The GhostHire operation takes a different approach, targeting Web3 developers through fake job offers and recruitment tests. Here BlueNoroff sets up fake developer tasks, often hosted on GitHub or shared via Telegram bots. “Based on historical attack cases of this campaign, we assess with medium confidence that this attack flow…
BlueNoroff APT Launches AI-Enhanced Espionage on macOS, Using GPT-4o Images in Fake GhostCall Meetings

Oct 29, 2025 5:26 AM

Tags: ai, apt, espionage, macOS

The post BlueNoroff APT Launches AI-Enhanced Espionage on macOS, Using GPT-4o Images in Fake GhostCall Meetings appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/bluenoroff-apt-launches-ai-enhanced-espionage-on-macos-using-gpt-4o-images-in-fake-ghostcall-meetings/
Chrome Zero-Day Actively Exploited in Attacks by Mem3nt0 mori

Oct 28, 2025 5:26 PM

Tags: attack, browser, chrome, espionage, exploit, flaw, zero-day

A zero-day flaw in Chrome has been exploited by Mem3nt0 mori in Operation ForumTroll as part of a targeted espionage campaign First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chrome-zero-day-flaw-exploited/
MuddyWater’s Phoenix Backdoor Infects More Than 100 Government Organizations

Oct 28, 2025 2:26 PM

Tags: attack, backdoor, cyber, espionage, government, group, intelligence, international, iran, middle-east, phishing, threat

Advanced Persistent Threat (APT) MuddyWater has orchestrated a sophisticated phishing campaign targeting over 100 government entities across the Middle East, North Africa, and international organizations worldwide. Group-IB Threat Intelligence has attributed the campaign to the Iran-linked threat actor with high confidence, revealing an alarming escalation in the group’s espionage capabilities and operational sophistication. The attack…
MuddyWater’s Phoenix Backdoor Infects More Than 100 Government Organizations

Oct 28, 2025 2:26 PM

Tags: attack, backdoor, cyber, espionage, government, group, intelligence, international, iran, middle-east, phishing, threat

Advanced Persistent Threat (APT) MuddyWater has orchestrated a sophisticated phishing campaign targeting over 100 government entities across the Middle East, North Africa, and international organizations worldwide. Group-IB Threat Intelligence has attributed the campaign to the Iran-linked threat actor with high confidence, revealing an alarming escalation in the group’s espionage capabilities and operational sophistication. The attack…
Chrome Zero-Day Exploited to Deliver Italian Memento Labs’ LeetAgent Spyware

Oct 28, 2025 11:26 AM

Tags: browser, chrome, cve, espionage, exploit, flaw, google, service, spyware, technology, tool, vulnerability, zero-day

The zero-day exploitation of a now-patched security flaw in Google Chrome led to the distribution of an espionage-related tool from Italian information technology and services provider Memento Labs, according to new findings from Kaspersky.The vulnerability in question is CVE-2025-2783 (CVSS score: 8.3), a case of sandbox escape which the company disclosed in March 2025 as…
Chrome Zero-Day Exploited to Deliver Italian Memento Labs’ LeetAgent Spyware

Oct 28, 2025 11:26 AM

Tags: browser, chrome, cve, espionage, exploit, flaw, google, service, spyware, technology, tool, vulnerability, zero-day

The zero-day exploitation of a now-patched security flaw in Google Chrome led to the distribution of an espionage-related tool from Italian information technology and services provider Memento Labs, according to new findings from Kaspersky.The vulnerability in question is CVE-2025-2783 (CVSS score: 8.3), a case of sandbox escape which the company disclosed in March 2025 as…
Chrome 0-Day Exploited by Mem3nt0 Mori in Espionage Attacks

Oct 27, 2025 9:26 PM

Tags: attack, browser, chrome, cve, espionage, exploit, google, hacker, spyware, update, zero-day

Hackers exploit a Chrome 0-day to deploy spyware in attacks tied to Mem3nt0 Mori. Google patches CVE-2025-2783; users urged to update fast. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/chrome-zero-day-exploit-spyware/
Italian-made spyware spotted in breaches of Russian, Belarusian systems

Oct 27, 2025 7:26 PM

Tags: breach, espionage, hacking, kaspersky, russia, spyware

The Dante spyware from Memento Labs, the successor to the notorious Italian company Hacking Team, was part of espionage operations against targets in Russia and Belarus, researchers at Kaspersky said. First seen on therecord.media Jump to article: therecord.media/memento-labs-formerly-hacking-team-dante-spyware-russia-kaspersky