Tag: espionage
-
North Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ Firms
North Korean threat actors have been attributed to a coordinated cyber espionage campaign targeting diplomatic missions in their southern counterpart between March and July 2025.The activity manifested in the form of at least 19 spear-phishing emails that impersonated trusted diplomatic contacts with the goal of luring embassy staff and foreign ministry personnel with convincing meeting…
-
North Korea-linked hackers target embassies in Seoul in new espionage campaign
North Korea-linked hackers were seen targeting more than a dozen embassies in Seoul with phishing emails. First seen on therecord.media Jump to article: therecord.media/north-korean-hackers-target-foreign-embassies
-
North Korean Kimsuky Hackers Use GitHub to Target Foreign Embassies with XenoRAT Malware
Tags: cyber, data-breach, email, espionage, github, group, hacker, malware, north-korea, password, phishing, spear-phishingThe Trellix Advanced Research Center exposed a DPRK-linked espionage operation attributed to the Kimsuky group (APT43), targeting diplomatic missions in South Korea. Between March and July, at least 19 spear-phishing emails impersonated trusted diplomatic contacts, delivering malware via password-protected ZIP archives hosted on Dropbox and Daum. These emails lured embassy staff with credible invitations to…
-
Curly COMrades cyberspies hit govt orgs with custom malware
A new cyber-espionage threat group has been using a new backdoor malware that provides persistent access through a seemingly inactive scheduled task. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/curly-comrades-cyberspies-hit-govt-orgs-with-custom-malware/
-
New ‘Curly COMrades’ APT Using NGEN COM Hijacking in Georgia, Moldova Attacks
A previously undocumented threat actor dubbed Curly COMrades has been observed targeting entities in Georgia and Moldova as part of a cyber espionage campaign designed to facilitate long-term access to target networks.”They repeatedly tried to extract the NTDS database from domain controllers — the primary repository for user password hashes and authentication data in a…
-
North Korean Kimsuky Hackers Suffer Data Breach as Insiders Leak Information Online
A member of North Korea’s notorious Kimsuky espionage group has experienced a significant data breach after insiders leaked hundreds of gigabytes of internal files and tools to the public. The breach, which emerged in early June 2025, exposed the group’s sophisticated backdoors, phishing frameworks, and reconnaissance operations, marking a rare setback for the state-sponsored threat…
-
North Korean Kimsuky Hackers Suffer Data Breach as Insiders Leak Information Online
A member of North Korea’s notorious Kimsuky espionage group has experienced a significant data breach after insiders leaked hundreds of gigabytes of internal files and tools to the public. The breach, which emerged in early June 2025, exposed the group’s sophisticated backdoors, phishing frameworks, and reconnaissance operations, marking a rare setback for the state-sponsored threat…
-
Two groups exploit WinRAR flaws in separate cyber-espionage campaigns
A prominent hacking operation known as RomCom and a lesser-known group tracked as Paper Werewolf or Goffee each exploited a zero-day vulnerability in WinRAR software this summer, researchers said. First seen on therecord.media Jump to article: therecord.media/winrar-zero-day-exploited-romcom-paper-werewolf-goffee-hackers
-
UAC-0099 Tactics, Techniques, Procedures and Attack Methods Revealed
Tags: attack, cyber, defense, email, espionage, government, malicious, military, phishing, powershell, spear-phishing, tactics, threat, ukraineUAC-0099, a persistent threat actor active since at least 2022, has conducted sophisticated cyber-espionage operations against Ukrainian government, military, and defense entities, evolving its toolkit across three major campaigns documented in CERT-UA alerts from June 2023, December 2024, and August 2025. Initially relying on the PowerShell-based LONEPAGE loader delivered via spear-phishing emails with malicious attachments…
-
North Korean cyber-espionage group ScarCruft adds ransomware in recent attack
A North Korean state-linked hacking group known for spying added some “newly observed” ransomware to its kit in a campaign targeting South Koreans, researchers said. First seen on therecord.media Jump to article: therecord.media/scarcruft-north-korea-hackers-add-ransomware
-
Silver Fox APT Blurs the Line Between Espionage & Cybercrime
Silver Fox is the Hannah Montana of Chinese threat actors, effortlessly swapping between petty criminal and nation-state-type attacks. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/silver-fox-apt-espionage-cybercrime
-
Leaked, Patched, and Still Hacked: The SharePoint Zero-Day Crisis
This week we explore the recent Microsoft SharePoint vulnerability that has led to widespread exploitation by ransomware gangs and Chinese State-sponsored hackers. We also cover the confirmed compromise of multiple US agencies, including the Department of Homeland Security, in a large-scale cyber espionage campaign. Kevin Johnson joins to discuss the implications of these events, the……
-
Leaked, Patched, and Still Hacked: The SharePoint Zero-Day Crisis
This week we explore the recent Microsoft SharePoint vulnerability that has led to widespread exploitation by ransomware gangs and Chinese State-sponsored hackers. We also cover the confirmed compromise of multiple US agencies, including the Department of Homeland Security, in a large-scale cyber espionage campaign. Kevin Johnson joins to discuss the implications of these events, the……
-
Nation-state group CL-STA-0969 targeted Southeast Asian telecoms in 2024
State-backed group CL-STA-0969 hit Southeast Asian telecoms in 2024, targeting critical infrastructure, says Palo Alto Networks’ Unit 42. Palo Alto Networks reported that a nation-state actor, tracked as CL-STA-0969, targeted telecom firms in Southeast Asia, with attacks on critical infrastructure from February to November 2024. Threat actor CL-STA-0969 overlaps with the China-linked cyber espionage group…
-
APT36 Escalates Cyber-Espionage on India: Poseidon Backdoor Targets Railways, Oil Government
The post APT36 Escalates Cyber-Espionage on India: Poseidon Backdoor Targets Railways, Oil Government appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/apt36-escalates-cyber-espionage-on-india-poseidon-backdoor-targets-railways-oil-government/
-
CL0969 Installs Covert Malware in Telecom Networks During 10-Month Espionage Campaign
Telecommunications organizations in Southeast Asia have been targeted by a state-sponsored threat actor known as CL-STA-0969 to facilitate remote control over compromised networks.Palo Alto Networks Unit 42 said it observed multiple incidents in the region, including one aimed at critical telecommunications infrastructure between February and November 2024.The attacks are characterized by the First seen on…
-
ISMG Editors: ToolShell Exploit Blurs Crime and Espionage
Also: Rethinking IT-OT Integration; Previewing Black Hat 2025. In this week’s update, four ISMG editors discussed the latest on the ToolShell exploit and the rise of Warlock ransomware, why IT-OT integration may not be the best answer for industrial security and what to expect next week from ISMG Studio at Black Hat Conference 2025. First…
-
Secret Blizzard Targets Moscow-Based Embassies in New Espionage Campaign
Microsoft has observed Russian state actor Secret Blizzard using an AiTM position to gain initial access, assisted by official domestic intercept systems First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/secret-blizzard-moscow-embassies/
-
SentinelLabs uncovers China’s hidden cyber-espionage arsenal
CSOonline that the most important pieces of new information gleaned from the findings are that “China’s contracting ecosystem forces many companies and individuals to collaborate on intrusions. This means many China-based Advanced Persistent Threats (APTs) may actually contain many different companies with many different clients.”The nation’s diverse private sector offensive ecosystem, he said, “supports a…
-
Secret Blizzard Deploys Malware in ISP-Level AitM Attacks on Moscow Embassies
The Russian nation-state threat actor known as Secret Blizzard has been observed orchestrating a new cyber espionage campaign targeting foreign embassies located in Moscow by means of an adversary-in-the-middle (AitM) attack at the Internet Service Provider (ISP) level and delivering a custom malware dubbed ApolloShadow.”ApolloShadow has the capability to install a trusted root certificate to…
-
Russian hackers use ISP access to hack embassies in AiTM attacks
Microsoft warns that a cyber-espionage group linked to Russia’s Federal Security Service (FSB) is targeting diplomatic missions in Moscow using local internet service providers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-russian-hackers-use-isp-access-to-hack-embassies-in-aitm-attacks/
-
Kremlin monitors foreign embassies in Moscow through cyber-espionage at ISP level
In a warning to foreign embassies in Moscow, Microsoft said a Russian state-backed hacking group known as Secret Blizzard or Turla has been using internet service providers for adversary-in-the-middle (AiTM) attacks. First seen on therecord.media Jump to article: therecord.media/russia-fsb-turla-espionage-foreign-embassies-isp-level
-
Russia-affiliated Secret Blizzard conducting ongoing espionage against embassies in Moscow
A new Microsoft report finds that the long-running threat group has gained positions on state-aligned ISPs and Russian telecoms, while tricking foreign embassy staff to download custom malware. First seen on cyberscoop.com Jump to article: cyberscoop.com/russia-secret-blizzard-espionage-embassies-moscow/
-
North Korean hackers target open-source repositories in new espionage campaign
In its latest operation, Lazarus took advantage of major gaps in the open-source software supply chain, like developers depending on unvetted packages and the lack of oversight for popular tools that are often maintained by just one or two people. First seen on therecord.media Jump to article: therecord.media/north-korean-hackers-targeting-open-source-repositories
-
Espionage costing Australia $8 billion each year, warns intelligence chief
Mike Burgess, who leads the Australian Security Intelligence Organisation, said at the Annual Hawke Lecture at the University of South Australia that he was putting a dollar figure on the economic cost of espionage for the first time to stress the “real, present and costly danger” facing Australia. First seen on therecord.media Jump to article:…
-
Over 200 Malicious Open Source Packages Traced to Lazarus Campaign
North Korea’s Lazarus Group has been blamed for a cyber-espionage campaign using open source packages First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/200-malicious-open-source-lazarus/
-
32% of exploited vulnerabilities are now zero-days or 1-days
Russian and Iranian threat activity rises: The security industry attributes only some of the newly discovered exploits to known attacker groups, and only some of those groups have known countries of origin. As a result, statistics on the origin of attacks are not perfect.During the first half of 2025, 181 of CVEs added to the…
-
Hafnium Tied to Advanced Chinese Surveillance Tools
A SentinelLabs report has revealed patents linked to firms aiding China’s cyber-espionage operations, exposing new capabilities First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/hafnium-chinese-surveillance-tools/