Tag: espionage
-
Threat Actors Use LNK Files to Deploy RedLoader Malware on Windows Systems
Sophos analysts have identified a novel infection chain employed by the financially motivated cybercriminal group GOLD BLADE, also known as RedCurl, Red Wolf, and Earth Kapre, to deploy their custom RedLoader malware on Windows systems. This group, active since 2018 and specializing in commercial espionage, has been observed using highly targeted phishing emails to infiltrate…
-
Chinese Firms Linked to Silk Typhoon Filed 15+ Patents for Cyber Espionage Tools
Chinese companies linked to the state-sponsored hacking group known as Silk Typhoon (aka Hafnium) have been identified as behind over a dozen technology patents, shedding light on the shadowy cyber contracting ecosystem and its offensive capabilities.The patents cover forensics and intrusion tools that enable encrypted endpoint data collection, Apple device forensics, and remote access to…
-
UNC3886 Exploits Multiple 0-Day Bugs in VMware vCenter, ESXi, and Fortinet FortiOS
The advanced persistent threat group UNC3886 has escalated its sophisticated cyber espionage campaign by exploiting multiple zero-day vulnerabilities across critical infrastructure platforms, including VMware vCenter, ESXi hypervisors, and Fortinet FortiOS systems. This revelation comes as Singapore’s Coordinating Minister for National Security confirmed that the nation faces a highly sophisticated threat actor targeting essential services, with…
-
Inside Laundry Bear: Unveiling Infrastructure, Tactics, and Procedures
Dutch intelligence agencies AIVD and MIVD, alongside Microsoft Threat Intelligence, have identified Laundry Bear also tracked as Void Blizzard as a sophisticated Russian state-sponsored advanced persistent threat (APT) group active since at least April 2024. This actor has focused on espionage operations against NATO countries, Ukraine, and various organizations including the Dutch police, a Ukrainian…
-
Operation CargoTalon targets Russia’s aerospace with EAGLET malware,
Operation CargoTalon targets Russia’s aerospace and defense sectors with EAGLET malware, using TTN documents to exfiltrate data. SEQRITE Labs researchers uncovered a cyber-espionage campaign, dubbed OperationCargoTalon, targeting Russia’s aerospace and defense sectors, specifically Voronezh Aircraft Production Association (VASO), via malicious TTN documents. >>Товарно-транÑÐ¿Ð¾Ñ€Ñ‚Ð½Ð°Ñ Ð½Ð°ÐºÐ»Ð°Ð´Ð½Ð°Ñ>goods and transport invoice>consignment note
-
Cyber Espionage Campaign Hits Russian Aerospace Sector Using EAGLET Backdoor
Russian aerospace and defense industries have become the target of a cyber espionage campaign that delivers a backdoor called EAGLET to facilitate data exfiltration.The activity, dubbed Operation CargoTalon, has been assigned to a threat cluster tracked as UNG0901 (short for Unknown Group 901).”The campaign is aimed at targeting employees of Voronezh Aircraft Production Association (VASO),…
-
Fire Ant Hackers Target VMware ESXi and vCenter Flaws to Infiltrate Organizations
Cybersecurity firm Sygnia has been tracking and mitigating a sophisticated espionage operation dubbed Fire Ant, which zeroes in on virtualization and networking infrastructure, particularly VMware ESXi hypervisors and vCenter management servers, alongside network appliances. The threat actors behind Fire Ant employ multilayered kill chains, blending advanced persistence mechanisms with stealthy techniques to breach segmented networks…
-
Prolonged Chinese Cyber Espionage Campaign Targets VMware Appliances
Sygnia observed Chinese cyber campaign dubbed Fire Ant deploying sophisticated techniques to gain full compromise of victim environments, discovering isolated assets First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-espionage-targets-vmware/
-
Singapore’s cybersecurity paradox: Top firms rated A, yet all breached
Tags: access, attack, china, cybersecurity, espionage, exploit, group, incident response, infrastructure, intelligence, malicious, metric, mfa, network, resilience, risk, router, service, supply-chain, threat, update, vulnerabilitySingapore faces targeted threats: Beyond statistical exposure, Singapore is also facing targeted campaigns against its critical infrastructure. One such operation involves China-linked threat group UNC3886, recently observed exploiting vulnerabilities in Juniper (Junos OS) routers to infiltrate telecom and service provider networks.Gilad Maizles, threat researcher at SecurityScorecard, said, “The campaign appears to be operated through a…
-
Singapore’s cybersecurity paradox: Top firms rated A, yet all breached
Tags: access, attack, china, cybersecurity, espionage, exploit, group, incident response, infrastructure, intelligence, malicious, metric, mfa, network, resilience, risk, router, service, supply-chain, threat, update, vulnerabilitySingapore faces targeted threats: Beyond statistical exposure, Singapore is also facing targeted campaigns against its critical infrastructure. One such operation involves China-linked threat group UNC3886, recently observed exploiting vulnerabilities in Juniper (Junos OS) routers to infiltrate telecom and service provider networks.Gilad Maizles, threat researcher at SecurityScorecard, said, “The campaign appears to be operated through a…
-
US Nuclear Agency Hacked in Microsoft SharePoint Frenzy
Threat actors are piling on the zero-day vulnerabilities in SharePoint, including at least three Chinese nation-state cyber-espionage groups. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/us-nuclear-agency-hacked-microsoft-sharepoint
-
Silicon Valley Engineer Pleads Guilty in U.S. Missile Detection Data Theft Case
A Silicon Valley engineer with dual U.S.-China citizenship pleaded guilty to stealing critical defense technologies worth hundreds of millions of dollars, including classified systems designed to detect nuclear missile launches and track hypersonic weapons. The case highlights growing concerns about economic espionage and technology transfer to foreign adversaries. Engineer Admits to Massive Data Theft Chenguang…
-
China-Backed APT41 Cyberattack Surfaces in Africa
Up to now, the prolific China-sponsored cyber-espionage group has been mostly absent from the region, but a sophisticated and highly targeted attack on an African IT company shows Beijing is branching out. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/china-backed-apt41-attack-africa
-
UK blames Russia’s infamous ‘Fancy Bear’ group for Microsoft cloud hacks
Authentic Antics malware tool to target Microsoft cloud accounts were the handiwork of the notorious Russian Fancy Bear hacking group, the UK’s National Cyber Security Centre (NCSC) has said.Authentic Antics was discovered after a cyberattack in 2023 which prompted an NCSC technical teardown of the malware that it published in May this year. The agency…
-
UNG0002 Deploys Weaponized LNK Files with Cobalt Strike and Metasploit to Target Organizations
Seqrite Labs APT-Team has uncovered a persistent threat entity, UNG0002 (Unknown Group 0002), orchestrating espionage-driven operations across Asian jurisdictions, including China, Hong Kong, and Pakistan. Active since at least May 2024, this South-East Asia-based cluster has demonstrated a high degree of adaptability and technical prowess, targeting critical sectors such as defense, civil aviation, electrotechnical engineering,…
-
China-Linked Hackers Launch Targeted Espionage Campaign on African IT Infrastructure
The China-linked cyber espionage group tracked as APT41 has been attributed to a new campaign targeting government IT services in the African region.”The attackers used hardcoded names of internal services, IP addresses, and proxy servers embedded within their malware,” Kaspersky researchers Denis Kulik and Daniil Pogorelov said. “One of the C2s [command-and-control servers] was a…
-
Singapore under ongoing cyber attack from APT group
Nation-state actor UNC3886 is actively targeting Singapore’s critical national infrastructure in a sophisticated espionage and disruption campaign, with the government mounting a whole-of-government response First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366627926/Singapore-under-ongoing-cyber-attack-from-APT-group
-
UNG0002: Stealthy South Asian APT Group Unleashes New Malware in Cyber Espionage Campaigns Across Asia
The post UNG0002: Stealthy South Asian APT Group Unleashes New Malware in Cyber Espionage Campaigns Across Asia appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/ung0002-stealthy-south-asian-apt-group-unleashes-new-malware-in-cyber-espionage-campaigns-across-asia/
-
China-Aligned APTs Intensify Cyber Espionage on Taiwan’s Semiconductor Industry
The post China-Aligned APTs Intensify Cyber Espionage on Taiwan’s Semiconductor Industry appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/china-aligned-apts-intensify-cyber-espionage-on-taiwans-semiconductor-industry/
-
Singapore warns China-linked group UNC3886 targets its critical infrastructure
Singapore says China-linked group UNC3886 targeted its critical infrastructure by hacking routers and security devices. Singapore accused China-linked APT group UNC3886 of targeting its critical infrastructure. UNC3886 is a sophisticated China-linked cyber espionage group that targets network devices and virtualization technologies using zero-day exploits. Its primary focus is on defense, technology, and telecommunications sectors in…
-
These are our favorite cyber books on hacking, espionage, crypto, surveillance, and more
These are our favorite cybersecurity books, both by fiction authors, as well as journalists and researchers. First seen on techcrunch.com Jump to article: techcrunch.com/2025/07/19/these-are-our-favorite-cyber-books-on-hacking-espionage-crypto-surveillance-and-more/
-
UK ties GRU to stealthy Microsoft 365 credential-stealing malware
The UK National Cyber Security Centre (NCSC) has formally attributed ‘Authentic Antics’ espionage malware attacks to APT28 (Fancy Bear), threat actor already linked to Russia’s military intelligence service (GRU). First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/uk-ties-russian-gru-to-authentic-antics-credential-stealing-malware/
-
UNG0002 Group Hits China, Hong Kong, Pakistan Using LNK Files and RATs in Twin Campaigns
Multiple sectors in China, Hong Kong, and Pakistan have become the target of a threat activity cluster tracked as UNG0002 (aka Unknown Group 0002) as part of a broader cyber espionage campaign.”This threat entity demonstrates a strong preference for using shortcut files (LNK), VBScript, and post-exploitation tools such as Cobalt Strike and Metasploit, while consistently…
-
Fancy Bear Hackers Target Governments and Military Entities with Advanced Tools
Tags: cyber, cyberespionage, cybersecurity, espionage, finance, government, group, hacker, military, russia, toolFancy Bear, designated as APT28 by cybersecurity experts, represents a sophisticated Russian cyberespionage collective operational since 2007, renowned for infiltrating governments, military organizations, and strategic entities globally. This group, also known under aliases such as Sofacy, Sednit, STRONTIUM, and Unit 26165, pursues motivations encompassing financial gain, reputational sabotage, espionage, and political agendas. Their operations frequently…
-
How China’s Patriotic ‘Honkers’ Became the Nation’s Elite Cyberspies
A new report traces the history of the early wave of Chinese hackers who became the backbone of the state’s espionage apparatus. First seen on wired.com Jump to article: www.wired.com/story/china-honkers-elite-cyber-spies/
-
Russia Linked to New Malware Targeting Email Accounts for Espionage
Russian military intelligence-linked hackers are using a new malware called “Authentic Antics” to secretly access Microsoft cloud email accounts, the UK’s NCSC reports First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/new-malware-targeting-email/
-
China-Backed Hackers Intensify Attacks on Taiwan Chipmakers
3 State-Sponsored Groups Spear-Phish Semiconductor Ecosystem. Chinese state-aligned hackers have ramped up espionage efforts against Taiwan’s semiconductor ecosystem through spear-phishing campaigns. Three distinct threat actors targeted chipmakers, packaging and testing firms, equipment suppliers and financial analysts. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/china-backed-hackers-intensify-attacks-on-taiwan-chipmakers-a-29004
-
China-linked hackers target Taiwan chip firms in a coordinated espionage campaign
Tags: access, ai, attack, china, compliance, control, credentials, cyber, cybersecurity, detection, email, espionage, exploit, finance, framework, government, group, hacker, intelligence, international, login, monitoring, network, phishing, software, supply-chain, technology, threat, warfareInvestment banks in the crosshairs: A second group, UNK_DropPitch, targeted the financial ecosystem surrounding Taiwan’s semiconductor industry. This group conducted phishing campaigns against investment banks, focusing on individuals specializing in Taiwanese semiconductor analysis. The phishing emails purported to come from fictitious financial firms seeking collaboration opportunities.The third group, UNK_SparkyCarp, focused on credential harvesting through sophisticated…
-
Hackers Exploit Ivanti and Fortinet VPN Vulnerabilities in Attacks on Japanese Companies
Cyber espionage campaigns against Japanese companies have increased in fiscal year 2024, which runs from April 2024 to March 2025, according to a thorough analysis published by Macnica’s Security Research Center. The main objective of these campaigns is to exfiltrate sensitive data, including manufacturing blueprints, policy-related documents, and personal information. Since initiating monitoring in 2014,…