Tag: espionage
-
‘Mysterious Elephant’ Moves Beyond Recycled Malware
The cyber-espionage group has been using sophisticated custom tools to target government and diplomatic entities in South Asia since early 2025. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/mysterious-elephant-recycled-malware
-
Chinese-Linked Hackers Breach Top Political US Law Firm
Williams & Connolly Hit in Zero-Day Campaign Impacting Client Emails. A zero-day vulnerability was used to breach email accounts at the elite D.C. law firm Williams & Connolly, with officials reportedly suspecting the hack is part of a China-linked campaign targeting the U.S. legal sector to support espionage, steal intelligence and establish long-term access routes.…
-
From HealthKick to GOVERSHELL: The Evolution of UTA0388’s Espionage Malware
A China-aligned threat actor codenamed UTA0388 has been attributed to a series of spear-phishing campaigns targeting North America, Asia, and Europe that are designed to deliver a Go-based implant known as GOVERSHELL.”The initially observed campaigns were tailored to the targets, and the messages purported to be sent by senior researchers and analysts from legitimate-sounding, completely…
-
APT35: Inside the Structure, Toolset, and Espionage Operations of an IRGC-Linked Group
In a groundbreaking disclosure, CloudSEK’s TRIAD unit has unearthed internal operational materials that shed light on Charming Kitten (APT35), revealing an intricate espionage apparatus linked to Iran’s Islamic Revolutionary Guard Corps (IRGC). The leak comprises over 100 Persian-language files marked with Jalali calendar dates and aligned with Tehran time, underscoring its authenticity. At the apex,…
-
APT35: Inside the Structure, Toolset, and Espionage Operations of an IRGC-Linked Group
In a groundbreaking disclosure, CloudSEK’s TRIAD unit has unearthed internal operational materials that shed light on Charming Kitten (APT35), revealing an intricate espionage apparatus linked to Iran’s Islamic Revolutionary Guard Corps (IRGC). The leak comprises over 100 Persian-language files marked with Jalali calendar dates and aligned with Tehran time, underscoring its authenticity. At the apex,…
-
APT35: Inside the Structure, Toolset, and Espionage Operations of an IRGC-Linked Group
In a groundbreaking disclosure, CloudSEK’s TRIAD unit has unearthed internal operational materials that shed light on Charming Kitten (APT35), revealing an intricate espionage apparatus linked to Iran’s Islamic Revolutionary Guard Corps (IRGC). The leak comprises over 100 Persian-language files marked with Jalali calendar dates and aligned with Tehran time, underscoring its authenticity. At the apex,…
-
Mustang Panda Adopts New DLL Side-Loading Method to Deploy Malware
The sophisticated China-linked threat actor Mustang Panda has refined its cyber espionage arsenal with an advanced DLL side-loading technique specifically targeting the Tibetan community, according to recent analysis of a campaign first identified by IBM’s X-Force in June 2025. This politically motivated operation demonstrates how threat actors continuously evolve their obfuscation methods to bypass security controls and…
-
Mustang Panda Adopts New DLL Side-Loading Method to Deploy Malware
The sophisticated China-linked threat actor Mustang Panda has refined its cyber espionage arsenal with an advanced DLL side-loading technique specifically targeting the Tibetan community, according to recent analysis of a campaign first identified by IBM’s X-Force in June 2025. This politically motivated operation demonstrates how threat actors continuously evolve their obfuscation methods to bypass security controls and…
-
SideWinder APT Launches Operation SouthNet, Weaponizing Netlify and Pages.dev for Espionage
The post SideWinder APT Launches Operation SouthNet, Weaponizing Netlify and Pages.dev for Espionage appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/sidewinder-apt-launches-operation-southnet-weaponizing-netlify-and-pages-dev-for-espionage/
-
Reading the ENISA Threat Landscape 2025 report
ENISA Threat Landscape 2025: Rising ransomware, AI phishing, and state-backed espionage mark a converging, persistent EU cyber threat landscape. ENISA Threat Landscape 2025 report provides a comprehensive analysis of the evolving threat landscape in Europe. The report analyzes the events that occurred between July 2024 and June 2025, including nearly 4,900 verified incidents. This year’s…
-
Confucius APT Evolves: Espionage Group Shifts from WooperStealer to Advanced Python Backdoor AnonDoor
The post Confucius APT Evolves: Espionage Group Shifts from WooperStealer to Advanced Python Backdoor AnonDoor appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/confucius-apt-evolves-espionage-group-shifts-from-wooperstealer-to-advanced-python-backdoor-anondoor/
-
Confucius Shifts from Document Stealers to Python Backdoors
The Confucius cyber-espionage group has shifted its tactics from document-focused stealers to Python-based backdoors like AnonDoor First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/confucius-shifts-doc-stealers/
-
China-linked APT Phantom Taurus uses Net-Star malware in espionage campaigns against key sectors
China-linked APT Phantom Taurus targets government and telecom orgs with Net-Star malware for espionage, using unique tactics over two years. China-nexus APT Phantom Taurus has targeted government and telecom organizations for espionage, using Net-Star malware and distinct TTPs. Phantom Taurus is a previously undocumented Chinese APT, it has targeted entities in Africa, the Middle East,…
-
New Chinese Nexus APT Group Targeting Organizations to Deploy NET-STAR Malware Suite
China-linked advanced persistent threat (APT) group Phantom Taurus has intensified espionage operations against government and telecommunications targets across Africa, the Middle East, and Asia, deploying a newly discovered .NET malware suite called NET-STAR. First tracked by Unit 42 in June 2023 as cluster CL-STA-0043 and temporarily designated TGR-STA-0043 (Operation Diplomatic Specter) in May 2024, the…
-
Two Dutch Teenagers Arrested for Wi-Fi Sniffing Activities
Dutch authorities have arrested two 17-year-old boys on suspicion of >>state interference
-
RedNovember: Chinese APT Expands Global Espionage to U.S. Defense, Aerospace, and Tech Firms
The post RedNovember: Chinese APT Expands Global Espionage to U.S. Defense, Aerospace, and Tech Firms appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/rednovember-chinese-apt-expands-global-espionage-to-u-s-defense-aerospace-and-tech-firms/
-
Russia-Linked COLDRIVER Group Expands Toolset, Using New Malware in ClickFix Espionage Campaign
The post Russia-Linked COLDRIVER Group Expands Toolset, Using New Malware in ClickFix Espionage Campaign appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/russia-linked-coldriver-group-expands-toolset-using-new-malware-in-clickfix-espionage-campaign/
-
Salt Typhoon: China’s State-Sponsored Espionage Group Infiltrates Global Telecoms for Long-Term Cyber Warfare
The post Salt Typhoon: China’s State-Sponsored Espionage Group Infiltrates Global Telecoms for Long-Term Cyber Warfare appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/salt-typhoon-chinas-state-sponsored-espionage-group-infiltrates-global-telecoms-for-long-term-cyber-warfare/
-
New Chinese Espionage Hacking Group Uncovered
‘RedNovember’ Has Hacked Organizations in the US, Asia and Europe. A hacking group associated with widespread compromise of edge devices is a Chinese-state-aligned group, says cybersecurity firm Recorded Future. The firm says the threat actor, which it now tracks as RedNovember, is highly likely a Chinese state-sponsored threat activity group. First seen on govinfosecurity.com Jump…
-
Chinese APT Drops ‘Brickstorm’ Backdoors on Edge Devices
The China-linked cyber-espionage group UNC5221 is compromising network appliances that cannot run traditional EDR agents to deploy new versions of the Brickstorm backdoor. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/chinese-apt-brickstorm-backdoors-edge-devices
-
CISA alerts federal agencies of widespread attacks using Cisco zero-days
Cisco said it was investigating state-sponsored espionage attacks in May. CISA did not explain why it waited four months to issue an emergency directive. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisa-emergency-directive-cisco-zero-days/
-
Chinese State-Sponsored Hackers Targeting Telecommunications Infrastructure to Steal Sensitive Data
Tags: china, communications, cyber, data, espionage, exploit, group, hacker, infrastructure, intelligence, network, threatChinese state-sponsored cyber threat group Salt Typhoon has intensified long-term espionage operations against global telecommunications infrastructure, according to recent legal and intelligence reporting. Aligned with the Ministry of State Security (MSS) and active since at least 2019, Salt Typhoon has systematically exploited network edge devices to establish deep persistence and exfiltrate highly sensitive communications metadata,…