Tag: espionage
-
China-linked UNC6384 exploits Windows zero-day to spy on European diplomats
A China-linked APT group UNC6384 exploits a Windows zero-day in an active cyber espionage targeting European diplomats. Arctic Wolf Labs researchers uncovered a cyber espionage campaign by China-linked APT UNC6384 targeting diplomatic entities in Hungary, Belgium, and other EU nations. UNC6384 is a China-nexus actor recently detailed by Google TAG, has expanded from targeting Southeast…
-
China-Linked Tick Group Exploits Lanscope Zero-Day to Hijack Corporate Systems
The exploitation of a recently disclosed critical security flaw in Motex Lanscope Endpoint Manager has been attributed to a cyber espionage group known as Tick.The vulnerability, tracked as CVE-2025-61932 (CVSS score: 9.3), allows remote attackers to execute arbitrary commands with SYSTEM privileges on on-premise versions of the program. JPCERT/CC, in an alert issued this month,…
-
Diplomatic entities in Belgium and Hungary hacked in China-linked spy campaign
A cyber-espionage operation attributed to China used the PlugX malware against Belgian and Hungarian diplomatic entities over the last two months, according to a new report. First seen on therecord.media Jump to article: therecord.media/belgium-hungary-diplomatic-entities-hacked-unc6384
-
Year-Long Nation-State Hack Hits US Telecom Ribbon Communications
Ribbon Communications discloses a year-long breach by nation-state actors. The attack highlights critical supply chain risk, reflecting the Salt Typhoon and F5 espionage trends. First seen on hackread.com Jump to article: hackread.com/nation-state-hack-us-telecom-ribbon-communications/
-
Year-Long Nation-State Hack Hits US Telecom Ribbon Communications
Ribbon Communications discloses a year-long breach by nation-state actors. The attack highlights critical supply chain risk, reflecting the Salt Typhoon and F5 espionage trends. First seen on hackread.com Jump to article: hackread.com/nation-state-hack-us-telecom-ribbon-communications/
-
Year-Long Nation-State Hack Hits US Telecom Ribbon Communications
Ribbon Communications discloses a year-long breach by nation-state actors. The attack highlights critical supply chain risk, reflecting the Salt Typhoon and F5 espionage trends. First seen on hackread.com Jump to article: hackread.com/nation-state-hack-us-telecom-ribbon-communications/
-
Typo hackers sneak cross-platform credential stealer into 10 npm packages
Payload for IP fingerprinting and credential theft: Once the fake CAPTCHA interaction occurs, the installer sends the victim’s IP address to the attacker’s server, a step that allows tracking, geofencing, and exclusion of unwanted targets.It then downloads the payload from the same host, which is a 24 MB Pyinstaller-packed application that contains hundreds of thousands…
-
BlueNoroff APT Launches AI-Enhanced Espionage on macOS, Using GPT-4o Images in Fake GhostCall Meetings
The post BlueNoroff APT Launches AI-Enhanced Espionage on macOS, Using GPT-4o Images in Fake GhostCall Meetings appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/bluenoroff-apt-launches-ai-enhanced-espionage-on-macos-using-gpt-4o-images-in-fake-ghostcall-meetings/
-
Chrome Zero-Day Actively Exploited in Attacks by Mem3nt0 mori
A zero-day flaw in Chrome has been exploited by Mem3nt0 mori in Operation ForumTroll as part of a targeted espionage campaign First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chrome-zero-day-flaw-exploited/
-
MuddyWater’s Phoenix Backdoor Infects More Than 100 Government Organizations
Tags: attack, backdoor, cyber, espionage, government, group, intelligence, international, iran, middle-east, phishing, threatAdvanced Persistent Threat (APT) MuddyWater has orchestrated a sophisticated phishing campaign targeting over 100 government entities across the Middle East, North Africa, and international organizations worldwide. Group-IB Threat Intelligence has attributed the campaign to the Iran-linked threat actor with high confidence, revealing an alarming escalation in the group’s espionage capabilities and operational sophistication. The attack…
-
MuddyWater’s Phoenix Backdoor Infects More Than 100 Government Organizations
Tags: attack, backdoor, cyber, espionage, government, group, intelligence, international, iran, middle-east, phishing, threatAdvanced Persistent Threat (APT) MuddyWater has orchestrated a sophisticated phishing campaign targeting over 100 government entities across the Middle East, North Africa, and international organizations worldwide. Group-IB Threat Intelligence has attributed the campaign to the Iran-linked threat actor with high confidence, revealing an alarming escalation in the group’s espionage capabilities and operational sophistication. The attack…
-
Chrome Zero-Day Exploited to Deliver Italian Memento Labs’ LeetAgent Spyware
The zero-day exploitation of a now-patched security flaw in Google Chrome led to the distribution of an espionage-related tool from Italian information technology and services provider Memento Labs, according to new findings from Kaspersky.The vulnerability in question is CVE-2025-2783 (CVSS score: 8.3), a case of sandbox escape which the company disclosed in March 2025 as…
-
Chrome Zero-Day Exploited to Deliver Italian Memento Labs’ LeetAgent Spyware
The zero-day exploitation of a now-patched security flaw in Google Chrome led to the distribution of an espionage-related tool from Italian information technology and services provider Memento Labs, according to new findings from Kaspersky.The vulnerability in question is CVE-2025-2783 (CVSS score: 8.3), a case of sandbox escape which the company disclosed in March 2025 as…
-
Chrome 0-Day Exploited by Mem3nt0 Mori in Espionage Attacks
Hackers exploit a Chrome 0-day to deploy spyware in attacks tied to Mem3nt0 Mori. Google patches CVE-2025-2783; users urged to update fast. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/chrome-zero-day-exploit-spyware/
-
Italian-made spyware spotted in breaches of Russian, Belarusian systems
The Dante spyware from Memento Labs, the successor to the notorious Italian company Hacking Team, was part of espionage operations against targets in Russia and Belarus, researchers at Kaspersky said. First seen on therecord.media Jump to article: therecord.media/memento-labs-formerly-hacking-team-dante-spyware-russia-kaspersky
-
Lazarus group targets European drone makers in new espionage campaign
Drone-component theft meets geopolitical ambition: The targeting of firms linked to UAV design and manufacture is no coincidence. At least two of the companies compromised were tied to critical drone component supply chains and software systems.”The in-the-wild attacks successively targeted three European companies active in the defense sector,” researchers added. “Although their activities are somewhat…
-
Shifting from reactive to proactive: Cyber resilience amid nation-state espionage
In recent years, the cybersecurity industry has made significant strides in securing endpoints with advanced Endpoint Detection and Response (EDR) solutions, and we have been successful in making life more difficult for our adversaries. While this progress is a victory, it has also produced a predictable and dangerous consequence where threat actors are shifting their…
-
Shifting from reactive to proactive: Cyber resilience amid nation-state espionage
In recent years, the cybersecurity industry has made significant strides in securing endpoints with advanced Endpoint Detection and Response (EDR) solutions, and we have been successful in making life more difficult for our adversaries. While this progress is a victory, it has also produced a predictable and dangerous consequence where threat actors are shifting their…
-
Hackers posing as Kyrgyz officials target Russian agencies in cyber espionage campaign
A hacker group known as Cavalry Werewolf has launched a months-long cyber espionage campaign targeting Russia’s public sector as well as energy, mining and manufacturing companies. First seen on therecord.media Jump to article: therecord.media/hackers-pose-kyrgyz-officials-russia-cyber-espionage
-
Pakistani-Linked Hacker Group Targets Indian Government
A cyber-espionage campaign by Pakistan’s TransparentTribe has been identified, targeting Indian government systems using DeskRAT First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/pakistani-hacker-group-targets/
-
Phishing campaign across Mideast, North Africa is attributed to Iranian group
The well-known Iranian cyber-espionage operation tracked as MuddyWater spread backdoor malware in recent months through a compromised email account, researchers said. First seen on therecord.media Jump to article: therecord.media/iran-muddywater-phishing-campaign-north-africa-middle-east
-
TransparentTribe Targets Linux Systems in Indian Military to Deploy DeskRAT
In July 2025, cybersecurity firm CYFIRMA uncovered an active phishing campaign targeting Linux-based operating systems used by Indian government and military organisations. This operation, attributed to TransparentTribe (also known as APT36 or Operation C-Major), is the latest in a series of ongoing cyber espionage campaigns supporting Pakistan’s strategic interests. TransparentTribe, a Pakistani-nexus threat group active…
-
TransparentTribe Targets Linux Systems in Indian Military to Deploy DeskRAT
In July 2025, cybersecurity firm CYFIRMA uncovered an active phishing campaign targeting Linux-based operating systems used by Indian government and military organisations. This operation, attributed to TransparentTribe (also known as APT36 or Operation C-Major), is the latest in a series of ongoing cyber espionage campaigns supporting Pakistan’s strategic interests. TransparentTribe, a Pakistani-nexus threat group active…
-
TransparentTribe Targets Linux Systems in Indian Military to Deploy DeskRAT
In July 2025, cybersecurity firm CYFIRMA uncovered an active phishing campaign targeting Linux-based operating systems used by Indian government and military organisations. This operation, attributed to TransparentTribe (also known as APT36 or Operation C-Major), is the latest in a series of ongoing cyber espionage campaigns supporting Pakistan’s strategic interests. TransparentTribe, a Pakistani-nexus threat group active…
-
Warlock Ransomware Exploits SharePoint ToolShell Zero-Day in New Attack Campaign
Tags: attack, china, cyber, cybercrime, cybersecurity, espionage, exploit, group, infrastructure, microsoft, ransomware, threat, zero-dayChinese-linked threat actors behind the Warlock ransomware operation have emerged as a significant cybersecurity concern following their exploitation of a critical Microsoft SharePoint vulnerability. The group’s sophisticated attack infrastructure, combined with evidence of historical espionage activities dating back to 2019, reveals a complex threat landscape where cybercriminal and state-sponsored operations increasingly converge. Warlock first surfaced…
-
SideWinder Leverages ClickOnce Installer to Deliver StealerBot Malware
The notorious SideWinder advanced persistent threat (APT) group has evolved its cyber espionage tactics with a sophisticated new attack method, combining PDF lures with ClickOnce technology to deploy StealerBot malware against diplomatic targets across South Asia. SideWinder orchestrated a carefully planned phishing operation throughout 2025, deploying customized lures designed for specific diplomatic institutions. The campaign’s…