Tag: espionage
-
Response to CISA Advisory (AA25-239A): Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System
In response to the CISA Advisory (AA25-239A), AttackIQ has updated the assessment template that emulates the various post-compromise Tactics, Techniques, and Procedures (TTPs) associated with the Chinese adversary Salt Typhoon and released a new attack graph emulating the behaviors exhibited during the SparrowDoor and ShadowPad campaign in March 2025. First seen on securityboulevard.com Jump to…
-
Response to CISA Advisory (AA25-239A): Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System
In response to the CISA Advisory (AA25-239A), AttackIQ has updated the assessment template that emulates the various post-compromise Tactics, Techniques, and Procedures (TTPs) associated with the Chinese adversary Salt Typhoon and released a new attack graph emulating the behaviors exhibited during the SparrowDoor and ShadowPad campaign in March 2025. First seen on securityboulevard.com Jump to…
-
How the newest ISAC aims to help food and agriculture firms thwart cyberattacks
Food industry executives used to shrug off ransomware and cyber-espionage risks. A new group is helping to change that, but its reach remains unclear. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/food-isac-growth-supply-chain/758505/
-
NoisyBear Exploits ZIP Files for PowerShell Loaders and Data Exfiltration
The threat actor known as NoisyBear has launched a sophisticated cyber-espionage effort called Operation BarrelFire, using specially designed phishing lures that imitate internal correspondence to target Kazakhstan’s energy sector, particularly workers of the state oil and gas major KazMunaiGas. Security researchers at Seqrite Labs first observed the campaign in April 2025 and noted its rapid…
-
Czech cyber agency warns against using services and products that send data to China
Cloud storage and remote operation can expose critical sectors to Chinese espionage, warned the Czech Republic’s NÚKIB, “making trust in the reliability of the provider absolutely crucial.” First seen on therecord.media Jump to article: therecord.media/czech-nukib-warns-against-products-sending-data-china
-
Czech cyber agency warns against using services and products that send data to China
Cloud storage and remote operation can expose critical sectors to Chinese espionage, warned the Czech Republic’s NÚKIB, “making trust in the reliability of the provider absolutely crucial.” First seen on therecord.media Jump to article: therecord.media/czech-nukib-warns-against-products-sending-data-china
-
Chinese APT Groups Exploit Router Flaws to Breach Enterprises
Chinese state-sponsored Advanced Persistent Threat (APT) groups have escalated their cyber espionage campaigns, systematically targeting global telecommunications, government, and military networks through sophisticated router exploitation techniques since 2021. Since at least 2021, Chinese state-sponsored cyber actors have been conducting extensive, stealthy operations to infiltrate and control key network devices across critical sectors worldwide. These malicious…
-
Operation HanKook Phantom: APT-37 Targets South Korean Institutions with LNK-Based Espionage Campaign
The post Operation HanKook Phantom: APT-37 Targets South Korean Institutions with LNK-Based Espionage Campaign appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/operation-hankook-phantom-apt-37-targets-south-korean-institutions-with-lnk-based-espionage-campaign/
-
APT Groups Weaponize Infostealer Malware in Precision Attacks
Tags: apt, attack, credentials, cyber, cybersecurity, espionage, group, intelligence, malware, threat, tool, warfareThe cybersecurity landscape has witnessed a dangerous evolution as Advanced Persistent Threat (APT) groups increasingly weaponize opportunistic infostealer malware for sophisticated espionage campaigns. What once served as broad-spectrum credential harvesting tools are now being repurposed into precision instruments of geopolitical warfare, targeting diplomatic institutions worldwide with devastating effectiveness. Recent threat intelligence from Hudson Rock’s Cavalier…
-
Amazon blocks APT29 campaign targeting Microsoft device code authentication
Amazon stopped a Russia-linked APT29 watering hole attack that hijacked Microsoft device code authentication via compromised sites. Amazon announced that it had disrupted an opportunistic watering hole campaign orchestrated by the Russia-linked cyber espionage group APT29 (aka SVR group, Cozy Bear, Nobelium, BlueBravo, Midnight Blizzard, and The Dukes). Amazon experts labeled the attacks as an opportunistic watering hole campaign using compromised…
-
Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks
Tags: access, advisory, attack, authentication, china, cisa, cisco, credentials, cve, cyber, cybersecurity, data, espionage, exploit, firewall, fortinet, germany, government, identity, infrastructure, injection, ivanti, kev, malicious, microsoft, military, mitigation, mitre, network, remote-code-execution, risk, software, tactics, threat, update, vulnerability, zero-dayAn analysis of Tenable telemetry data shows that the vulnerabilities being exploited by Chinese state-sponsored actors remain unremediated on a considerable number of devices, posing major risk to the organizations that have yet to successfully address these flaws. Background Tenable’s Research Special Operations (RSO) team has compiled this blog to answer Frequently Asked Questions (FAQ)…
-
Abandoned Sogou Zhuyin Update Server Hijacked, Weaponized in Taiwan Espionage Campaign
An abandoned update server associated with input method editor (IME) software Sogou Zhuyin was leveraged by threat actors as part of an espionage campaign to deliver several malware families, including C6DOOR and GTELAM, in attacks primarily targeting users across Eastern Asia.”Attackers employed sophisticated infection chains, such as hijacked software updates and fake cloud storage or…
-
Cybercrime increasingly moving beyond financial gains
Tags: attack, awareness, business, ciso, computer, corporate, cyber, cyberattack, cybercrime, cybersecurity, defense, disinformation, espionage, finance, government, group, hacker, hacking, incident response, infrastructure, intelligence, iran, malicious, military, network, ransom, ransomware, risk, risk-analysis, russia, strategy, theft, threat, tool, ukraine, vulnerability, wormsrcset=”https://b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?quality=50&strip=all 892w, b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?resize=223%2C300&quality=50&strip=all 223w, b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?resize=768%2C1033&quality=50&strip=all 768w, b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?resize=761%2C1024&quality=50&strip=all 761w, b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?resize=518%2C697&quality=50&strip=all 518w, b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?resize=125%2C168&quality=50&strip=all 125w, b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?resize=62%2C84&quality=50&strip=all 62w, b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?resize=357%2C480&quality=50&strip=all 357w, b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?resize=268%2C360&quality=50&strip=all 268w, b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?resize=186%2C250&quality=50&strip=all 186w” width=”761″ height=”1024″ sizes=”auto, (max-width: 761px) 100vw, 761px”> Incibe. En la imagen, Patricia Alonso GarcÃa.”We are very redundant when talking about cybercrime, because we always associate it with economic motivations,” says Hervé Lambert, global consumer operations…
-
CISA, FBI, NSA Warn of Chinese ‘Global Espionage System’
Three federal agencies were parties to a global security advisory this week warning about the extensive threat posed by Chinese nation-state actors targeting network devices. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/cisa-fbi-nsa-warn-chinese-global-espionage-system
-
FBI Issues Updated Warning on Salt Typhoon’s Global Cyber-Espionage Operations
The FBI has released new findings on a long-running cyber campaign that quietly infiltrated major U.S. telecommunications providers and critical infrastructure around the world. The campaign, carried out by a group of hackers linked to the Chinese government, is known as Salt Typhoon. According to federal officials, the operation has been active since at least……
-
Dutch intelligence agencies report country was targeted by Chinese cyber spies
The Netherlands announced on Thursday that it was targeted by a Chinese cyber-espionage campaign tracked as Salt Typhoon and RedMike that has been compromising critical infrastructure globally. First seen on therecord.media Jump to article: therecord.media/dutch-intelligence-cyber-spies-salt
-
Chinese Tech Firms Linked to Salt Typhoon Espionage Campaigns
The US, UK and allies have called out China’s “commercial cyber ecosystem” for enabling large-scale Salt Typhoon campaigns First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-tech-firms-salt-typhoon/
-
An Espionage System: NSA, CISA, Partners Expose Chinese APT Groups
The post An Espionage System: NSA, CISA, Partners Expose Chinese APT Groups appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/an-espionage-system-nsa-cisa-partners-expose-chinese-apt-groups/
-
TAG-144: Actors Attacking Government Entities With New Tactics, Techniques, and Procedures
The threat actor known as TAG-144, also referred to as Blind Eagle or APT-C-36, has been linked to five distinct activity clusters operating from May 2024 through July 2025, primarily targeting Colombian government entities at local, municipal, and federal levels. This cyber threat group, active since at least 2018, employs a sophisticated blend of cyber-espionage…
-
Google Threat Intelligence Exposes UNC6384’s Stealthy Espionage Campaign
The post Google Threat Intelligence Exposes UNC6384’s Stealthy Espionage Campaign appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/google-threat-intelligence-exposes-unc6384s-stealthy-espionage-campaign/
-
China-Based Threat Actor Mustang Panda’s TTPs Leaked
A significant milestone for cybersecurity experts is the disclosure of specific tactics, methods, and procedures (TTPs) used by Mustang Panda, an advanced persistent threat (APT) group based in China, which has illuminated their intricate activities. First observed in 2017 but potentially active since 2014, Mustang Panda is a state-sponsored actor specializing in cyber espionage, targeting…
-
Chinese UNC6384 Hackers Use Valid Code-Signing Certificates to Evade Detection
Google Threat Intelligence Group (GTIG) has uncovered a multifaceted cyber espionage operation attributed to the PRC-nexus threat actor UNC6384, believed to be associated with TEMP.Hex (also known as Mustang Panda). This campaign, aligned with China’s strategic interests, primarily targeted diplomats in Southeast Asia alongside global entities, employing advanced tactics such as adversary-in-the-middle (AitM) attacks, captive…
-
Pakistan-linked APT36 abuses Linux .desktop files to drop custom malware in new campaign
APT36 uses Linux .desktop files in new attacks on Indian gov & defense, aiming for data theft and persistent espionage access. Transparent Tribe (aka APT36, Operation C-Major, and Mythic Leopard), a Pakistan-linked threat actor, is using Linux .desktop files to load malware in new attacks against government and defense entities in India. The APT group…
-
Linux Under Attack: APT36 Launches New Cyber-Espionage Campaign on Indian Govt
The post Linux Under Attack: APT36 Launches New Cyber-Espionage Campaign on Indian Govt appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/linux-under-attack-apt36-launches-new-cyber-espionage-campaign-on-indian-govt/
-
Cybersecurity Snapshot: Industrial Systems in Crosshairs of Russian Hackers, FBI Warns, as MITRE Updates List of Top Hardware Weaknesses
Tags: access, ai, attack, automation, cisa, cisco, cloud, conference, control, credentials, cve, cyber, cybersecurity, data, data-breach, deep-fake, detection, docker, espionage, exploit, flaw, framework, fraud, google, government, group, guide, hacker, hacking, Hardware, identity, infrastructure, intelligence, Internet, iot, LLM, microsoft, mitigation, mitre, mobile, network, nist, risk, russia, scam, service, side-channel, software, strategy, switch, technology, threat, tool, update, vulnerability, vulnerability-management, windowsCheck out the FBI’s alert on Russia-backed hackers infiltrating critical infrastructure networks via an old Cisco bug. Plus, MITRE dropped a revamped list of the most important critical security flaws. Meanwhile, NIST rolled out a battle plan against face-morphing deepfakes. And get the latest on the CIS Benchmarks and on vulnerability prioritization strategies! Here are…
-
China-nexus hacker Silk Typhoon targeting cloud environments
The state-linked espionage group has exploited zero-day flaws in Commvault and Citrix Netscaler, researchers say. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/china-hacker-silk-typhoon-cloud/758409/
-
China-nexus hacker Silk Typhoon targeting cloud environments
The state-linked espionage group has exploited zero-day flaws in Commvault and Citrix Netscaler, researchers say. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/china-hacker-silk-typhoon-cloud/758409/
-
Chinese Hackers Murky, Genesis, and Glacial Panda Escalate Cloud and Telecom Espionage
Cybersecurity researchers are calling attention to malicious activity orchestrated by a China-nexus cyber espionage group known as Murky Panda that involves abusing trusted relationships in the cloud to breach enterprise networks.”The adversary has also shown considerable ability to quickly weaponize N-day and zero-day vulnerabilities and frequently achieves initial access to their targets by First seen…
-
Malicious PDFs in Play: UAC-0057 Leveraging Invitations to Trigger Shell Script Attacks
The Belarusian-affiliated threat actor UAC-0057, also known as UNC1151, FrostyNeighbor, or Ghostwriter, has been using weaponized archives that contain phony PDFs that are posing as official invitations and documents to target organizations in Poland and Ukraine in a sophisticated cyber espionage campaign. Since April 2025, these operations have utilized compressed archives, such as RAR and…