Tag: espionage
-
Stealthy Attacks: Silent Werewolf Deploys Custom Loaders in Espionage Operations
BI.ZONE Threat Intelligence has uncovered two new malicious campaigns attributed to the threat actor Silent Werewolf, once again First seen on securityonline.info Jump to article: securityonline.info/stealthy-attacks-silent-werewolf-deploys-custom-loaders-in-espionage-operations/
-
New Cyber Threat: UTG015 Exploits 0-Days for Espionage in Asia
In a threat intelligence report, the Qi’anxin Threat Intelligence Center has exposed a series of highly targeted attacks First seen on securityonline.info Jump to article: securityonline.info/new-cyber-threat-utg-q-015-exploits-0-days-for-espionage-in-asia/
-
Russian hackers Void Blizzard step up espionage campaign
First seen on scworld.com Jump to article: www.scworld.com/news/russian-hackers-void-blizzard-step-up-espionage-campaign
-
Czech Government Attributes Foreign Ministry Hack to China
APT31 Compromised the Czech Foreign Affairs Ministry in 2022. The Czech government on Wednesday said Chinese state hackers stole sensitive declassified information from the republic’s foreign ministry as part of a years-long espionage campaign. Czech Ministry of Foreign Affairs attributed the hack to a Chinese nation-state group tracked as APT31. First seen on govinfosecurity.com Jump…
-
Czech Republic accuses China’s APT31 of a cyberattack on its Foreign Ministry
The Czech government condemned China after linking cyber espionage group APT31 to a cyberattack on its critical infrastructure. The Czech government strongly condemned China after the cyber espionage group APT31 was linked to a cyberattack targeting the nation’s critical infrastructure. The Czech government condemned China after APT31 hackers infiltrated a ministry’s unclassified system in 2022…
-
Russian APT28 Hackers Attacking NATO-aligned Organizations to Steal Sensitive Data
Russia’s GRU-backed APT28, widely known as Fancy Bear, has intensified its cyber espionage campaign against NATO-aligned organizations. Active since at least 2007, this notorious threat actor has been attributed to a series of sophisticated attacks targeting critical infrastructure, government entities, and logistics firms across the United States, United Kingdom, Germany, Canada, Poland, Ukraine, and other…
-
Chinese spies blamed for attempted hack on Czech government network
Czech authorities said they assessed with “a high degree of certainty” that a Chinese cyber-espionage group known as APT31, Judgment Panda, Bronze Vinewood or RedBravo tried to hack into a government network. First seen on therecord.media Jump to article: therecord.media/czechia-accuses-china-cyber-espionage-apt31
-
NATO Countries Targeted By New Russian Espionage Group
‘Laundry Bear’ Has Been Active Since 2024. Dutch intelligence agencies and Microsoft say a novel Russian state intelligence hacking group is likely buying stolen credentials from criminal marketplaces to gain entry to North American and European networks. It has a specific interest in European Union and NATO member states. First seen on govinfosecurity.com Jump to…
-
Microsoft, Dutch security agencies lift veil on Laundry Bear cyber espionage group
The Dutch intelligence and security services have identified a new Russia-affiliated threat group that has been breaching government organizations and commercial entities in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/27/microsoft-dutch-security-agencies-lift-veil-on-laundry-bear-void-blizzard-cyber-espionage-group/
-
Russian Hackers Breach 20+ NGOs Using Evilginx Phishing via Fake Microsoft Entra Pages
Microsoft has shed light on a previously undocumented cluster of threat activity originating from a Russia-affiliated threat actor dubbed Void Blizzard (aka Laundry Bear) that it said is attributed to “worldwide cloud abuse.”Active since at least April 2024, the hacking group is linked to espionage operations mainly targeting organizations that are important to Russian government…
-
TA-ShadowCricket: Sophisticated Hacker Group Targeting Government and Enterprise Networks
A decade-long cyber espionage campaign orchestrated by the advanced persistent threat (APT) group TA-ShadowCricket has been exposed through a joint investigation by South Korea’s AhnLab and the National Cyber Security Center (NCSC). The group, previously identified as Shadow Force, has systematically compromised over 2,000 systems across 72 countries since 2012, with primary targets in government…
-
Russian-Aligned TAG-110 Targets Tajikistan Governments with Stealthy Cyber-Espionage
Recorded Future’s Insikt Group has uncovered a new cyber-espionage campaign by Russia-aligned threat actor TAG-110 targeting public sector First seen on securityonline.info Jump to article: securityonline.info/russian-aligned-tag-110-targets-tajikistan-governments-with-stealthy-cyber-espionage/
-
Operation Endgame 2.0: DanaBusted
Tags: access, attack, backup, banking, breach, business, cloud, communications, control, crypto, cybercrime, data, defense, detection, email, espionage, firewall, fraud, government, group, Hardware, infection, intelligence, international, law, malicious, malware, middle-east, network, programming, ransomware, russia, service, supply-chain, switch, threat, tool, ukraine, update, windowsIntroductionOn May 22, 2025, international law enforcement agencies released information about additional actions that were taken in conjunction with Operation Endgame, an ongoing, coordinated effort to dismantle and prosecute cybercriminal organizations, including those behind DanaBot. This action mirrors the original Operation Endgame, launched in May 2024, which disrupted SmokeLoader, IcedID, SystemBC, Pikabot, and Bumblebee. Zscaler…
-
Russia-aligned hackers target Tajikistan in new espionage campaign
The hackers used phishing emails containing government-themed lure documents to gain access to targeted systems. First seen on therecord.media Jump to article: therecord.media/russia-hackers-target-tajikistan-espionage
-
Western Logistics and Tech Firms Targeted by Russia’s APT28
NSA, NCSC and allies warn Western tech and logistics firms of Russian APT28 cyber-espionage threat First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/western-logistics-tech-firms/
-
A house full of open windows: Why telecoms may never purge their networks of Salt Typhoon
Experts tell CyberScoop that the U.S. telecom system is just too technologically fragmented to gather a clear picture of threats, and too big to ever fully eject all espionage efforts. First seen on cyberscoop.com Jump to article: cyberscoop.com/salt-typhoon-chinese-hackers-us-telecom-breach/
-
Researchers warn of China-backed espionage campaign targeting laid-off US workers
A report by FDD says an elaborate online recruiting effort is using LinkedIn and fake online companies to gather sensitive intelligence. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/china-espionage-campaign-laid-off-workers/748607/
-
Dutch government passes law to criminalize cyber-espionage
The Netherlands has updated its digital security laws to criminalize cyber-espionage and increase penalties for computer-related offenses. First seen on therecord.media Jump to article: therecord.media/netherlands-law-criminalizes-cyber-espionage
-
‘Operation RoundPress’ Targets Ukraine in XSS Webmail Attacks
A cyber-espionage campaign is targeting Ukrainian government entities with a series of sophisticated spear-phishing attacks that exploit XSS vulnerabilities. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/operation-roundpress-ukraine-xss-webmail-attacks
-
Chinese APT Hackers Target Organizations Using Korplug Loaders and Malicious USB Drives
Advanced persistent threat (APT) groups with ties to China have become persistent players in the cyber espionage landscape, with a special emphasis on European governmental and industrial entities, according to a thorough disclosure from ESET’s APT Activity Report for Q4 2024 to Q1 2025. The report, covering activities from October 2024 to March 2025, highlights…
-
Russia-Linked SpyPress Malware Exploits Webmails to Spy on Ukraine
ESET reports on RoundPress, a cyber espionage campaign by Russia’s Fancy Bear (Sednit) targeting Ukraine-related organizations via webmail… First seen on hackread.com Jump to article: hackread.com/russia-spypress-malware-exploits-webmails-spy-ukraine/
-
FBI warns senior US officials are being impersonated using texts, AI-based voice cloning
Hackers are increasingly using vishing and smishing for state-backed espionage campaigns and major ransomware attacks. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/fbi-us-officials-impersonated-text-ai-voice/748334/
-
Russian Espionage Operation Targets Organizations Linked to Ukraine War
In Operation RoundPress, the compromise vector is a spearphishing email leveraging an XSS vulnerability to inject malicious JavaScript code into the victim’s webmail page First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fancy-bear-russia-cyber-espionage/
-
Inside North Korea’s Cyber Mafia: How Hidden IT Workers Fuel Global Espionage and Crypto Theft
A recent report by DTEX sheds light on the sophisticated and complex cyber operations of the Democratic People’s First seen on securityonline.info Jump to article: securityonline.info/inside-north-koreas-cyber-mafia-how-hidden-it-workers-fuel-global-espionage-and-crypto-theft/
-
Inside Turla’s Uroboros Infrastructure and Tactics Revealed
In a nation-state cyber espionage, a recent static analysis of the Uroboros rootkit, attributed to the infamous APT group Turla, uncovers a chilling display of sophistication and mastery over Windows kernel internals. With the sample identified by the MD5 hash ed785bbd156b61553aaf78b6f71fb37b, this malware-first linked to Turla around 2014-2015-stands as a testament to the group’s elite…
-
Stealth RAT uses a PowerShell loader for fileless attacks
Threat actors have been spotted using a PowerShell-based shellcode loader to stealthily deploy Remcos RAT, a popular espionage-ready tool in line with a broader shift toward fileless techniques.As discovered by Qualys, the campaign executes a number of steps to phish an obfuscated .HTA (HTML Application) file that runs layered PowerShell scripts entirely in memory.”The attackers…
-
Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers
A Russia-linked threat actor has been attributed to a cyber espionage operation targeting webmail servers such as Roundcube, Horde, MDaemon, and Zimbra via cross-site scripting (XSS) vulnerabilities, including a then-zero-day in MDaemon, according to new findings from ESET.The activity, which commenced in 2023, has been codenamed Operation RoundPress by the Slovak cybersecurity company. It has…
-
Earth Ammit Breached Drone Supply Chains via ERP in VENOM, TIDRONE Campaigns
Tags: cyber, espionage, group, healthcare, korea, military, service, software, supply-chain, technologyA cyber espionage group known as Earth Ammit has been linked to two related but distinct campaigns from 2023 to 2024 targeting various entities in Taiwan and South Korea, including military, satellite, heavy industry, media, technology, software services, and healthcare sectors.Cybersecurity firm Trend Micro said the first wave, codenamed VENOM, mainly targeted software service providers,…
-
Chinese Hackers Exploit SAP NetWeaver Zero-Day Vulnerability to Target Critical Infrastructure
Tags: china, cve, cyber, espionage, exploit, flaw, hacker, infrastructure, remote-code-execution, sap, threat, vulnerability, zero-dayEclecticIQ analysts have uncovered a sophisticated cyber-espionage campaign orchestrated by China-nexus nation-state Advanced Persistent Threats (APTs) targeting critical infrastructure worldwide. In April 2025, these threat actors launched a high-tempo exploitation campaign against SAP NetWeaver Visual Composer, exploiting a zero-day vulnerability identified as CVE-2025-31324. This unauthenticated file upload flaw allows remote code execution (RCE), providing attackers…