Tag: espionage
-
Malicious PDFs in Play: UAC-0057 Leveraging Invitations to Trigger Shell Script Attacks
The Belarusian-affiliated threat actor UAC-0057, also known as UNC1151, FrostyNeighbor, or Ghostwriter, has been using weaponized archives that contain phony PDFs that are posing as official invitations and documents to target organizations in Poland and Ukraine in a sophisticated cyber espionage campaign. Since April 2025, these operations have utilized compressed archives, such as RAR and…
-
CrowdStrike warns of uptick in Silk Typhoon attacks this summer
The China-affiliated espionage group, which CrowdStrike tracks as Murky Panda, has been linked to more than a dozen incident response cases since late spring. First seen on cyberscoop.com Jump to article: cyberscoop.com/crowdstrike-silk-typhoon-murky-panda-china-espionage/
-
Russian Hackers Hitting Critical Infrastructure, FBI Warns
Tags: cisco, cyberespionage, espionage, exploit, government, group, hacker, infrastructure, intelligence, russia, vulnerabilityState-Sponsored Espionage Group Tied to Exploits of No-Longer-Supported Cisco Gear. Russian intelligence hackers are using obsolete and unpatched equipment made by networking mainstay Cisco Systems to further stealthy and ongoing cyberespionage operations, the U.S. federal government warned Wednesday. Hackers exploit a vulnerability in the Smart Install feature of Cisco devices. First seen on govinfosecurity.com Jump…
-
Russian Espionage Group Static Tundra Targets Legacy Cisco Flaw
Russian state-backed hackers are exploiting a seven-year-old Cisco Smart Install vulnerability (CVE-2018-0171) in end-of-life devices, prompting warnings from the FBI and Cisco Talos First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-espionage-group-targets/
-
Russian hackers exploit old Cisco flaw to target global enterprise networks
Six-year-old vulnerability still wreaking havoc: At the heart of this campaign lies CVE-2018-0171, a critical vulnerability that affected Cisco IOS software’s Smart Install feature and allowed unauthenticated remote attackers to execute arbitrary code or trigger denial-of-service conditions.Despite Cisco patching the flaw in 2018, Static Tundra continued exploiting unpatched devices, particularly those that reached end-of-life status,…
-
Russian Hackers Exploit 7-Year-Old Cisco Flaw to Steal Industrial System Configs
Static Tundra, a Russian state-sponsored threat actor connected to the FSB’s Center 16 unit, has been responsible for a sustained cyber espionage effort, according to information released by Cisco Talos. Operating for over a decade, this group specializes in compromising network devices to facilitate long-term intelligence gathering, with a focus on extracting configuration data from…
-
FBI: Russia-linked group Static Tundra exploit old Cisco flaw for espionage
FBI warns FSB-linked group Static Tundra is exploiting a 7-year-old Cisco IOS/IOS XE flaw to gain persistent access for cyber espionage. The FBI warns that Russia-linked threat actor Static Tundra exploits Simple Network Management Protocol (SNMP) and end-of-life networking devices running an unpatched vulnerability (CVE-2018-0171) in Cisco Smart Install (SMI) to target organizations in the…
-
A Decade of Espionage: How a Russian APT Exploited Cisco Devices (CVE-2018-0171) for Years
The post A Decade of Espionage: How a Russian APT Exploited Cisco Devices (CVE-2018-0171) for Years appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/a-decade-of-espionage-how-a-russian-apt-exploited-cisco-devices-cve-2018-0171-for-years/
-
Hack of North Korean Spy’s Computer Exposes 8.9 GB of Espionage Operations
A North Korean spy’s computer was hacked, leaking phishing logs, stolen South Korean government email platform source code, and links to Chinese hackers. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-north-korea-spy-hack-espionage/
-
Russian state cyber group Static Tundra exploiting Cisco devices, FBI warns
A Russian cyber-espionage group is increasingly targeting unpatched Cisco networking devices through a vulnerability first discovered in 2018, the FBI warned. First seen on therecord.media Jump to article: therecord.media/russia-cisco-fsb-static-tundra
-
FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage
A Russian state-sponsored cyber espionage group known as Static Tundra has been observed actively exploiting a seven-year-old security flaw in Cisco IOS and Cisco IOS XE software as a means to establish persistent access to target networks.Cisco Talos, which disclosed details of the activity, said the attacks single out organizations in telecommunications, higher education and…
-
Russian cyber group exploits seven-year-old network vulnerabilities for long-term espionage
The group, linked to FSB Center 16, has been scanning the internet for end-of-life software, which it has found in droves. First seen on cyberscoop.com Jump to article: cyberscoop.com/russian-static-tundra-hacks-cisco-network-devices-cve-2018-0171/
-
Russian state-sponsored espionage group Static Tundra compromises unpatched end-of-life network devices
A Russian state-sponsored group, Static Tundra, is exploiting an old Cisco IOS vulnerability to compromise unpatched network devices worldwide, targeting key sectors for intelligence gathering. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/static-tundra/
-
Russian state-sponsored espionage group Static Tundra compromises unpatched end-of-life network devices
A Russian state-sponsored group, Static Tundra, is exploiting an old Cisco IOS vulnerability to compromise unpatched network devices worldwide, targeting key sectors for intelligence gathering. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/static-tundra/
-
North Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ Firms
North Korean threat actors have been attributed to a coordinated cyber espionage campaign targeting diplomatic missions in their southern counterpart between March and July 2025.The activity manifested in the form of at least 19 spear-phishing emails that impersonated trusted diplomatic contacts with the goal of luring embassy staff and foreign ministry personnel with convincing meeting…
-
North Korea-linked hackers target embassies in Seoul in new espionage campaign
North Korea-linked hackers were seen targeting more than a dozen embassies in Seoul with phishing emails. First seen on therecord.media Jump to article: therecord.media/north-korean-hackers-target-foreign-embassies
-
North Korean Kimsuky Hackers Use GitHub to Target Foreign Embassies with XenoRAT Malware
Tags: cyber, data-breach, email, espionage, github, group, hacker, malware, north-korea, password, phishing, spear-phishingThe Trellix Advanced Research Center exposed a DPRK-linked espionage operation attributed to the Kimsuky group (APT43), targeting diplomatic missions in South Korea. Between March and July, at least 19 spear-phishing emails impersonated trusted diplomatic contacts, delivering malware via password-protected ZIP archives hosted on Dropbox and Daum. These emails lured embassy staff with credible invitations to…
-
Curly COMrades cyberspies hit govt orgs with custom malware
A new cyber-espionage threat group has been using a new backdoor malware that provides persistent access through a seemingly inactive scheduled task. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/curly-comrades-cyberspies-hit-govt-orgs-with-custom-malware/
-
New ‘Curly COMrades’ APT Using NGEN COM Hijacking in Georgia, Moldova Attacks
A previously undocumented threat actor dubbed Curly COMrades has been observed targeting entities in Georgia and Moldova as part of a cyber espionage campaign designed to facilitate long-term access to target networks.”They repeatedly tried to extract the NTDS database from domain controllers — the primary repository for user password hashes and authentication data in a…
-
North Korean Kimsuky Hackers Suffer Data Breach as Insiders Leak Information Online
A member of North Korea’s notorious Kimsuky espionage group has experienced a significant data breach after insiders leaked hundreds of gigabytes of internal files and tools to the public. The breach, which emerged in early June 2025, exposed the group’s sophisticated backdoors, phishing frameworks, and reconnaissance operations, marking a rare setback for the state-sponsored threat…
-
North Korean Kimsuky Hackers Suffer Data Breach as Insiders Leak Information Online
A member of North Korea’s notorious Kimsuky espionage group has experienced a significant data breach after insiders leaked hundreds of gigabytes of internal files and tools to the public. The breach, which emerged in early June 2025, exposed the group’s sophisticated backdoors, phishing frameworks, and reconnaissance operations, marking a rare setback for the state-sponsored threat…
-
Two groups exploit WinRAR flaws in separate cyber-espionage campaigns
A prominent hacking operation known as RomCom and a lesser-known group tracked as Paper Werewolf or Goffee each exploited a zero-day vulnerability in WinRAR software this summer, researchers said. First seen on therecord.media Jump to article: therecord.media/winrar-zero-day-exploited-romcom-paper-werewolf-goffee-hackers
-
UAC-0099 Tactics, Techniques, Procedures and Attack Methods Revealed
Tags: attack, cyber, defense, email, espionage, government, malicious, military, phishing, powershell, spear-phishing, tactics, threat, ukraineUAC-0099, a persistent threat actor active since at least 2022, has conducted sophisticated cyber-espionage operations against Ukrainian government, military, and defense entities, evolving its toolkit across three major campaigns documented in CERT-UA alerts from June 2023, December 2024, and August 2025. Initially relying on the PowerShell-based LONEPAGE loader delivered via spear-phishing emails with malicious attachments…
-
North Korean cyber-espionage group ScarCruft adds ransomware in recent attack
A North Korean state-linked hacking group known for spying added some “newly observed” ransomware to its kit in a campaign targeting South Koreans, researchers said. First seen on therecord.media Jump to article: therecord.media/scarcruft-north-korea-hackers-add-ransomware
-
Silver Fox APT Blurs the Line Between Espionage & Cybercrime
Silver Fox is the Hannah Montana of Chinese threat actors, effortlessly swapping between petty criminal and nation-state-type attacks. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/silver-fox-apt-espionage-cybercrime
-
Leaked, Patched, and Still Hacked: The SharePoint Zero-Day Crisis
This week we explore the recent Microsoft SharePoint vulnerability that has led to widespread exploitation by ransomware gangs and Chinese State-sponsored hackers. We also cover the confirmed compromise of multiple US agencies, including the Department of Homeland Security, in a large-scale cyber espionage campaign. Kevin Johnson joins to discuss the implications of these events, the……
-
Leaked, Patched, and Still Hacked: The SharePoint Zero-Day Crisis
This week we explore the recent Microsoft SharePoint vulnerability that has led to widespread exploitation by ransomware gangs and Chinese State-sponsored hackers. We also cover the confirmed compromise of multiple US agencies, including the Department of Homeland Security, in a large-scale cyber espionage campaign. Kevin Johnson joins to discuss the implications of these events, the……