Tag: espionage
-
TA406 Cyber Campaign: North Korea’s Focus on Ukraine Intelligence
In a recently disclosed campaign, TA406, a North Korean state-aligned threat actor, has expanded its cyber-espionage efforts by First seen on securityonline.info Jump to article: securityonline.info/ta406-cyber-campaign-north-koreas-focus-on-ukraine-intelligence/
-
Earth Ammit Strikes Drone Supply Chains: VENOM and TIDRONE Campaigns Expose East Asia’s Critical Infrastructure
rend Micro researchers have uncovered the full extent of an elaborate, multi-phase cyber-espionage operation attributed to Earth Ammit, First seen on securityonline.info Jump to article: securityonline.info/earth-ammit-strikes-drone-supply-chains-venom-and-tidrone-campaigns-expose-east-asias-critical-infrastructure/
-
Swan Vector Espionage Targets Japan Taiwan with Advanced Malware
The Seqrite Labs APT-Team has uncovered a complex cyber-espionage operation dubbed Swan Vector, targeting educational institutions and the First seen on securityonline.info Jump to article: securityonline.info/swan-vector-espionage-targets-japan-taiwan-with-advanced-malware/
-
South Korean researchers uncover another cyber-espionage campaign from the North
A group tracked as APT37 or ScarCruft is once again phishing South Korean organizations with national security interests, according to analysts at cybersecurity firm Genians. First seen on therecord.media Jump to article: therecord.media/apt37-scarcruft-cyber-espionage-campaign-south-korea
-
China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures
Tags: access, api, apt, attack, authentication, backdoor, backup, breach, business, china, cloud, control, cve, cyber, data, data-breach, detection, dns, encryption, endpoint, espionage, exploit, finance, firewall, fortinet, google, government, group, infection, infrastructure, intelligence, Internet, ivanti, linux, malicious, malware, mandiant, military, network, open-source, programming, rat, remote-code-execution, reverse-engineering, risk, rust, sap, service, strategy, tactics, threat, tool, update, vmware, vpn, vulnerability, windows, zero-dayExecutive Summary EclecticIQ analysts assess with high confidence that, in April 2025, China-nexus nation-state APTs (advanced persistent threat) launched high-temp exploitation campaigns against critical infrastructure networks by targeting SAP NetWeaver Visual Composer. Actors leveraged CVE-2025-31324 [1], an unauthenticated file upload vulnerability that enables remote code execution (RCE). This assessment is based on a publicly…
-
DPRK-Backed TA406 Targets Ukraine With Malware Campaigns
Cyber espionage campaign linked to North Korean actor TA406 targeted Ukrainian government entities First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/dprk-backed-ta406-targets-ukraine/
-
North Korean hackers target Ukrainian government in new espionage campaign
The latest wave of activity in Ukraine suggests that Pyongyang is seeking to “better understand the appetite to continue fighting against the Russian invasion” and “the medium-term outlook of the conflict,” according to the latest report by cybersecurity firm Proofpoint. First seen on therecord.media Jump to article: therecord.media/north-korea-hackers-target-ukraine-to-understand-russian-war-efforts
-
Attackers Leverage Unpatched Output”¯Messenger 0″‘Day to Deliver Malicious Payloads
A Türkiye-affiliated espionage threat actor, tracked by Microsoft Threat Intelligence as Marbled Dust (also known as Sea Turtle and UNC1326), has been exploiting a zero-day vulnerability in Output Messenger, a popular multiplatform chat software. Identified as CVE-2025-27920, this directory traversal flaw in the Output Messenger Server Manager application allows authenticated attackers to upload malicious files…
-
Deepfake attacks are inevitable. CISOs can’t prepare soon enough.
Tags: advisory, ai, attack, authentication, awareness, blockchain, business, ciso, compliance, control, cybersecurity, data, deep-fake, defense, detection, espionage, finance, fraud, governance, grc, identity, incident response, jobs, law, mfa, north-korea, password, privacy, resilience, risk, scam, software, strategy, tactics, technology, threat, tool, training, updateReal-world fabrications: Even security vendors have been victimized. Last year, the governance risk and compliance (GRC) lead at cybersecurity company Exabeam was hiring for an analyst, and human resources (HR) qualified a candidate that looked very good on paper with a few minor concerns, says Kevin Kirkwood, CISO.”There were gaps in how the education represented…
-
Output Messenger flaw exploited as zero-day in espionage attacks
A Türkiye-backed cyberespionage group exploited a zero-day vulnerability to attack Output Messenger users linked to the Kurdish military in Iraq. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/output-messenger-flaw-exploited-as-zero-day-in-espionage-attacks/
-
Türkiye-Linked Hackers Exploit Output Messenger Zero-Day (CVE-2025-27920) in Espionage Campaign
Microsoft Threat Intelligence has linked a regional cyber-espionage campaign exploiting a zero-day vulnerability in Output Messenger to the First seen on securityonline.info Jump to article: securityonline.info/turkiye-linked-hackers-exploit-output-messenger-zero-day-cve-2025-27920-in-espionage-campaign/
-
Hacktivist Attacks on India Overstated Amid APT36 Espionage Threat
Hacktivist claims on Indian infrastructure raised alarms, but investigations showed minimal damage First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/hacktivist-attacks-india/
-
Russian FSB Hackers Deploy New Lostkeys Malware
Malware Targets Western Officials, NGOs and Journalists. Russian cyber espionage hackers are using a new malware strain dubbed Lostkeys in a targeted espionage campaign aimed at Western officials, NGOs and journalists. Google researchers attribute Lostkeys to the threat group Coldriver, an operational unit within the Federal Security Service. First seen on govinfosecurity.com Jump to article:…
-
Russia-linked ColdRiver used LostKeys malware in recent attacks
Tags: apt, attack, cyberespionage, espionage, google, government, group, intelligence, malware, russia, threatSince early 2025, Russia-linked ColdRiver has used LostKeys malware to steal files in espionage attacks on Western governments and organizations. Google’s Threat Intelligence Group discovered LOSTKEYS, a new malware used by Russia-linked APT COLDRIVER, in recent attacks to steal files and gather system info. TheColdRiverAPT (aka “Seaborgium”, “Callisto”, “Star Blizzard”,”TA446″) is a Russian cyberespionage group…
-
Google links new LostKeys data theft malware to Russian cyberspies
Since the start of the year, the Russian state-backed ColdRiver hacking group has been using new LostKeys malware to steal files in espionage attacks targeting Western governments, journalists, think tanks, and non-governmental organizations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-links-new-lostkeys-data-theft-malware-to-russian-cyberspies/
-
Russian state-linked Coldriver spies add new malware to operation
A Russian cyber-espionage group tracked as Coldriver by Google researchers has updated its malware toolset. First seen on therecord.media Jump to article: therecord.media/coldriver-russia-cyber-espionage-lostkeys-malware
-
MirrorFace Targets Japan and Taiwan with ROAMINGMOUSE and Upgraded ANEL Malware
The nation-state threat actor known as MirrorFace has been observed deploying malware dubbed ROAMINGMOUSE as part of a cyber espionage campaign directed against government agencies and public institutions in Japan and Taiwan.The activity, detected by Trend Micro in March 2025, involved the use of spear-phishing lures to deliver an updated version of a backdoor called…
-
Google Uncovers LOSTKEYS Malware Used by Russian COLDRIVER for Cyber Espionage
In a concerning escalation of cyber-espionage activity, Google’s Threat Intelligence Group (GTIG) has revealed the emergence of a First seen on securityonline.info Jump to article: securityonline.info/google-uncovers-lostkeys-malware-used-by-russian-coldriver-for-cyber-espionage/
-
Iranian Cyber Espionage Uses Fake Modeling Agency for Targeted Attacks
Recently, researchers at Palo Alto Networks’ Unit 42 have uncovered a covert Iranian cyber-espionage campaign that employed a First seen on securityonline.info Jump to article: securityonline.info/iranian-cyber-espionage-uses-fake-modeling-agency-for-targeted-attacks/
-
Stealth Is the Strategy: Rethinking Infrastructure Defense
Tags: access, ai, attack, breach, cisco, cloud, cybersecurity, data, defense, edr, endpoint, espionage, exploit, finance, firewall, gartner, google, group, infrastructure, injection, ivanti, malicious, monitoring, network, resilience, risk, strategy, technology, threat, tool, vpn, vulnerability, zero-day, zero-trust -
Chinese Group TheWizards Exploits IPv6 to Drop WizardNet Backdoor
ESET has discovered Spellbinder, a new tool used by the China-linked cyber espionage group TheWizards to conduct AitM… First seen on hackread.com Jump to article: hackread.com/chinese-thewizards-exploits-ipv6-wizardnet-backdoor/
-
RomCom RAT Targets UK Organizations Through Compromised Customer Feedback Portals
The Russian-based threat group RomCom, also known as Storm-0978, Tropical Scorpius, and Void Rabisu, has been targeting UK companies in the retail, hospitality, and critical national infrastructure (CNI) sectors in a recently discovered cyber espionage and profit-driven operation called >>Operation Deceptive Prospect.
-
Hackers Use Pahalgam Attack-Themed Decoys to Target Indian Government Officials
The Seqrite Labs APT team has uncovered a sophisticated cyber campaign by the Pakistan-linked Transparent Tribe (APT36) targeting Indian Government and Defense personnel. This operation, centered around the recent Pahalgam terror attack on April 22, 2025, leverages emotionally charged themes to distribute phishing documents and deploy malicious payloads. Exploiting Geopolitical Tensions for Cyber Espionage The…
-
Threat Actors Target Critical National Infrastructure with New Malware and Tools
A recent investigation by the FortiGuard Incident Response (FGIR) team has uncovered a sophisticated, long-term cyber intrusion targeting critical national infrastructure (CNI) in the Middle East, attributed to an Iranian state-sponsored threat group. Spanning from at least May 2023 to February 2025, with evidence of compromise dating back to May 2021, this espionage-driven campaign employed…
-
Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware
An Iranian state-sponsored threat group has been attributed to a long-term cyber intrusion aimed at a critical national infrastructure (CNI) in the Middle East that lasted nearly two years.The activity, which lasted from at least May 2023 to February 2025, entailed “extensive espionage operations and suspected network prepositioning a tactic often used to maintain persistent…
-
Nebulous Mantis hackers have Deployed the RomCom RAT globally, Targeting organizations.
Nebulous Mantis, also known as Cuba, STORM-0978, Tropical Scorpius, and UNC2596, is a Russian-speaking cyber espionage group that has been actively deploying the RomCom remote access trojan (RAT) in targeted campaigns since mid-2019. The group primarily focuses on critical infrastructure, government agencies, political leaders, and organizations related to NATO. Their operations are characterized by the…
-
APT28 Cyber Espionage Campaign Targets French Institutions Since 2021
The French National Cybersecurity Agency (ANSSI) has released a detailed report exposing a sustained and strategic cyber-espionage campaign First seen on securityonline.info Jump to article: securityonline.info/apt28-cyber-espionage-campaign-targets-french-institutions-since-2021/
-
Earth Kasha Refines Spear-Phishing Tactics in Espionage Campaign Targeting Taiwan and Japan
In a renewed cyber-espionage campaign observed in March 2025, the notorious APT group Earth Kasha, believed to operate First seen on securityonline.info Jump to article: securityonline.info/earth-kasha-refines-spear-phishing-tactics-in-espionage-campaign-targeting-taiwan-and-japan/