Tag: espionage
-
Nation-state group CL-STA-0969 targeted Southeast Asian telecoms in 2024
State-backed group CL-STA-0969 hit Southeast Asian telecoms in 2024, targeting critical infrastructure, says Palo Alto Networks’ Unit 42. Palo Alto Networks reported that a nation-state actor, tracked as CL-STA-0969, targeted telecom firms in Southeast Asia, with attacks on critical infrastructure from February to November 2024. Threat actor CL-STA-0969 overlaps with the China-linked cyber espionage group…
-
APT36 Escalates Cyber-Espionage on India: Poseidon Backdoor Targets Railways, Oil Government
The post APT36 Escalates Cyber-Espionage on India: Poseidon Backdoor Targets Railways, Oil Government appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/apt36-escalates-cyber-espionage-on-india-poseidon-backdoor-targets-railways-oil-government/
-
CL0969 Installs Covert Malware in Telecom Networks During 10-Month Espionage Campaign
Telecommunications organizations in Southeast Asia have been targeted by a state-sponsored threat actor known as CL-STA-0969 to facilitate remote control over compromised networks.Palo Alto Networks Unit 42 said it observed multiple incidents in the region, including one aimed at critical telecommunications infrastructure between February and November 2024.The attacks are characterized by the First seen on…
-
ISMG Editors: ToolShell Exploit Blurs Crime and Espionage
Also: Rethinking IT-OT Integration; Previewing Black Hat 2025. In this week’s update, four ISMG editors discussed the latest on the ToolShell exploit and the rise of Warlock ransomware, why IT-OT integration may not be the best answer for industrial security and what to expect next week from ISMG Studio at Black Hat Conference 2025. First…
-
Secret Blizzard Targets Moscow-Based Embassies in New Espionage Campaign
Microsoft has observed Russian state actor Secret Blizzard using an AiTM position to gain initial access, assisted by official domestic intercept systems First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/secret-blizzard-moscow-embassies/
-
SentinelLabs uncovers China’s hidden cyber-espionage arsenal
CSOonline that the most important pieces of new information gleaned from the findings are that “China’s contracting ecosystem forces many companies and individuals to collaborate on intrusions. This means many China-based Advanced Persistent Threats (APTs) may actually contain many different companies with many different clients.”The nation’s diverse private sector offensive ecosystem, he said, “supports a…
-
Secret Blizzard Deploys Malware in ISP-Level AitM Attacks on Moscow Embassies
The Russian nation-state threat actor known as Secret Blizzard has been observed orchestrating a new cyber espionage campaign targeting foreign embassies located in Moscow by means of an adversary-in-the-middle (AitM) attack at the Internet Service Provider (ISP) level and delivering a custom malware dubbed ApolloShadow.”ApolloShadow has the capability to install a trusted root certificate to…
-
Russian hackers use ISP access to hack embassies in AiTM attacks
Microsoft warns that a cyber-espionage group linked to Russia’s Federal Security Service (FSB) is targeting diplomatic missions in Moscow using local internet service providers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-russian-hackers-use-isp-access-to-hack-embassies-in-aitm-attacks/
-
Kremlin monitors foreign embassies in Moscow through cyber-espionage at ISP level
In a warning to foreign embassies in Moscow, Microsoft said a Russian state-backed hacking group known as Secret Blizzard or Turla has been using internet service providers for adversary-in-the-middle (AiTM) attacks. First seen on therecord.media Jump to article: therecord.media/russia-fsb-turla-espionage-foreign-embassies-isp-level
-
Russia-affiliated Secret Blizzard conducting ongoing espionage against embassies in Moscow
A new Microsoft report finds that the long-running threat group has gained positions on state-aligned ISPs and Russian telecoms, while tricking foreign embassy staff to download custom malware. First seen on cyberscoop.com Jump to article: cyberscoop.com/russia-secret-blizzard-espionage-embassies-moscow/
-
North Korean hackers target open-source repositories in new espionage campaign
In its latest operation, Lazarus took advantage of major gaps in the open-source software supply chain, like developers depending on unvetted packages and the lack of oversight for popular tools that are often maintained by just one or two people. First seen on therecord.media Jump to article: therecord.media/north-korean-hackers-targeting-open-source-repositories
-
Espionage costing Australia $8 billion each year, warns intelligence chief
Mike Burgess, who leads the Australian Security Intelligence Organisation, said at the Annual Hawke Lecture at the University of South Australia that he was putting a dollar figure on the economic cost of espionage for the first time to stress the “real, present and costly danger” facing Australia. First seen on therecord.media Jump to article:…
-
Over 200 Malicious Open Source Packages Traced to Lazarus Campaign
North Korea’s Lazarus Group has been blamed for a cyber-espionage campaign using open source packages First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/200-malicious-open-source-lazarus/
-
32% of exploited vulnerabilities are now zero-days or 1-days
Russian and Iranian threat activity rises: The security industry attributes only some of the newly discovered exploits to known attacker groups, and only some of those groups have known countries of origin. As a result, statistics on the origin of attacks are not perfect.During the first half of 2025, 181 of CVEs added to the…
-
Hafnium Tied to Advanced Chinese Surveillance Tools
A SentinelLabs report has revealed patents linked to firms aiding China’s cyber-espionage operations, exposing new capabilities First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/hafnium-chinese-surveillance-tools/
-
Threat Actors Use LNK Files to Deploy RedLoader Malware on Windows Systems
Sophos analysts have identified a novel infection chain employed by the financially motivated cybercriminal group GOLD BLADE, also known as RedCurl, Red Wolf, and Earth Kapre, to deploy their custom RedLoader malware on Windows systems. This group, active since 2018 and specializing in commercial espionage, has been observed using highly targeted phishing emails to infiltrate…
-
Chinese Firms Linked to Silk Typhoon Filed 15+ Patents for Cyber Espionage Tools
Chinese companies linked to the state-sponsored hacking group known as Silk Typhoon (aka Hafnium) have been identified as behind over a dozen technology patents, shedding light on the shadowy cyber contracting ecosystem and its offensive capabilities.The patents cover forensics and intrusion tools that enable encrypted endpoint data collection, Apple device forensics, and remote access to…
-
UNC3886 Exploits Multiple 0-Day Bugs in VMware vCenter, ESXi, and Fortinet FortiOS
The advanced persistent threat group UNC3886 has escalated its sophisticated cyber espionage campaign by exploiting multiple zero-day vulnerabilities across critical infrastructure platforms, including VMware vCenter, ESXi hypervisors, and Fortinet FortiOS systems. This revelation comes as Singapore’s Coordinating Minister for National Security confirmed that the nation faces a highly sophisticated threat actor targeting essential services, with…
-
Inside Laundry Bear: Unveiling Infrastructure, Tactics, and Procedures
Dutch intelligence agencies AIVD and MIVD, alongside Microsoft Threat Intelligence, have identified Laundry Bear also tracked as Void Blizzard as a sophisticated Russian state-sponsored advanced persistent threat (APT) group active since at least April 2024. This actor has focused on espionage operations against NATO countries, Ukraine, and various organizations including the Dutch police, a Ukrainian…
-
Operation CargoTalon targets Russia’s aerospace with EAGLET malware,
Operation CargoTalon targets Russia’s aerospace and defense sectors with EAGLET malware, using TTN documents to exfiltrate data. SEQRITE Labs researchers uncovered a cyber-espionage campaign, dubbed OperationCargoTalon, targeting Russia’s aerospace and defense sectors, specifically Voronezh Aircraft Production Association (VASO), via malicious TTN documents. >>Товарно-транÑÐ¿Ð¾Ñ€Ñ‚Ð½Ð°Ñ Ð½Ð°ÐºÐ»Ð°Ð´Ð½Ð°Ñ>goods and transport invoice>consignment note
-
Cyber Espionage Campaign Hits Russian Aerospace Sector Using EAGLET Backdoor
Russian aerospace and defense industries have become the target of a cyber espionage campaign that delivers a backdoor called EAGLET to facilitate data exfiltration.The activity, dubbed Operation CargoTalon, has been assigned to a threat cluster tracked as UNG0901 (short for Unknown Group 901).”The campaign is aimed at targeting employees of Voronezh Aircraft Production Association (VASO),…
-
Fire Ant Hackers Target VMware ESXi and vCenter Flaws to Infiltrate Organizations
Cybersecurity firm Sygnia has been tracking and mitigating a sophisticated espionage operation dubbed Fire Ant, which zeroes in on virtualization and networking infrastructure, particularly VMware ESXi hypervisors and vCenter management servers, alongside network appliances. The threat actors behind Fire Ant employ multilayered kill chains, blending advanced persistence mechanisms with stealthy techniques to breach segmented networks…
-
Prolonged Chinese Cyber Espionage Campaign Targets VMware Appliances
Sygnia observed Chinese cyber campaign dubbed Fire Ant deploying sophisticated techniques to gain full compromise of victim environments, discovering isolated assets First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-espionage-targets-vmware/
-
Singapore’s cybersecurity paradox: Top firms rated A, yet all breached
Tags: access, attack, china, cybersecurity, espionage, exploit, group, incident response, infrastructure, intelligence, malicious, metric, mfa, network, resilience, risk, router, service, supply-chain, threat, update, vulnerabilitySingapore faces targeted threats: Beyond statistical exposure, Singapore is also facing targeted campaigns against its critical infrastructure. One such operation involves China-linked threat group UNC3886, recently observed exploiting vulnerabilities in Juniper (Junos OS) routers to infiltrate telecom and service provider networks.Gilad Maizles, threat researcher at SecurityScorecard, said, “The campaign appears to be operated through a…
-
Singapore’s cybersecurity paradox: Top firms rated A, yet all breached
Tags: access, attack, china, cybersecurity, espionage, exploit, group, incident response, infrastructure, intelligence, malicious, metric, mfa, network, resilience, risk, router, service, supply-chain, threat, update, vulnerabilitySingapore faces targeted threats: Beyond statistical exposure, Singapore is also facing targeted campaigns against its critical infrastructure. One such operation involves China-linked threat group UNC3886, recently observed exploiting vulnerabilities in Juniper (Junos OS) routers to infiltrate telecom and service provider networks.Gilad Maizles, threat researcher at SecurityScorecard, said, “The campaign appears to be operated through a…
-
US Nuclear Agency Hacked in Microsoft SharePoint Frenzy
Threat actors are piling on the zero-day vulnerabilities in SharePoint, including at least three Chinese nation-state cyber-espionage groups. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/us-nuclear-agency-hacked-microsoft-sharepoint
-
Silicon Valley Engineer Pleads Guilty in U.S. Missile Detection Data Theft Case
A Silicon Valley engineer with dual U.S.-China citizenship pleaded guilty to stealing critical defense technologies worth hundreds of millions of dollars, including classified systems designed to detect nuclear missile launches and track hypersonic weapons. The case highlights growing concerns about economic espionage and technology transfer to foreign adversaries. Engineer Admits to Massive Data Theft Chenguang…
-
China-Backed APT41 Cyberattack Surfaces in Africa
Up to now, the prolific China-sponsored cyber-espionage group has been mostly absent from the region, but a sophisticated and highly targeted attack on an African IT company shows Beijing is branching out. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/china-backed-apt41-attack-africa
-
UK blames Russia’s infamous ‘Fancy Bear’ group for Microsoft cloud hacks
Authentic Antics malware tool to target Microsoft cloud accounts were the handiwork of the notorious Russian Fancy Bear hacking group, the UK’s National Cyber Security Centre (NCSC) has said.Authentic Antics was discovered after a cyberattack in 2023 which prompted an NCSC technical teardown of the malware that it published in May this year. The agency…
-
UNG0002 Deploys Weaponized LNK Files with Cobalt Strike and Metasploit to Target Organizations
Seqrite Labs APT-Team has uncovered a persistent threat entity, UNG0002 (Unknown Group 0002), orchestrating espionage-driven operations across Asian jurisdictions, including China, Hong Kong, and Pakistan. Active since at least May 2024, this South-East Asia-based cluster has demonstrated a high degree of adaptability and technical prowess, targeting critical sectors such as defense, civil aviation, electrotechnical engineering,…