Tag: espionage
-
Stock Exchange Executive’s Outlook Targeted in Credential Theft Attack
A prolonged and highly targeted espionage campaign has been uncovered involving the compromise of a senior executive’s Microsoft Outlook account at a major global stock exchange, highlighting the strategic value of executive-level email access in modern cyber operations. The activity, which persisted for approximately five months between October 2025 and March 2026, demonstrates a disciplined…
-
Hackers Spied on a Stock Exchange Executive’s Outlook Mailbox for Five Months
Unknown attackers spent at least five months inside the Outlook mailbox of a senior executive at a major global stock exchange, copying the inbox out in small, repeated batches and routing it through Dropbox and OneDrive so the traffic blended into normal cloud activity.Symantec and Carbon Black’s Threat Hunter Team reported the campaign this week.…
-
Tropical Blend: Cyber & Politics Ramp Up Across Latin America
China-linked espionage groups have attacked at least a dozen nations in the region, gathering information on maritime shipping, oil production, and other geopolitical interests. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/nation-state-cyber-activity-latin-america
-
Cyber espionage campaign targeted stock exchange executive’s Outlook account
Attackers spent five months silently stealing emails from a stock exchange executive’s Outlook account in a suspected espionage operation. A threat actor quietly sat inside a senior executive’s Outlook account at a major global stock exchange for roughly 150 days, from October 2025 to March 2026. Broadcom’s Symantec and Carbon Black threat-hunting team investigated the…
-
HazyBeacon Campaign Abuses AWS for Stealthy C2 Communications
Tags: attack, cloud, communications, control, cyber, espionage, government, network, service, threatA newly documented cyber espionage operation known as HazyBeacon, tracked as CL-STA-1020, is leveraging Amazon Web Services (AWS) to build stealthy command-and-control (C2) channels that are difficult for defenders to detect. The campaign primarily targets government networks in Southeast Asia and represents a growing shift toward cloud-native attack infrastructure. This misconfiguration enables threat actors to…
-
Foreign Spyware Found on Phones of Top Russian Officials
Russian authorities have disclosed a suspected large-scale cyber espionage operation targeting the mobile devices of senior government officials, raising fresh concerns over advanced spyware campaigns and mobile surveillance threats. The Federal Security Service (FSB) announced on Tuesday that it had identified and disrupted an alleged effort by foreign intelligence agencies to deploy malicious software on…
-
Twill Typhoon RAT Campaign Uses DLL Side Loading to Target APJ Networks
A stealthy cyber espionage operation is actively targeting organizations across the Asia-Pacific region. Specifically, security researchers recently uncovered First seen on securityonline.info Jump to article: securityonline.info/twill-typhoon-rat-campaign-dll-side-loading/
-
China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & Taiwan
Tags: attack, china, cyber, email, espionage, finance, government, group, phishing, service, spear-phishing, technologyA new cyber espionage campaign codenamed Operation Dragon Weave has been observed targeting officials and citizens in the Czech Republic and Taiwan to deliver an AdaptixC2 agent.According to Seqrite Labs, targets of the campaign include government, research, academic, technology, and financial services sectors. The activity entails distributing spear-phishing emails containing ZIP attachments First seen on…
-
China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & Taiwan
Tags: attack, china, cyber, email, espionage, finance, government, group, phishing, service, spear-phishing, technologyA new cyber espionage campaign codenamed Operation Dragon Weave has been observed targeting officials and citizens in the Czech Republic and Taiwan to deliver an AdaptixC2 agent.According to Seqrite Labs, targets of the campaign include government, research, academic, technology, and financial services sectors. The activity entails distributing spear-phishing emails containing ZIP attachments First seen on…
-
China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & Taiwan
Tags: attack, china, cyber, email, espionage, finance, government, group, phishing, service, spear-phishing, technologyA new cyber espionage campaign codenamed Operation Dragon Weave has been observed targeting officials and citizens in the Czech Republic and Taiwan to deliver an AdaptixC2 agent.According to Seqrite Labs, targets of the campaign include government, research, academic, technology, and financial services sectors. The activity entails distributing spear-phishing emails containing ZIP attachments First seen on…
-
China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & Taiwan
Tags: attack, china, cyber, email, espionage, finance, government, group, phishing, service, spear-phishing, technologyA new cyber espionage campaign codenamed Operation Dragon Weave has been observed targeting officials and citizens in the Czech Republic and Taiwan to deliver an AdaptixC2 agent.According to Seqrite Labs, targets of the campaign include government, research, academic, technology, and financial services sectors. The activity entails distributing spear-phishing emails containing ZIP attachments First seen on…
-
Advanced China-Nexus Group Strikes Southeast Asian Networks
A sophisticated cyber espionage campaign is currently striking enterprise operations across Southeast Asia. Specifically, a China-nexus group has First seen on securityonline.info Jump to article: securityonline.info/custom-linux-router-implant-malware/
-
Advanced China-Nexus Group Strikes Southeast Asian Networks
A sophisticated cyber espionage campaign is currently striking enterprise operations across Southeast Asia. Specifically, a China-nexus group has First seen on securityonline.info Jump to article: securityonline.info/custom-linux-router-implant-malware/
-
Advanced China-Nexus Group Strikes Southeast Asian Networks
A sophisticated cyber espionage campaign is currently striking enterprise operations across Southeast Asia. Specifically, a China-nexus group has First seen on securityonline.info Jump to article: securityonline.info/custom-linux-router-implant-malware/
-
MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries
The Iranian hacking group known as MuddyWater has been linked to a new campaign affecting at least nine organizations across nine countries on four continents in the first quarter of 2026.The activity targeted industrial and electronics manufacturing, education and public-sector bodies, financial services, and professional services, per the Threat Hunter Team from Symantec and Carbon…
-
China-Linked Hackers Hit SEA Edge Routers With Custom Linux Implant
China-linked hackers are conducting a stealthy infrastructure-centric espionage campaign across Southeast Asia by compromising Linux-based edge routers with a custom ELF implant and pairing it with a cracked Cobalt Strike Beacon on Windows systems for unified command-and-control over entire networks. The operation enables full visibility into, and manipulation of, downstream traffic while largely bypassing traditional…
-
AI Threat Landscape Digest March-April 2026
xecutive Summary During the MarchApril 2026 reporting period, AI use in offensive operations advanced from development and planning to real-time operational deployment. Multiple independent cases, involving individual criminal actors, mass exploitation platforms, ransomware groups, and state-sponsored espionage, show evidence of commercial AI models executing autonomous attack workflows across extended campaigns. Key findings: AI as Live…
-
APT Group Patches termsrv.dll to Enable Multiple RDP Sessions
A sustained cyber espionage campaign attributed to the Cloud Atlas advanced persistent threat (APT) group has introduced a stealthy technique that modifies the Windows termsrv.dll library to enable multiple Remote Desktop Protocol (RDP) sessions on compromised systems. Observed throughout 2025 and continuing into 2026, the activity primarily targets government and commercial entities in Russia and…
-
Kazuar Malware Becomes Modular Spyware for Secret Blizzard Ops
A major evolution in the Kazuar malware family, a long-standing cyber espionage tool linked to the Russian state-sponsored threat group Secret Blizzard, also known as Turla and Venomous Bear. Kazuar historically supported espionage campaigns targeting government, diplomatic, and defense sectors. Its latest iteration introduces a modular architecture composed of three key components: Kernel, Bridge, and…
-
MiniUpdate RAT Abuses Azure C2 for Targeted Espionage
A sophisticated espionage campaign by the Iran-nexus advanced persistent threat group known as Screening Serpens also tracked as UNC1549 and Smoke Sandstorm deploying a newly identified remote access Trojan (RAT) family called MiniUpdate against targets in the United States, Israel, and the United Arab Emirates. Screening Serpens has been active since at least 2022, but…
-
New Telecom Espionage Campaign Tied to China
Researchers Trace Linux and Windows Toolsets to Suspected PRC Espionage Activity. Newly discovered malware tied to China-linked actors breached telecom providers across Asia and the Middle East, highlighting growing efforts to gain persistent access into interconnected communications infrastructure. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/new-telecom-espionage-campaign-tied-to-china-a-31763
-
Belarus-linked hackers use fake training certificates to target Ukrainian officials
A Belarus-linked hacking group known as GhostWriter has launched a new espionage campaign against Ukrainian government officials using fake emails disguised as messages from a popular online learning platform to deliver malware. First seen on therecord.media Jump to article: therecord.media/oysterfresh-belarus-linked-campaign-targets-ukraine
-
Chinese hackers target telcos with new Linux, Windows malware
A Chinese cyber-espionage campaign has been targeting telecommunications providers with newly discovered Linux and Windows malware dubbed Showboat and JFMBackdoor, respectively. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-hackers-target-telcos-with-new-linux-windows-malware/
-
GraphWorm Malware Abuses Microsoft OneDrive for Stealthy C2 Operations
A new activity from Webworm, a China-aligned advanced persistent threat (APT) group, revealing a significant evolution in its cyber espionage toolkit during 2025. The group, first publicly documented in 2022, has shifted its targeting from primarily Asian organizations to government entities across Europe, while adopting stealthier techniques and cloud-based command-and-control (C2) infrastructure. One of the…
-
GraphWorm Malware Abuses Microsoft OneDrive for Stealthy C2 Operations
A new activity from Webworm, a China-aligned advanced persistent threat (APT) group, revealing a significant evolution in its cyber espionage toolkit during 2025. The group, first publicly documented in 2022, has shifted its targeting from primarily Asian organizations to government entities across Europe, while adopting stealthier techniques and cloud-based command-and-control (C2) infrastructure. One of the…
-
China-Linked Webworm APT Evolves Tactics, Expands to European Targets
China-linked Webworm APT expands beyond Asia, targeting European government organizations and refining its cyber espionage tactics, according to ESET research First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/webworm-apt-evolves-tactics/
-
US Telecom Giants Launch Private ISAC to Counter AI-Powered Cyberattacks
The U.S. telecom sector is strengthening its cybersecurity coordination efforts with the launch of a new private ISAC designed to help major communications companies respond more effectively to AI-powered cyberattacks, state-backed espionage campaigns, and emerging threats targeting national communications infrastructure. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/private-isac-telecom-sector/
-
US Telecom Giants Launch Private ISAC to Counter AI-Powered Cyberattacks
The U.S. telecom sector is strengthening its cybersecurity coordination efforts with the launch of a new private ISAC designed to help major communications companies respond more effectively to AI-powered cyberattacks, state-backed espionage campaigns, and emerging threats targeting national communications infrastructure. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/private-isac-telecom-sector/
-
US Telecom Giants Launch Private ISAC to Counter AI-Powered Cyberattacks
The U.S. telecom sector is strengthening its cybersecurity coordination efforts with the launch of a new private ISAC designed to help major communications companies respond more effectively to AI-powered cyberattacks, state-backed espionage campaigns, and emerging threats targeting national communications infrastructure. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/private-isac-telecom-sector/
-
Government Backed Hackers Abuse Cloudflare in Malaysian Espionage Campaign
Government Backed Hackers abused Cloudflare storage services in a Malaysian espionage campaign involving hidden C2 systems and data exfiltration. First seen on hackread.com Jump to article: hackread.com/government-backed-hackers-cloudflare-malaysia-espionage/