Tag: espionage
-
China alleges US cyber espionage during the Asian Winter Games, names 3 NSA agents
Tags: attack, breach, china, cloud, cyber, cyberattack, espionage, exploit, government, hacker, infrastructure, injection, intelligence, international, service, sql, vulnerabilityA deliberate and coordinated campaign: The NCVERC report revealed that between January 26 and February 14, 2025, the Games’ information systems were struck by 270,167 attacks from abroad, with activity peaking on February 8, the day after the event’s formal opening. Of these, 170,864 attacks (63.24%) originated from US-based IP addresses.The cyber onslaught primarily targeted…
-
EU gives staff ‘burner phones, laptops’ for US visits
That would put America on the same level as China for espionage First seen on theregister.com Jump to article: www.theregister.com/2025/04/15/ec_burner_devices/
-
China-Nexus APT Exploits Ivanti Connect Secure VPN in Global Cyber Espionage Campaign
A recent report by TeamT5 has uncovered a widespread cyber espionage campaign targeting Ivanti Connect Secure VPN appliances. First seen on securityonline.info Jump to article: securityonline.info/china-nexus-apt-exploits-ivanti-connect-secure-vpn-in-global-cyber-espionage-campaign/
-
Chinese APTs Exploit EDR ‘Visibility Gap’ for Cyber Espionage
Blind spots in network visibility, including in firewalls, IoT devices, and the cloud, are being exploited by Chinese state-backed threat actors with increasing success, according to new threat intelligence. Here’s how experts say you can get eyes on it all. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/chinese-apt-exploit-edr-visibility-gap-cyber-espionage
-
BPFDoor Malware Uses Reverse Shell to Expand Control Over Compromised Networks
A new wave of cyber espionage attacks has brought BPFDoor malware into the spotlight as a stealthy and dangerous tool for compromising networks. According to security experts at Trend Micro, BPFDoor is a state-sponsored backdoor attributed to the advanced persistent threat (APT) group known as Earth Bluecrow (also referred to as Red Menshen). This malware…
-
Brass Typhoon: The Chinese Hacking Group Lurking in the Shadows
Though less well-known than groups like Volt Typhoon and Salt Typhoon, Brass Typhoon, or APT 41, is an infamous, longtime espionage actor that foreshadowed recent telecom hacks. First seen on wired.com Jump to article: www.wired.com/story/brass-typhoon-china-cyberspies/
-
Shuckworm Group Leverages GammaSteel Malware in Targeted PowerShell Attacks
The Russia-linked cyber-espionage group known as Shuckworm (also identified as Gamaredon or Armageddon) has been observed targeting a Western country’s military mission located within Ukraine, employing an updated, PowerShell-based version of its GammaSteel infostealer malware. This campaign, which began in late February 2025 and continued into March, signifies Shuckworm’s persistent focus on Ukrainian entities and…
-
Shuckworm’s Sophisticated Cyber Campaign Targets Ukraine Military Mission
Russia-linked espionage group Shuckworm (also known as Gamaredon or Armageddon) has launched a renewed and more sophisticated cyber campaign targeting a foreign military mission based in Ukraine, according to a detailed report by the Symantec Threat Hunter Team. This latest wave of activity, which began in February 2025 and continued through March, underscores Shuckworm’s relentless…
-
Rogue RDP: Abusing RDP for File Theft and Espionage
A recent report by Google Threat Intelligence Group (GTIG) has shed light on a sophisticated phishing campaign targeting European government and military organizations. This campaign, attributed to a suspected Russia-nexus espionage actor tracked as UNC5837, employed a novel technique leveraging the Remote Desktop Protocol (RDP) for malicious purposes. Unlike typical RDP attacks that focus on…
-
New GIFTEDCROOK Stealer Targets Government Organizations to Exfiltrate Sensitive Data
Cybersecurity experts have uncovered an alarming escalation in cyber-espionage operations targeting Ukrainian critical sectors, as outlined in CERT-UA’s latest alert, CERT-UA#14303. The campaign, attributed to the UAC-0226 hacking group, leverages a sophisticated C/C++-based stealer called GIFTEDCROOK to infiltrate systems, steal sensitive data, and exfiltrate it via covert channels. The operation has been active since February…
-
To tackle espionage, Dutch government plans to screen university students and researchers
The Dutch government is working on a plan to screen researchers and students to avoid exposing “sensitive technology” to espionage. First seen on therecord.media Jump to article: therecord.media/netherlands-plan-vetting-researchers-students-espionage
-
Chinese Espionage Group Targeting Legacy Ivanti VPN Devices
More Evidence Surfaces of Chinese Hackers Targeting Ivanti Products. A suspected Chinese cyberespionage operation is behind a spate of malware left on VPN appliances made by Ivanti. The threat actor used a critical security vulnerability the Utah company patched in February. We are aware of a limited number of customers whose appliances have been exploited.…
-
Chinese State Hackers Exploiting Newly Disclosed Ivanti Flaw
Tags: china, espionage, exploit, flaw, hacker, ivanti, mandiant, remote-code-execution, vulnerabilityMandiant warned that Chinese espionage actor UNC5221 is actively exploiting a critical Ivanti vulnerability, which can lead to remote code execution First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-state-hackers-ivanti-flaw/
-
Ex-ASML, NXP staffer accused of stealing chip secrets, peddling them to Moscow
Tags: espionageWe’re not Putin up with this alleged industrial espionage, say the Dutch First seen on theregister.com Jump to article: www.theregister.com/2025/04/04/amsl_russian_spy/
-
China-backed espionage group hits Ivanti customers again
UNC5221 has a knack for exploiting defects in Ivanti products. The group has exploited at least four vulnerabilities in the vendor’s products since 2023, according to Mandiant. First seen on cyberscoop.com Jump to article: cyberscoop.com/china-espionage-group-ivanti-vulnerability-exploits/
-
Ivanti patches Connect Secure zero-day exploited since mid-March
Tags: china, espionage, exploit, ivanti, malware, remote-code-execution, update, vulnerability, zero-dayIvanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ivanti-patches-connect-secure-zero-day-exploited-since-mid-march/
-
Hackers hit Ukrainian state agencies, critical infrastructure with new ‘Wrecksteel’ malware
A Ukrainian cyber agency said a suspected espionage campaign using the new malware has been active seen the fall, with at least three incidents detected in March. First seen on therecord.media Jump to article: therecord.media/hackers-ukraine-critical-infrastructure-malware
-
Operation HollowQuill Uses Malicious PDFs to Target Academic and Government Networks
A newly uncovered cyber-espionage campaign, dubbed Operation HollowQuill, has been identified as targeting academic, governmental, and defense-related networks in Russia using weaponized PDF documents. The operation, tracked by SEQRITE Labs APT-Team, leverages decoy research invitations to infiltrate systems associated with the Baltic State Technical University (BSTU “VOENMEKH”), a key institution for defense and aerospace research…
-
Hackers target Ukrainian state agencies, critical infrastructure with new ‘Wrecksteel’ malware
A Ukrainian cyber agency said a suspected espionage campaign using the new malware has been active seen the fall, with at least three incidents detected in March. First seen on therecord.media Jump to article: therecord.media/hackers-ukraine-critical-infrastructure-malware
-
Hackers Selling SnowDog RAT Malware With Remote Control Capabilities Online
A sophisticated remote access trojan (RAT) dubbedSnowDoghas surfaced on underground cybercrime forums, prompting alarms among cybersecurity experts. Advertised as a tool for “corporate espionage and advanced intrusions,” the malware is being sold by an unidentified threat actor with claims of stealth, evasion, and remote control capabilities. The SnowDog RAT: Features and Risks The seller claims…
-
Raw Deel: Corporate spy admits role in espionage at HR software biz Rippling
Double-oh-sh… First seen on theregister.com Jump to article: www.theregister.com/2025/04/02/deel_rippling_espionage/
-
Google fixes GCP flaw that could expose sensitive container images
run.services.update and iam.serviceAccounts.actAspermissions they could modify a Cloud Run service and deploy a new revision.”In doing so, they could specify (through malicious code injection) any private container image stored in a victim’s registries, Matan added.According to a Tenable statement to CSO, an attacker could use this vulnerability for data theft or espionage in a real-world…
-
APT34 Deploys Custom Malware Targeting Finance and Telecom Sectors
APT34, also known as OilRig or Helix Kitten, has intensified its cyber-espionage campaigns, deploying custom malware to target entities within the finance and telecommunications sectors. The group, active since 2012, is a well-documented advanced persistent threat (APT) actor linked to the Middle East. Recent investigations by the ThreatBook Research and Response Team have revealed that…
-
Volume of attacks on network devices shows need to replace end of life devices quickly
Tags: access, apache, attack, authentication, best-practice, breach, cloud, control, credentials, cve, cyber, dns, endpoint, espionage, exploit, firewall, flaw, government, group, Hardware, infrastructure, injection, Internet, ivanti, lazarus, macOS, monitoring, network, north-korea, open-source, password, risk, router, russia, sans, service, software, threat, tool, update, vulnerabilityCVE-2023-1389, a vulnerability in TP-Link Archer AX21 router;CVE-2024-3400, a hole in Palo Alto Networks PAN-OS firewall operating system;CVE-2023-36845, a vulnerability in Juniper Networks Junos OS operating system;CVE-2021-44529, a vulnerability in Ivanti Endpoint Manager Cloud Service Appliance;CVE-2023-38035, a hole in Ivanti Sentry security gateway;CVE-2024-36401, a vulnerability in OSGeo GeoServer;CVE-2024-0012, a vulnerability in Palo Alto Neworks PAN-OS…
-
Earth Alux APT Group: Unveiling Its Espionage Toolkit
Researchers at Trend Micro detail a highly sophisticated cyber-espionage group actively targeting the Asia-Pacific and Latin American regions. First seen on securityonline.info Jump to article: securityonline.info/earth-alux-apt-group-unveiling-its-espionage-toolkit/
-
Operation HollowQuill Weaponized PDFs Deliver a Cobalt Strike Malware Into Gov Military Networks
In a recent revelation by SEQRITE Labs, a highly sophisticated cyber-espionage campaign, dubbed Operation HollowQuill, has been uncovered. The operation targets academic, governmental, and defense-related networks in Russia using weaponized decoy PDFs to deliver Cobalt Strike malware implants. The campaign appears to focus on infiltrating critical institutions such as the Baltic State Technical University (BSTU…
-
Russian Hackers Leverage Bulletproof Hosting to Shift Network Infrastructure
Russian-aligned cyber threat groups, UAC-0050 and UAC-0006, have significantly escalated their operations in 2025, targeting entities worldwide with a focus on Ukraine. These groups employ bulletproof hosting services to mask their network infrastructure, enabling sophisticated campaigns involving financial theft, espionage, and psychological operations. UAC-0050, linked to Russian law enforcement agencies, has transitioned to deploying NetSupport…