Tag: espionage
-
LapDogs: China-nexus hackers Hijack 1,000+ SOHO devices for espionage
Over 1,000 SOHO devices were hacked in a China-linked spying campaign called LapDogs, forming a covert network to support cyber espionage. Security researchers at SecurityScorecard’s STRIKE team have uncovered a cyber espionage campaign, dubbed LapDogs, involving over 1,000 hacked SOHO (small office/home office) devices. These compromised devices formed a hidden network, called an Operational Relay…
-
Over 1,000 SOHO Devices Hacked in China-linked LapDogs Cyber Espionage Campaign
Threat hunters have discovered a network of more than 1,000 compromised small office and home office (SOHO) devices that have been used to facilitate a prolonged cyber espionage infrastructure campaign for China-nexus hacking groups.The Operational Relay Box (ORB) network has been codenamed LapDogs by SecurityScorecard’s STRIKE team.”The LapDogs network has a high concentration of victims…
-
PUBLOAD and Pubshell Malware Used in Mustang Panda’s Tibet-Specific Attack
A China-linked threat actor known as Mustang Panda has been attributed to a new cyber espionage campaign directed against the Tibetan community.The spear-phishing attacks leveraged topics related to Tibet, such as the 9th World Parliamentarians’ Convention on Tibet (WPCT), China’s education policy in the Tibet Autonomous Region (TAR), and a recently published book by the…
-
Iranian APT35 Hackers Targeting High-Profile Cybersecurity Experts and Professors in Israel
The Iranian threat group Educated Manticore, also tracked as APT35, APT42, Charming Kitten, or Mint Sandstorm, has intensified its cyber-espionage operations targeting Israeli cybersecurity experts, computer science professors, and journalists. Associated with the Islamic Revolutionary Guard Corps’ Intelligence Organization (IRGC-IO), this advanced persistent threat (APT) group has been under scrutiny by Check Point Research for…
-
China-Nexus ‘LapDogs’ Network Thrives on Backdoored SOHO Devices
The campaign infected devices in the US and Southeast Asia to build an operational relay box (ORB) network for use as an extensive cyber-espionage infrastructure. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/china-lapdogs-network-backdoored-soho-devices
-
LapDogs Hackers Compromise 1,000 SOHO Devices Using Custom Backdoor for Stealthy Attacks
Security researchers at SecurityScorecard have uncovered a sprawling cyber-espionage campaign orchestrated by the LapDogs Operational Relay Box (ORB) Network, a sophisticated infrastructure compromising over 1,000 devices worldwide. Identified as a key tool for China-Nexus threat actors, LapDogs primarily targets Small Office/Home Office (SOHO) routers and IoT devices, particularly Linux-based systems, to facilitate covert operations. This…
-
China-linked APT Salt Typhoon targets Canadian Telecom companies
Canada and FBI warn of China-linked APT Salt Typhoon targeting Canadian telecom firms in ongoing cyber espionage operations. The Canadian Centre for Cyber Security and the FBI warn that China-linked APT cyber espionage group Salt Typhoon, is targeting Canadian telecom firms in espionage attacks. The Salt Typhoon hacking campaign, active for 12 years, has targeted…
-
China-linked Salt Typhoon Exploits Critical Cisco Vulnerability to Target Canadian Telecom
The Canadian Centre for Cyber Security and the U.S. Federal Bureau of Investigation (FBI) have issued an advisory warning of cyber attacks mounted by the China-linked Salt Typhoon actors to breach major global telecommunications providers as part of a cyber espionage campaign.The attackers exploited a critical Cisco IOS XE software (CVE-2023-20198, CVSS score: 10.0) to…
-
Canada says telcos were breached in China-linked espionage hacks
Salt Typhoon previously hacked phone and telco giants across the United States. First seen on techcrunch.com Jump to article: techcrunch.com/2025/06/23/canada-says-telcos-were-breached-in-china-linked-espionage-hacks/
-
APT36 Hackers Target Indian Defense Personnel with Sophisticated Phishing Campaign
APT36, also known as Transparent Tribe, a Pakistan-based cyber espionage group, has launched a highly sophisticated phishing campaign targeting Indian defense personnel. According to recent findings by CYFIRMA, this group has meticulously crafted phishing emails that deliver malicious PDF attachments disguised as official government documents. Cyber Espionage Group Transparent Tribe Strikes Again These deceptive files…
-
Chinese “LapDogs” ORB Network Targets US and Asia
SecurityScorecard has discovered a covert cyber-espionage botnet dubbed “LapDogs” linked to China First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-lapdogs-orb-network/
-
Surge in XSS Cyberattacks Targets Popular Webmail Platforms, ESET Reports
A recent report from ESET has uncovered a sophisticated cyber espionage campaign by the Russia-aligned Sednit group, targeting high-value webmail platforms through cross-site scripting (XSS) attacks. Dubbed Operation RoundPress, this operation has compromised popular webmail services such as Roundcube, Horde, MDaemon, and Zimbra, with a primary focus on governmental entities and defense organizations in Eastern…
-
Silver Fox APT: Chinese Threat Actor Deploys Trojanized Medical Software in Stealth Espionage Campaign
The post Silver Fox APT: Chinese Threat Actor Deploys Trojanized Medical Software in Stealth Espionage Campaign appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/silver-fox-apt-chinese-threat-actor-deploys-trojanized-medical-software-in-stealth-espionage-campaign/
-
Silver Fox APT Uses Weaponized Medical Software to Deploy Remote Access Tools and Disable AV
The China-based advanced persistent threat (APT) group Silver Fox, also known as Void Arachne or The Great Thief of Valley, has been identified as the orchestrator of a complex multi-stage campaign targeting healthcare delivery organizations (HDOs) and public sector entities. Active since 2024 and believed to be state-sponsored, Silver Fox is deploying cyber espionage and…
-
China-linked group Salt Typhoon breached satellite firm Viasat
China-linked APT Typhoon has reportedly targeted satellite firm Viasat, the group has breached multiple telecom providers in the past. China-linked APT group Salt Typhoon hacked the satellite communications firm Viasat, the cyber-espionage group has previously breached the networks of multiple other telecom providers in the United States and globally. Viasat is a global communications company…
-
Telecom giant Viasat breached by China’s Salt Typhoon hackers
Satellite communications company Viasat is the latest victim of China’s Salt Typhoon cyber-espionage group, which has previously hacked into the networks of multiple other telecom providers in the United States and worldwide. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/telecom-giant-viasat-breached-by-chinas-salt-typhoon-hackers/
-
Hackers Exploiting Chrome Zero”‘Day Vulnerability in the Wild
A newly discovered zero-day vulnerability in Google Chrome, tracked as CVE-2025-2783, is being actively exploited by hackers in sophisticated cyber-espionage campaigns. Security researchers have observed a surge in targeted attacks leveraging this flaw, with attribution pointing to the advanced persistent threat (APT) group Team46, also known as TaxOff. The Attack Campaign The first signs of…
-
US critical infrastructure could become casualty of Iran-Israel conflict
Researchers warn that Iran-aligned threat groups could soon target U.S. companies and individuals in cyber espionage or sabotage attacks. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/us-critical-infrastructure-iran-israel-conflict/750799/
-
Week in review: Microsoft fixes exploited zero-day, Mirai botnets target unpatched Wazuh servers
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053) For … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/15/week-in-review-microsoft-fixes-exploited-zero-day-mirai-botnets-target-unpatched-wazuh-servers/
-
Fog ransomware gang abuses employee monitoring tool in unusual multi-stage attack
Tags: attack, china, cloud, control, corporate, encryption, espionage, exploit, google, group, intelligence, microsoft, monitoring, network, open-source, penetration-testing, ransomware, service, threat, toolOpen-source pen testers for executing commands: Another peculiarity observed in the attack was the use of open-source penetration testing tools, like GC2 and Adaptix C2, rarely seen with ransomware attacks.Google Command and Control (GC2) is an open-source post-exploitation tool that allows attackers to control compromised systems using legitimate cloud services like Google Sheets and Google…
-
40,000 security cameras exposed, raises espionage concerns
First seen on scworld.com Jump to article: www.scworld.com/news/40000-security-cameras-exposed-raises-espionage-concerns
-
Patch Tuesday: Microsoft Patches 68 Security Flaws, Including One for Targeted Espionage
Security experts offer their takes on some of the flaws, including a set of vulnerabilities that could enable remote code execution in Microsoft Office. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-patch-tuesday-june/
-
China-linked hackers target cybersecurity firms, governments in global espionage campaign
Tags: access, awareness, china, ciso, cyber, cybersecurity, defense, detection, espionage, government, hacker, infrastructure, intelligence, Internet, monitoring, threatDeployed PurpleHaze for broader espionage: Researchers reported that in October 2024, they detected and mitigated a reconnaissance operation targeting SentinelOne, which they identified as part of a broader activity cluster known as PurpleHaze.As noted earlier, this PurpleHaze activity shared infrastructure with the campaign behind the re-compromise of the South Asian government entity, suggesting a stronger…
-
Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053)
For June 2025 Patch Tuesday, Microsoft has fixed 66 new CVEs, including a zero-day exploited in the wild (CVE-2025-33053). Also, Adobe Commerce and Magento Open Source users … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/11/microsoft-fixes-zero-day-exploited-for-cyber-espionage-cve-2025-33053/
-
Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053)
For June 2025 Patch Tuesday, Microsoft has fixed 66 new CVEs, including a zero-day exploited in the wild (CVE-2025-33053). Also, Adobe Commerce and Magento Open Source users … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/11/microsoft-fixes-zero-day-exploited-for-cyber-espionage-cve-2025-33053/
-
China-linked threat actor targeted +70 orgs worldwide, SentinelOne warns
Tags: attack, china, cyber, cyberespionage, cybersecurity, espionage, government, infrastructure, threatChina-linked threat actor targeted over 70 global organizations, including governments and media, in cyber-espionage attacks from July 2024 to March 2025. In April 2025, cybersecurity firm SentinelOne warned that a China-linked threat actor, tracked as PurpleHaze, attempted to conduct reconnaissance on its infrastructure and high-value clients. The activity suggests targeted cyberespionage efforts aimed at gathering…
-
Chinese-Linked Hackers Targeted 70+ Global Organizations, SentinelLABS
SentinelLABS uncovers widespread China-linked cyber espionage targeting over 70 global organizations and cybersecurity firms between July 2024 and… First seen on hackread.com Jump to article: hackread.com/chinese-linked-hackers-targeted-global-organizations/