Tag: espionage
-
Russian Hackers Leverage Bulletproof Hosting to Shift Network Infrastructure
Russian-aligned cyber threat groups, UAC-0050 and UAC-0006, have significantly escalated their operations in 2025, targeting entities worldwide with a focus on Ukraine. These groups employ bulletproof hosting services to mask their network infrastructure, enabling sophisticated campaigns involving financial theft, espionage, and psychological operations. UAC-0050, linked to Russian law enforcement agencies, has transitioned to deploying NetSupport…
-
Chinese Lotus Blossom Hackers leverages Windows Management Instrumentation for Network Movement
The Chinese Advanced Persistent Threat (APT) group known as Lotus Blossom, also referred to as Billbug, Thrip, or Spring Dragon, has intensified its cyber-espionage operations by employing advanced techniques, including the use of Windows Management Instrumentation (WMI) for lateral movement within targeted networks. This group, active for over a decade, has recently deployed new variants…
-
Salt Typhoon may have upgraded backdoors for efficiency and evasion
CrowDoor and attributed to the Earth Estries APT group in November 2024.”GhostSparrow, aka Salt Typhoon (Microsoft), Earth Estries (Trend Micro), Ghost Emperor (Kaspersky Labs), and UNC2286 (Mandiant), has escalated cyber espionage, breaching US telecom networks and accessing data on over a million individuals. One of the key features ESET reported on the two previously unseen…
-
ISMG Editors: Ransomware’s Stealth vs. Spectacle Tactics
Tags: attack, china, cyber, cybersecurity, espionage, infrastructure, ransomware, strategy, tactics, updateAlso: Rapid7’s Boardroom Shake-Up, China’s Shift Tactical Cyber Shift. In this week’s update, ISMG editors unpacked stealth vs. spectacle in ransomware attacks, Rapid7’s boardroom shake-up led by activist investors, and China’s shift from cyber espionage to infrastructure sabotage – driving key shifts in global cybersecurity strategy and resilience. First seen on govinfosecurity.com Jump to article:…
-
Iran’s MOIS-Linked APT34 Spies on Allies Iraq & Yemen
The Islamic Republic is keeping its enemies close and its friends closer, with espionage attacks aimed at nearby neighbors. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/irans-mois-linked-apt34-spies-allies-iraq-yemen
-
Russian Espionage Group Using Ransomware in Attacks
Russian-speaking espionage group RedCurl has been deploying ransomware on victims’ networks in a recent campaign. The post Russian Espionage Group Using Ransomware in Attacks appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/russian-espionage-group-using-ransomware-in-attacks/
-
Russian media, academia targeted in espionage campaign using Google Chrome zero-day exploit
“We have discovered and reported dozens of zero-day exploits actively used in attacks, but this particular exploit is certainly one of the most interesting we’ve encountered,” researchers from Kaspersky said in their analysis published Tuesday. First seen on therecord.media Jump to article: therecord.media/russian-media-academia-targeted-in-espionage-campaign
-
Chinese Spy Group FamousSparrow Back with a Vengeance, Targets US
Once considered inactive, the Chinese cyber espionage group FamousSparrow has reemerged, targeting organizations across the US, Mexico and Honduras First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chin-famoussparrow-targets-us/
-
Mercenary Hacking Group Appears to Embrace Ransomware
Highly Targeted Ransomware Hit Traced to Long-Running Cyberespionage Group. A stealthy group of mercenary hackers active since 2018 appears to have diversified into hitting hypervisors with ransomware via highly targeted attacks. Researchers said they tracked the hit to a corporate espionage team tracked as RedCurl. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/mercenary-hacking-group-appears-to-embrace-ransomware-a-27834
-
RedCurl cyberspies create ransomware to encrypt Hyper-V servers
A threat actor named ‘RedCurl,’ known for stealthy corporate espionage operations since 2018, is now using a ransomware encryptor designed to target Hyper-V virtual machines. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/redcurl-cyberspies-create-ransomware-to-encrypt-hyper-v-servers/
-
Google Hastily Patches Chrome Zero-Day Exploited by APT
Researchers at Kaspersky discovered cyber-espionage activity that used the vulnerability in a one-click phishing attack to deliver malware. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/google-patches-chrome-zero-day-exploited-apt
-
RedCurl Shifts from Espionage to Ransomware with First-Ever QWCrypt Deployment
The Russian-speaking hacking group called RedCurl has been linked to a ransomware campaign for the first time, marking a departure in the threat actor’s tradecraft.The activity, observed by Romanian cybersecurity company Bitdefender, involves the deployment of a never-before-seen ransomware strain dubbed QWCrypt.RedCurl, also called Earth Kapre and Red Wolf, has a history of orchestrating First…
-
North Korean Kimsuky Hackers Deploy New Tactics and Malicious Scripts in Recent Attacks
Security researchers have uncovered a new attack campaign by the North Korean state-sponsored APT group Kimsuky, also known as >>Black Banshee.
-
Google fixes Chrome zero-day exploited in espionage campaign
Google has fixed a high-severity Chrome zero-day vulnerability exploited to escape the browser’s sandbox and deploy malware in espionage attacks targeting Russian organizations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-fixes-chrome-zero-day-exploited-in-espionage-campaign/
-
Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks
Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that it said has been exploited in the wild as part of attacks targeting organizations in Russia. The vulnerability, tracked as CVE-2025-2783, has been described as a case of “incorrect handle provided in unspecified circumstances in Mojo on…
-
CVE-2025-2783: Chrome Zero-Day Exploited in State-Sponsored Espionage Campaign
Kaspersky Labs has uncovered a sophisticated cyber-espionage campaign”, dubbed Operation ForumTroll”, leveraging a previously unknown Google Chrome zero-day exploit, now First seen on securityonline.info Jump to article: securityonline.info/cve-2025-2783-chrome-zero-day-exploited-in-state-sponsored-espionage-campaign/
-
Likely Chinese Hackers Infiltrated Asian Telecom for 4 Years
‘Weaver Ant’ Used Web Shell Tunneling and Hacked Routers to Evade Detection. An apparently Chinese cyber espionage operation lurked inside the network of an Asian telecom for four years, camouflaging its presence through nested encryption and lightweight web shells. Chinese hackers have been uncovered on the inside of telecom networks spanning the globe. First seen…
-
Chinese ‘Web Shell Whisperer’ Leverages Shells and Tunnels to Establish Stealthy Persistence
A recent cyber espionage operation by a China-nexus threat actor, dubbed >>Weaver Ant,
-
UK Cybersecurity Weekly News Roundup 23 March 2025
Tags: ai, best-practice, compliance, cyber, cyberattack, cybersecurity, data, disinformation, election, email, espionage, exploit, group, incident, malicious, network, phishing, qr, ransomware, service, threat, update, vulnerabilityWelcome to this week’s edition of our cybersecurity news roundup, bringing you the latest developments and insights from the UK and beyond. NHS Scotland Confirms Cyberattack Disruption On 20 March 2025, NHS Scotland reported a major cyber incident that caused network outages across multiple health boards. The cyberattack disrupted clinical systems and led to delayed…
-
China-Linked APT Aquatic Panda: 10-Month Campaign, 7 Global Targets, 5 Malware Families
The China-linked advanced persistent threat (APT) group. known as Aquatic Panda has been linked to a “global espionage campaign” that took place in 2022 targeting seven organizations.These entities include governments, catholic charities, non-governmental organizations (NGOs), and think tanks across Taiwan, Hungary, Turkey, Thailand, France, and the United States. The activity, which took place First seen…
-
I-SOON’s ‘Chinese Fishmonger’ APT Targets Government Entities and NGOs
In a recent development, the U.S. Department of Justice unsealed an indictment against employees of the Chinese contractor I-SOON, revealing their involvement in multiple global espionage operations. These operations are attributed to the FishMonger APT group, which is believed to be I-SOON’s operational arm. The group, also known as Earth Lusca, TAG-22, Aquatic Panda, or…
-
FishMonger APT Group Linked to I-SOON in Espionage Campaigns
The FishMonger APT Group has been linked with I-SOON, targeting governments, NGOs and think tanks in cyber-espionage campaigns First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fishmonger-apt-group-linked-isoon/
-
State-Backed Hackers Exploiting Windows Zero-Day Since 2017
At least 11 state-sponsored hacking groups from North Korea, Iran, Russia, and China have been actively exploiting a newly uncovered Windows zero-day vulnerability in cyber espionage and data theft attacks since 2017. Despite clear evidence of exploitation, Microsoft has declined… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/zdi-can-25373-zero-day-exploited-since-2017/
-
New Windows zero-day feared abused in widespread espionage for years
.The zero-day vulnerability, tracked as ZDI-CAN-25373, has yet to be publicly acknowledged and assigned a CVE-ID by Microsoft. ZDI-CAN-25373 has to do with the way Windows displays the contents of .lnk files, a type of binary file used by Windows to act as a shortcut to a file, folder, or application, through the Windows UI.A…
-
CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT
CERT-UA warns of a cyber campaign using Dark Crystal RAT to target Ukraine’s defense sector, including defense industry employees and Defense Forces members. The Computer Emergency Response Team of Ukraine (CERT-UA) uncovered a new cyber espionage campaign targeting employees of defense-industrial complex enterprises and representatives of the Defense Forces of Ukraine with Dark Crystal RAT.…
-
11 Nation-State Hackers Exploit Unpatched Windows Flaw Since 2017
Microsoft refuses to patch serious Windows shortcut vulnerability abused in global espionage campaigns! First seen on hackread.com Jump to article: hackread.com/nation-state-hackers-exploit-windows-unpatched-flaw-2017/
-
Nation-state actors and cybercrime gangs abuse malicious .lnk files for espionage and data theft
11 state-sponsored APTs exploit malicious .lnk files for espionage and data theft, with ZDI uncovering 1,000 such files used in attacks. At least 11 state-sponsored threat groups have been abusing Windows shortcut files for espionage and data theft, according to an analysis by Trend Micro’s Zero Day Initiative (ZDI). Trend ZDI researchers discovered 1,000 malicious…
-
State-Backed Cyber Espionage Against European Telcos Escalates
First seen on scworld.com Jump to article: www.scworld.com/brief/state-backed-cyber-espionage-against-european-telcos-escalates
-
New Windows zero-day exploited by 11 state hacking groups since 2017
At least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a new Windows vulnerability in data theft and cyber espionage zero-day attacks since 2017. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-windows-zero-day-exploited-by-11-state-hacking-groups-since-2017/