Tag: espionage
-
New Report Reveals Chinese Hackers Attempted to Breach SentinelOne Servers
SentinelLABS, a sophisticated reconnaissance operation targeting SentinelOne, a leading cybersecurity vendor, has been detailed as part of a broader espionage campaign linked to China-nexus threat actors. Tracked under the activity clusters PurpleHaze and ShadowPad, these operations spanned from July 2024 to March 2025, affecting over 70 organizations worldwide across sectors like government, media, manufacturing, finance,…
-
Over 70 Organizations Across Multiple Sectors Targeted by China-Linked Cyber Espionage Group
The reconnaissance activity targeting American cybersecurity company SentinelOne was part of a broader set of partially-related intrusions into several targets between July 2024 and March 2025.”The victimology includes a South Asian government entity, a European media organization, and more than 70 organizations across a wide range of sectors,” security researchers Aleksandar Milenkoski and Tom First…
-
China-Backed Hackers Target SentinelOne in ‘PurpleHaze’ Attack Spree
Known threat groups APT15 and UNC5174 unleashed attacks against SentinelOne and more than 70 other high-value targets, as part of ongoing cyber-espionage and other malicious activity involving ShadowPad malware. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/china-hackers-target-sentinelone-purplehaze-attack
-
APT41 Hackers Leverage Google Calendar for Malware C2 in Attacks on Government Entities
The Chinese state-sponsored threat actor APT41, also known as BARIUM, Wicked Panda, and Brass Typhoon, has been reported to exploit Google Calendar as a command-and-control (C2) mechanism in a recent campaign targeting a Taiwanese government website. This sophisticated group, active since at least 2012, is notorious for blending cyber espionage with financially motivated cybercrime, hitting…
-
Kimsuky Strikes Again Coordinated Attacks Target Facebook, Email, and Telegram
A recent investigation by Genians Security Center (GSC) has uncovered a highly sophisticated, multi-channel cyber espionage campaign attributed to the North Korea-aligned advanced persistent threat (APT) group known as Kimsuky. Between March and April 2025, the group leveraged Facebook, email, and Telegram to infiltrate targets primarily within the defense sector, North Korea-related activists, and cryptocurrency…
-
Iranian Espionage Group Caught Spying on Kurdish Officials
BladedFeline Hackers Spying on Kurdish Officials Since at Least 2017. An Iranian state espionage group stayed hidden for more than half-a-decade until security researchers spotted it in 2023, researchers said Thursday in a report detailing a growing arsenal of hacking tools it deployed against Kurdish and Iraqi government officials. First seen on govinfosecurity.com Jump to…
-
New Chaos RAT Targets Linux and Windows Users to Steal Sensitive Data
A new wave of cyber threats has emerged with the discovery of updated variants of Chaos RAT, a notorious open-source remote administration tool (RAT) first identified in 2022. As reported by Acronis TRU researchers in their recent 2025 analysis, this malware continues to evolve, targeting both Linux and Windows environments with sophisticated capabilities for espionage…
-
New evidence links long-running hacking group to Indian government
Two cybersecurity companies issued reports tying a cyber-espionage group known as Bitter or TA397 more directly to the Indian government. First seen on therecord.media Jump to article: therecord.media/india-cyber-espionage-bitter-ta397
-
TA397 Hackers Exploits Scheduled Tasks to Deploy Malware on Targeted Systems
A recent in-depth analysis by Proofpoint Threat Research has shed light on the sophisticated operations of TA397, also known as Bitter, a suspected state-backed threat actor highly likely aligned with Indian intelligence interests. Identified as an espionage-focused group, TA397 has been actively targeting entities across Europe and Asia, particularly those with connections to China, Pakistan,…
-
Iranian APT ‘BladedFeline’ Hides in Network for 8 Years
ESET published research on the Iranian APT BladedFeline, which researchers believe is a subgroup of the cyber-espionage entity APT34. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/iranian-apt-bladedfeline-hides-network-8-years
-
DIA IT specialist charged in espionage attempt
Tags: espionageFirst seen on scworld.com Jump to article: www.scworld.com/brief/dia-it-specialist-charged-in-espionage-attempt
-
Dutch Minister Warns of Heightened Chinese Espionage Threats
Dutch Semiconductor Sector Among Chinese Targets. Chinese nation state groups ramped up espionage campaigns against Dutch critical infrastructure in recent months, said a state official who added that discussions are underway in the European Union on how to minimize Chinese threats. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/dutch-minister-warns-heightened-chinese-espionage-threats-a-28574
-
China-linked hackers exploit Google Calendar in cyberattacks on governments
Tags: china, cyber, cyberattack, espionage, exploit, google, government, hacker, intelligence, threatGoogle Threat Intelligence spotted the China-based operation known as APT41 leveraging the company’s own Calendar app as part of a cyber-espionage campaign. First seen on therecord.media Jump to article: therecord.media/china-linked-apt41-exploits-google-calendar-in-cyberattacks
-
New Cyber Threat: UTG015 Exploits 0-Days for Espionage in Asia
In a threat intelligence report, the Qi’anxin Threat Intelligence Center has exposed a series of highly targeted attacks First seen on securityonline.info Jump to article: securityonline.info/new-cyber-threat-utg-q-015-exploits-0-days-for-espionage-in-asia/
-
Stealthy Attacks: Silent Werewolf Deploys Custom Loaders in Espionage Operations
BI.ZONE Threat Intelligence has uncovered two new malicious campaigns attributed to the threat actor Silent Werewolf, once again First seen on securityonline.info Jump to article: securityonline.info/stealthy-attacks-silent-werewolf-deploys-custom-loaders-in-espionage-operations/
-
Russian hackers Void Blizzard step up espionage campaign
First seen on scworld.com Jump to article: www.scworld.com/news/russian-hackers-void-blizzard-step-up-espionage-campaign
-
Czech Government Attributes Foreign Ministry Hack to China
APT31 Compromised the Czech Foreign Affairs Ministry in 2022. The Czech government on Wednesday said Chinese state hackers stole sensitive declassified information from the republic’s foreign ministry as part of a years-long espionage campaign. Czech Ministry of Foreign Affairs attributed the hack to a Chinese nation-state group tracked as APT31. First seen on govinfosecurity.com Jump…
-
Czech Republic accuses China’s APT31 of a cyberattack on its Foreign Ministry
The Czech government condemned China after linking cyber espionage group APT31 to a cyberattack on its critical infrastructure. The Czech government strongly condemned China after the cyber espionage group APT31 was linked to a cyberattack targeting the nation’s critical infrastructure. The Czech government condemned China after APT31 hackers infiltrated a ministry’s unclassified system in 2022…
-
Russian APT28 Hackers Attacking NATO-aligned Organizations to Steal Sensitive Data
Russia’s GRU-backed APT28, widely known as Fancy Bear, has intensified its cyber espionage campaign against NATO-aligned organizations. Active since at least 2007, this notorious threat actor has been attributed to a series of sophisticated attacks targeting critical infrastructure, government entities, and logistics firms across the United States, United Kingdom, Germany, Canada, Poland, Ukraine, and other…
-
Chinese spies blamed for attempted hack on Czech government network
Czech authorities said they assessed with “a high degree of certainty” that a Chinese cyber-espionage group known as APT31, Judgment Panda, Bronze Vinewood or RedBravo tried to hack into a government network. First seen on therecord.media Jump to article: therecord.media/czechia-accuses-china-cyber-espionage-apt31
-
NATO Countries Targeted By New Russian Espionage Group
‘Laundry Bear’ Has Been Active Since 2024. Dutch intelligence agencies and Microsoft say a novel Russian state intelligence hacking group is likely buying stolen credentials from criminal marketplaces to gain entry to North American and European networks. It has a specific interest in European Union and NATO member states. First seen on govinfosecurity.com Jump to…
-
Microsoft, Dutch security agencies lift veil on Laundry Bear cyber espionage group
The Dutch intelligence and security services have identified a new Russia-affiliated threat group that has been breaching government organizations and commercial entities in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/27/microsoft-dutch-security-agencies-lift-veil-on-laundry-bear-void-blizzard-cyber-espionage-group/
-
Russian Hackers Breach 20+ NGOs Using Evilginx Phishing via Fake Microsoft Entra Pages
Microsoft has shed light on a previously undocumented cluster of threat activity originating from a Russia-affiliated threat actor dubbed Void Blizzard (aka Laundry Bear) that it said is attributed to “worldwide cloud abuse.”Active since at least April 2024, the hacking group is linked to espionage operations mainly targeting organizations that are important to Russian government…
-
TA-ShadowCricket: Sophisticated Hacker Group Targeting Government and Enterprise Networks
A decade-long cyber espionage campaign orchestrated by the advanced persistent threat (APT) group TA-ShadowCricket has been exposed through a joint investigation by South Korea’s AhnLab and the National Cyber Security Center (NCSC). The group, previously identified as Shadow Force, has systematically compromised over 2,000 systems across 72 countries since 2012, with primary targets in government…
-
Russian-Aligned TAG-110 Targets Tajikistan Governments with Stealthy Cyber-Espionage
Recorded Future’s Insikt Group has uncovered a new cyber-espionage campaign by Russia-aligned threat actor TAG-110 targeting public sector First seen on securityonline.info Jump to article: securityonline.info/russian-aligned-tag-110-targets-tajikistan-governments-with-stealthy-cyber-espionage/
-
Operation Endgame 2.0: DanaBusted
Tags: access, attack, backup, banking, breach, business, cloud, communications, control, crypto, cybercrime, data, defense, detection, email, espionage, firewall, fraud, government, group, Hardware, infection, intelligence, international, law, malicious, malware, middle-east, network, programming, ransomware, russia, service, supply-chain, switch, threat, tool, ukraine, update, windowsIntroductionOn May 22, 2025, international law enforcement agencies released information about additional actions that were taken in conjunction with Operation Endgame, an ongoing, coordinated effort to dismantle and prosecute cybercriminal organizations, including those behind DanaBot. This action mirrors the original Operation Endgame, launched in May 2024, which disrupted SmokeLoader, IcedID, SystemBC, Pikabot, and Bumblebee. Zscaler…
-
Russia-aligned hackers target Tajikistan in new espionage campaign
The hackers used phishing emails containing government-themed lure documents to gain access to targeted systems. First seen on therecord.media Jump to article: therecord.media/russia-hackers-target-tajikistan-espionage
-
Western Logistics and Tech Firms Targeted by Russia’s APT28
NSA, NCSC and allies warn Western tech and logistics firms of Russian APT28 cyber-espionage threat First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/western-logistics-tech-firms/