Tag: espionage
-
A house full of open windows: Why telecoms may never purge their networks of Salt Typhoon
Experts tell CyberScoop that the U.S. telecom system is just too technologically fragmented to gather a clear picture of threats, and too big to ever fully eject all espionage efforts. First seen on cyberscoop.com Jump to article: cyberscoop.com/salt-typhoon-chinese-hackers-us-telecom-breach/
-
Researchers warn of China-backed espionage campaign targeting laid-off US workers
A report by FDD says an elaborate online recruiting effort is using LinkedIn and fake online companies to gather sensitive intelligence. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/china-espionage-campaign-laid-off-workers/748607/
-
Dutch government passes law to criminalize cyber-espionage
The Netherlands has updated its digital security laws to criminalize cyber-espionage and increase penalties for computer-related offenses. First seen on therecord.media Jump to article: therecord.media/netherlands-law-criminalizes-cyber-espionage
-
‘Operation RoundPress’ Targets Ukraine in XSS Webmail Attacks
A cyber-espionage campaign is targeting Ukrainian government entities with a series of sophisticated spear-phishing attacks that exploit XSS vulnerabilities. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/operation-roundpress-ukraine-xss-webmail-attacks
-
Chinese APT Hackers Target Organizations Using Korplug Loaders and Malicious USB Drives
Advanced persistent threat (APT) groups with ties to China have become persistent players in the cyber espionage landscape, with a special emphasis on European governmental and industrial entities, according to a thorough disclosure from ESET’s APT Activity Report for Q4 2024 to Q1 2025. The report, covering activities from October 2024 to March 2025, highlights…
-
Russia-Linked SpyPress Malware Exploits Webmails to Spy on Ukraine
ESET reports on RoundPress, a cyber espionage campaign by Russia’s Fancy Bear (Sednit) targeting Ukraine-related organizations via webmail… First seen on hackread.com Jump to article: hackread.com/russia-spypress-malware-exploits-webmails-spy-ukraine/
-
FBI warns senior US officials are being impersonated using texts, AI-based voice cloning
Hackers are increasingly using vishing and smishing for state-backed espionage campaigns and major ransomware attacks. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/fbi-us-officials-impersonated-text-ai-voice/748334/
-
Russian Espionage Operation Targets Organizations Linked to Ukraine War
In Operation RoundPress, the compromise vector is a spearphishing email leveraging an XSS vulnerability to inject malicious JavaScript code into the victim’s webmail page First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fancy-bear-russia-cyber-espionage/
-
Inside North Korea’s Cyber Mafia: How Hidden IT Workers Fuel Global Espionage and Crypto Theft
A recent report by DTEX sheds light on the sophisticated and complex cyber operations of the Democratic People’s First seen on securityonline.info Jump to article: securityonline.info/inside-north-koreas-cyber-mafia-how-hidden-it-workers-fuel-global-espionage-and-crypto-theft/
-
Inside Turla’s Uroboros Infrastructure and Tactics Revealed
In a nation-state cyber espionage, a recent static analysis of the Uroboros rootkit, attributed to the infamous APT group Turla, uncovers a chilling display of sophistication and mastery over Windows kernel internals. With the sample identified by the MD5 hash ed785bbd156b61553aaf78b6f71fb37b, this malware-first linked to Turla around 2014-2015-stands as a testament to the group’s elite…
-
Stealth RAT uses a PowerShell loader for fileless attacks
Threat actors have been spotted using a PowerShell-based shellcode loader to stealthily deploy Remcos RAT, a popular espionage-ready tool in line with a broader shift toward fileless techniques.As discovered by Qualys, the campaign executes a number of steps to phish an obfuscated .HTA (HTML Application) file that runs layered PowerShell scripts entirely in memory.”The attackers…
-
Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers
A Russia-linked threat actor has been attributed to a cyber espionage operation targeting webmail servers such as Roundcube, Horde, MDaemon, and Zimbra via cross-site scripting (XSS) vulnerabilities, including a then-zero-day in MDaemon, according to new findings from ESET.The activity, which commenced in 2023, has been codenamed Operation RoundPress by the Slovak cybersecurity company. It has…
-
Earth Ammit Breached Drone Supply Chains via ERP in VENOM, TIDRONE Campaigns
Tags: cyber, espionage, group, healthcare, korea, military, service, software, supply-chain, technologyA cyber espionage group known as Earth Ammit has been linked to two related but distinct campaigns from 2023 to 2024 targeting various entities in Taiwan and South Korea, including military, satellite, heavy industry, media, technology, software services, and healthcare sectors.Cybersecurity firm Trend Micro said the first wave, codenamed VENOM, mainly targeted software service providers,…
-
Chinese Hackers Exploit SAP NetWeaver Zero-Day Vulnerability to Target Critical Infrastructure
Tags: china, cve, cyber, espionage, exploit, flaw, hacker, infrastructure, remote-code-execution, sap, threat, vulnerability, zero-dayEclecticIQ analysts have uncovered a sophisticated cyber-espionage campaign orchestrated by China-nexus nation-state Advanced Persistent Threats (APTs) targeting critical infrastructure worldwide. In April 2025, these threat actors launched a high-tempo exploitation campaign against SAP NetWeaver Visual Composer, exploiting a zero-day vulnerability identified as CVE-2025-31324. This unauthenticated file upload flaw allows remote code execution (RCE), providing attackers…
-
Earth Ammit Strikes Drone Supply Chains: VENOM and TIDRONE Campaigns Expose East Asia’s Critical Infrastructure
rend Micro researchers have uncovered the full extent of an elaborate, multi-phase cyber-espionage operation attributed to Earth Ammit, First seen on securityonline.info Jump to article: securityonline.info/earth-ammit-strikes-drone-supply-chains-venom-and-tidrone-campaigns-expose-east-asias-critical-infrastructure/
-
Swan Vector Espionage Targets Japan Taiwan with Advanced Malware
The Seqrite Labs APT-Team has uncovered a complex cyber-espionage operation dubbed Swan Vector, targeting educational institutions and the First seen on securityonline.info Jump to article: securityonline.info/swan-vector-espionage-targets-japan-taiwan-with-advanced-malware/
-
TA406 Cyber Campaign: North Korea’s Focus on Ukraine Intelligence
In a recently disclosed campaign, TA406, a North Korean state-aligned threat actor, has expanded its cyber-espionage efforts by First seen on securityonline.info Jump to article: securityonline.info/ta406-cyber-campaign-north-koreas-focus-on-ukraine-intelligence/
-
South Korean researchers uncover another cyber-espionage campaign from the North
A group tracked as APT37 or ScarCruft is once again phishing South Korean organizations with national security interests, according to analysts at cybersecurity firm Genians. First seen on therecord.media Jump to article: therecord.media/apt37-scarcruft-cyber-espionage-campaign-south-korea
-
China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures
Tags: access, api, apt, attack, authentication, backdoor, backup, breach, business, china, cloud, control, cve, cyber, data, data-breach, detection, dns, encryption, endpoint, espionage, exploit, finance, firewall, fortinet, google, government, group, infection, infrastructure, intelligence, Internet, ivanti, linux, malicious, malware, mandiant, military, network, open-source, programming, rat, remote-code-execution, reverse-engineering, risk, rust, sap, service, strategy, tactics, threat, tool, update, vmware, vpn, vulnerability, windows, zero-dayExecutive Summary EclecticIQ analysts assess with high confidence that, in April 2025, China-nexus nation-state APTs (advanced persistent threat) launched high-temp exploitation campaigns against critical infrastructure networks by targeting SAP NetWeaver Visual Composer. Actors leveraged CVE-2025-31324 [1], an unauthenticated file upload vulnerability that enables remote code execution (RCE). This assessment is based on a publicly…
-
DPRK-Backed TA406 Targets Ukraine With Malware Campaigns
Cyber espionage campaign linked to North Korean actor TA406 targeted Ukrainian government entities First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/dprk-backed-ta406-targets-ukraine/
-
North Korean hackers target Ukrainian government in new espionage campaign
The latest wave of activity in Ukraine suggests that Pyongyang is seeking to “better understand the appetite to continue fighting against the Russian invasion” and “the medium-term outlook of the conflict,” according to the latest report by cybersecurity firm Proofpoint. First seen on therecord.media Jump to article: therecord.media/north-korea-hackers-target-ukraine-to-understand-russian-war-efforts
-
Attackers Leverage Unpatched Output”¯Messenger 0″‘Day to Deliver Malicious Payloads
A Türkiye-affiliated espionage threat actor, tracked by Microsoft Threat Intelligence as Marbled Dust (also known as Sea Turtle and UNC1326), has been exploiting a zero-day vulnerability in Output Messenger, a popular multiplatform chat software. Identified as CVE-2025-27920, this directory traversal flaw in the Output Messenger Server Manager application allows authenticated attackers to upload malicious files…
-
Deepfake attacks are inevitable. CISOs can’t prepare soon enough.
Tags: advisory, ai, attack, authentication, awareness, blockchain, business, ciso, compliance, control, cybersecurity, data, deep-fake, defense, detection, espionage, finance, fraud, governance, grc, identity, incident response, jobs, law, mfa, north-korea, password, privacy, resilience, risk, scam, software, strategy, tactics, technology, threat, tool, training, updateReal-world fabrications: Even security vendors have been victimized. Last year, the governance risk and compliance (GRC) lead at cybersecurity company Exabeam was hiring for an analyst, and human resources (HR) qualified a candidate that looked very good on paper with a few minor concerns, says Kevin Kirkwood, CISO.”There were gaps in how the education represented…
-
Output Messenger flaw exploited as zero-day in espionage attacks
A Türkiye-backed cyberespionage group exploited a zero-day vulnerability to attack Output Messenger users linked to the Kurdish military in Iraq. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/output-messenger-flaw-exploited-as-zero-day-in-espionage-attacks/
-
Türkiye-Linked Hackers Exploit Output Messenger Zero-Day (CVE-2025-27920) in Espionage Campaign
Microsoft Threat Intelligence has linked a regional cyber-espionage campaign exploiting a zero-day vulnerability in Output Messenger to the First seen on securityonline.info Jump to article: securityonline.info/turkiye-linked-hackers-exploit-output-messenger-zero-day-cve-2025-27920-in-espionage-campaign/
-
Hacktivist Attacks on India Overstated Amid APT36 Espionage Threat
Hacktivist claims on Indian infrastructure raised alarms, but investigations showed minimal damage First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/hacktivist-attacks-india/
-
Russian FSB Hackers Deploy New Lostkeys Malware
Malware Targets Western Officials, NGOs and Journalists. Russian cyber espionage hackers are using a new malware strain dubbed Lostkeys in a targeted espionage campaign aimed at Western officials, NGOs and journalists. Google researchers attribute Lostkeys to the threat group Coldriver, an operational unit within the Federal Security Service. First seen on govinfosecurity.com Jump to article:…
-
Russia-linked ColdRiver used LostKeys malware in recent attacks
Tags: apt, attack, cyberespionage, espionage, google, government, group, intelligence, malware, russia, threatSince early 2025, Russia-linked ColdRiver has used LostKeys malware to steal files in espionage attacks on Western governments and organizations. Google’s Threat Intelligence Group discovered LOSTKEYS, a new malware used by Russia-linked APT COLDRIVER, in recent attacks to steal files and gather system info. TheColdRiverAPT (aka “Seaborgium”, “Callisto”, “Star Blizzard”,”TA446″) is a Russian cyberespionage group…
-
Google links new LostKeys data theft malware to Russian cyberspies
Since the start of the year, the Russian state-backed ColdRiver hacking group has been using new LostKeys malware to steal files in espionage attacks targeting Western governments, journalists, think tanks, and non-governmental organizations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-links-new-lostkeys-data-theft-malware-to-russian-cyberspies/
-
Russian state-linked Coldriver spies add new malware to operation
A Russian cyber-espionage group tracked as Coldriver by Google researchers has updated its malware toolset. First seen on therecord.media Jump to article: therecord.media/coldriver-russia-cyber-espionage-lostkeys-malware