Tag: espionage
-
Hackers hit Ukrainian state agencies, critical infrastructure with new ‘Wrecksteel’ malware
A Ukrainian cyber agency said a suspected espionage campaign using the new malware has been active seen the fall, with at least three incidents detected in March. First seen on therecord.media Jump to article: therecord.media/hackers-ukraine-critical-infrastructure-malware
-
Operation HollowQuill Uses Malicious PDFs to Target Academic and Government Networks
A newly uncovered cyber-espionage campaign, dubbed Operation HollowQuill, has been identified as targeting academic, governmental, and defense-related networks in Russia using weaponized PDF documents. The operation, tracked by SEQRITE Labs APT-Team, leverages decoy research invitations to infiltrate systems associated with the Baltic State Technical University (BSTU “VOENMEKH”), a key institution for defense and aerospace research…
-
Hackers target Ukrainian state agencies, critical infrastructure with new ‘Wrecksteel’ malware
A Ukrainian cyber agency said a suspected espionage campaign using the new malware has been active seen the fall, with at least three incidents detected in March. First seen on therecord.media Jump to article: therecord.media/hackers-ukraine-critical-infrastructure-malware
-
Hackers Selling SnowDog RAT Malware With Remote Control Capabilities Online
A sophisticated remote access trojan (RAT) dubbedSnowDoghas surfaced on underground cybercrime forums, prompting alarms among cybersecurity experts. Advertised as a tool for “corporate espionage and advanced intrusions,” the malware is being sold by an unidentified threat actor with claims of stealth, evasion, and remote control capabilities. The SnowDog RAT: Features and Risks The seller claims…
-
Raw Deel: Corporate spy admits role in espionage at HR software biz Rippling
Double-oh-sh… First seen on theregister.com Jump to article: www.theregister.com/2025/04/02/deel_rippling_espionage/
-
Google fixes GCP flaw that could expose sensitive container images
run.services.update and iam.serviceAccounts.actAspermissions they could modify a Cloud Run service and deploy a new revision.”In doing so, they could specify (through malicious code injection) any private container image stored in a victim’s registries, Matan added.According to a Tenable statement to CSO, an attacker could use this vulnerability for data theft or espionage in a real-world…
-
APT34 Deploys Custom Malware Targeting Finance and Telecom Sectors
APT34, also known as OilRig or Helix Kitten, has intensified its cyber-espionage campaigns, deploying custom malware to target entities within the finance and telecommunications sectors. The group, active since 2012, is a well-documented advanced persistent threat (APT) actor linked to the Middle East. Recent investigations by the ThreatBook Research and Response Team have revealed that…
-
Volume of attacks on network devices shows need to replace end of life devices quickly
Tags: access, apache, attack, authentication, best-practice, breach, cloud, control, credentials, cve, cyber, dns, endpoint, espionage, exploit, firewall, flaw, government, group, Hardware, infrastructure, injection, Internet, ivanti, lazarus, macOS, monitoring, network, north-korea, open-source, password, risk, router, russia, sans, service, software, threat, tool, update, vulnerabilityCVE-2023-1389, a vulnerability in TP-Link Archer AX21 router;CVE-2024-3400, a hole in Palo Alto Networks PAN-OS firewall operating system;CVE-2023-36845, a vulnerability in Juniper Networks Junos OS operating system;CVE-2021-44529, a vulnerability in Ivanti Endpoint Manager Cloud Service Appliance;CVE-2023-38035, a hole in Ivanti Sentry security gateway;CVE-2024-36401, a vulnerability in OSGeo GeoServer;CVE-2024-0012, a vulnerability in Palo Alto Neworks PAN-OS…
-
Earth Alux APT Group: Unveiling Its Espionage Toolkit
Researchers at Trend Micro detail a highly sophisticated cyber-espionage group actively targeting the Asia-Pacific and Latin American regions. First seen on securityonline.info Jump to article: securityonline.info/earth-alux-apt-group-unveiling-its-espionage-toolkit/
-
Operation HollowQuill Weaponized PDFs Deliver a Cobalt Strike Malware Into Gov Military Networks
In a recent revelation by SEQRITE Labs, a highly sophisticated cyber-espionage campaign, dubbed Operation HollowQuill, has been uncovered. The operation targets academic, governmental, and defense-related networks in Russia using weaponized decoy PDFs to deliver Cobalt Strike malware implants. The campaign appears to focus on infiltrating critical institutions such as the Baltic State Technical University (BSTU…
-
Russian Hackers Leverage Bulletproof Hosting to Shift Network Infrastructure
Russian-aligned cyber threat groups, UAC-0050 and UAC-0006, have significantly escalated their operations in 2025, targeting entities worldwide with a focus on Ukraine. These groups employ bulletproof hosting services to mask their network infrastructure, enabling sophisticated campaigns involving financial theft, espionage, and psychological operations. UAC-0050, linked to Russian law enforcement agencies, has transitioned to deploying NetSupport…
-
Chinese Lotus Blossom Hackers leverages Windows Management Instrumentation for Network Movement
The Chinese Advanced Persistent Threat (APT) group known as Lotus Blossom, also referred to as Billbug, Thrip, or Spring Dragon, has intensified its cyber-espionage operations by employing advanced techniques, including the use of Windows Management Instrumentation (WMI) for lateral movement within targeted networks. This group, active for over a decade, has recently deployed new variants…
-
Salt Typhoon may have upgraded backdoors for efficiency and evasion
CrowDoor and attributed to the Earth Estries APT group in November 2024.”GhostSparrow, aka Salt Typhoon (Microsoft), Earth Estries (Trend Micro), Ghost Emperor (Kaspersky Labs), and UNC2286 (Mandiant), has escalated cyber espionage, breaching US telecom networks and accessing data on over a million individuals. One of the key features ESET reported on the two previously unseen…
-
ISMG Editors: Ransomware’s Stealth vs. Spectacle Tactics
Tags: attack, china, cyber, cybersecurity, espionage, infrastructure, ransomware, strategy, tactics, updateAlso: Rapid7’s Boardroom Shake-Up, China’s Shift Tactical Cyber Shift. In this week’s update, ISMG editors unpacked stealth vs. spectacle in ransomware attacks, Rapid7’s boardroom shake-up led by activist investors, and China’s shift from cyber espionage to infrastructure sabotage – driving key shifts in global cybersecurity strategy and resilience. First seen on govinfosecurity.com Jump to article:…
-
Iran’s MOIS-Linked APT34 Spies on Allies Iraq & Yemen
The Islamic Republic is keeping its enemies close and its friends closer, with espionage attacks aimed at nearby neighbors. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/irans-mois-linked-apt34-spies-allies-iraq-yemen
-
Russian Espionage Group Using Ransomware in Attacks
Russian-speaking espionage group RedCurl has been deploying ransomware on victims’ networks in a recent campaign. The post Russian Espionage Group Using Ransomware in Attacks appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/russian-espionage-group-using-ransomware-in-attacks/
-
Russian media, academia targeted in espionage campaign using Google Chrome zero-day exploit
“We have discovered and reported dozens of zero-day exploits actively used in attacks, but this particular exploit is certainly one of the most interesting we’ve encountered,” researchers from Kaspersky said in their analysis published Tuesday. First seen on therecord.media Jump to article: therecord.media/russian-media-academia-targeted-in-espionage-campaign
-
Chinese Spy Group FamousSparrow Back with a Vengeance, Targets US
Once considered inactive, the Chinese cyber espionage group FamousSparrow has reemerged, targeting organizations across the US, Mexico and Honduras First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chin-famoussparrow-targets-us/
-
Mercenary Hacking Group Appears to Embrace Ransomware
Highly Targeted Ransomware Hit Traced to Long-Running Cyberespionage Group. A stealthy group of mercenary hackers active since 2018 appears to have diversified into hitting hypervisors with ransomware via highly targeted attacks. Researchers said they tracked the hit to a corporate espionage team tracked as RedCurl. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/mercenary-hacking-group-appears-to-embrace-ransomware-a-27834
-
RedCurl cyberspies create ransomware to encrypt Hyper-V servers
A threat actor named ‘RedCurl,’ known for stealthy corporate espionage operations since 2018, is now using a ransomware encryptor designed to target Hyper-V virtual machines. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/redcurl-cyberspies-create-ransomware-to-encrypt-hyper-v-servers/
-
Google Hastily Patches Chrome Zero-Day Exploited by APT
Researchers at Kaspersky discovered cyber-espionage activity that used the vulnerability in a one-click phishing attack to deliver malware. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/google-patches-chrome-zero-day-exploited-apt
-
RedCurl Shifts from Espionage to Ransomware with First-Ever QWCrypt Deployment
The Russian-speaking hacking group called RedCurl has been linked to a ransomware campaign for the first time, marking a departure in the threat actor’s tradecraft.The activity, observed by Romanian cybersecurity company Bitdefender, involves the deployment of a never-before-seen ransomware strain dubbed QWCrypt.RedCurl, also called Earth Kapre and Red Wolf, has a history of orchestrating First…
-
North Korean Kimsuky Hackers Deploy New Tactics and Malicious Scripts in Recent Attacks
Security researchers have uncovered a new attack campaign by the North Korean state-sponsored APT group Kimsuky, also known as >>Black Banshee.
-
Google fixes Chrome zero-day exploited in espionage campaign
Google has fixed a high-severity Chrome zero-day vulnerability exploited to escape the browser’s sandbox and deploy malware in espionage attacks targeting Russian organizations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-fixes-chrome-zero-day-exploited-in-espionage-campaign/
-
Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks
Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that it said has been exploited in the wild as part of attacks targeting organizations in Russia. The vulnerability, tracked as CVE-2025-2783, has been described as a case of “incorrect handle provided in unspecified circumstances in Mojo on…
-
CVE-2025-2783: Chrome Zero-Day Exploited in State-Sponsored Espionage Campaign
Kaspersky Labs has uncovered a sophisticated cyber-espionage campaign”, dubbed Operation ForumTroll”, leveraging a previously unknown Google Chrome zero-day exploit, now First seen on securityonline.info Jump to article: securityonline.info/cve-2025-2783-chrome-zero-day-exploited-in-state-sponsored-espionage-campaign/
-
Likely Chinese Hackers Infiltrated Asian Telecom for 4 Years
‘Weaver Ant’ Used Web Shell Tunneling and Hacked Routers to Evade Detection. An apparently Chinese cyber espionage operation lurked inside the network of an Asian telecom for four years, camouflaging its presence through nested encryption and lightweight web shells. Chinese hackers have been uncovered on the inside of telecom networks spanning the globe. First seen…
-
Chinese ‘Web Shell Whisperer’ Leverages Shells and Tunnels to Establish Stealthy Persistence
A recent cyber espionage operation by a China-nexus threat actor, dubbed >>Weaver Ant,