Tag: espionage
-
Knownsec Data Breach: A Trove of Espionage Tradecraft with an Insider Narrative
First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/knownsec-data-breach-a-trove-of-espionage-tradecraft-with-an-insider-narrative
-
APT36 Targets Indian Government Systems Using Malicious Windows LNK Files
A sophisticated cyber-espionage operation attributed to APT36, also known as Transparent Tribe, has been identified targeting Indian governmental, academic, and strategic entities through weaponized Windows shortcut files designed to evade detection and establish persistent remote access. The Pakistan-aligned threat actor deployed a deceptive LNK-based infection chain that leverages trusted system binaries and fileless execution techniques…
-
Equifax Europe CISO: Notorious breach spurred cybersecurity transformation
Tags: access, ai, attack, authentication, awareness, breach, business, ceo, cio, ciso, cloud, computer, control, corporate, cyber, cyberattack, cybercrime, cybersecurity, data, defense, dora, espionage, finance, framework, google, government, identity, infrastructure, intelligence, network, nis-2, phishing, regulation, risk, risk-management, security-incident, service, strategy, technology, threat, updateCloud as a new technological axis: Equifax’s $3 billion migration to the cloud, “which had been brewing for about seven years” and which the company says is the largest technological investment in its history, has involved moving more than 300 systems, over 30 product families, and thousands of customers to the company’s cloud platform, Equifax Cloud, in Spain…
-
React2Shell: Anatomy of a max-severity flaw that sent shockwaves through the web
What the research quickly agreed on: Across early reports from Wiz, Palo Alto Networks’ Unit 42, Google AWS, and others, there was a strong alignment on the core mechanics of React2Shell. Researchers independently confirmed that the flaw lives inside React’s server-side rendering pipeline and stems from unsafe deserialization in the protocol used to transmit component…
-
Evasive Panda cyberespionage campaign uses DNS poisoning to install MgBot backdoor
China-linked APT Evasive Panda used DNS poisoning to deliver the MgBot backdoor in targeted cyber-espionage attacks in Türkiye, China, and India. Kaspersky researchers spotted the China-linked APT group Evasive Panda (aka Daggerfly, Bronze Highland, and StormBamboo) running a targeted cyber-espionage campaign using DNS poisoning to deliver the MgBot backdoor against victims in Türkiye, China, and…
-
59,000 Servers Breached: Operation PCPcat Targets React and Next.js at Internet Scale
A large-scale cyber espionage operation known as Operation PCPcat has shaken the modern web infrastructure, compromising more than 59,000 servers in just 48 hours. The campaign targets systems built on React frameworks, including widely deployed Next.js and React Servers, and has already resulted in the theft of hundreds of thousands of credentials. First seen on thecyberexpress.com Jump to…
-
SideWinder APT Launches Cyberattacks on Indian Entities Posing as the Income Tax Department
Zscaler Threat Hunting has identified a sophisticated espionage campaign targeting Indian entities through fraudulent >>Income Tax Department
-
Arcane Werewolf Hacker Group Expands Arsenal with Loki 2.1 Malware Toolkit
The cyber espionage group known as Arcane Werewolf (also tracked as Mythic Likho) has significantly upgraded its offensive capabilities, targeting Russian manufacturing enterprises with a new iteration of its custom malware. According to a report by BI.ZONE Threat Intelligence: campaigns observed in October and November 2025 reveal that the group has transitioned from the Loki…
-
China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware
A previously undocumented China-aligned threat cluster dubbed LongNosedGoblin has been attributed to a series of cyber attacks targeting governmental entities in Southeast Asia and Japan.The end goal of these attacks is cyber espionage, Slovak cybersecurity company ESET said in a report published today. The threat activity cluster has been assessed to be active since at…
-
Group Policy abuse reveals China-aligned espionage group targeting governments
ESET Research has identified a previously undocumented China-aligned advanced persistent threat group that uses Windows Group Policy to deploy malware and move through victim … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/18/eset-china-aligned-apt-group-policy/
-
Group Policy abuse reveals China-aligned espionage group targeting governments
ESET Research has identified a previously undocumented China-aligned advanced persistent threat group that uses Windows Group Policy to deploy malware and move through victim … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/18/eset-china-aligned-apt-group-policy/
-
Group Policy abuse reveals China-aligned espionage group targeting governments
ESET Research has identified a previously undocumented China-aligned advanced persistent threat group that uses Windows Group Policy to deploy malware and move through victim … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/18/eset-china-aligned-apt-group-policy/
-
Chinese Ink Dragon Breaches European Government Networks, Affecting Asia and South America
Ink Dragon, a Chinese espionage group, has significantly expanded its operational reach from Southeast Asia and South America into European government networks, according to ongoing research by Check Point Research. The threat actor employs a methodical approach that combines strategic server compromises with sophisticated relay infrastructure to maintain persistent access and support global operations. The…
-
Chinese Hackers Hijack European Networks for Espionage
Ink Dragon Compromised IIS Networks to Relay ShadowPad Malware. A Chinese hacking group is using compromised European government networks as relay nodes to route commands and support other hacking operations. Security firm Check Point attributed the campaign to a Chinese espionage group it tracks as Ink Dragon. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/chinese-hackers-hijack-european-networks-for-espionage-a-30319
-
Chinese Ink Dragon Group Hides in European Government Networks
China’s Ink Dragon is using European government networks to hide its espionage activity First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-ink-dragon-hides-european/
-
State-Level Cyber Espionage Suspected in KT Telecom Breach
A recent report by British technology research firm Rethink Technology Research has raised serious concerns over a cyberattack on KT, South Korea’s leading telecom operator, suggesting the incident may involve state-level cyber espionage rather than a simple fraud case. The report, titled “KT Cyberattack: More Serious Than You Think,” was published on December 10 and analyzes the implications of the…
-
State-Level Cyber Espionage Suspected in KT Telecom Breach
A recent report by British technology research firm Rethink Technology Research has raised serious concerns over a cyberattack on KT, South Korea’s leading telecom operator, suggesting the incident may involve state-level cyber espionage rather than a simple fraud case. The report, titled “KT Cyberattack: More Serious Than You Think,” was published on December 10 and analyzes the implications of the…
-
xHunt APT Exploits Microsoft Exchange and IIS to Deploy Custom Backdoors
xHunt, a sophisticated cyber-espionage group with a laser focus on organizations in Kuwait, has continued to demonstrate advanced capabilities in infiltrating critical infrastructure. The group’s persistent, multi-year campaigns targeting the shipping, transportation, and government sectors underscore the evolving threat landscape facing Middle Eastern enterprises. Since its first documented operations in July 2018, xHunt has refined…
-
Hamas-Affiliated APT Ashen Lepus Unveils AshTag Malware Suite for Wider Cyber-Espionage
The post Hamas-Affiliated APT Ashen Lepus Unveils AshTag Malware Suite for Wider Cyber-Espionage appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/hamas-affiliated-apt-ashen-lepus-unveils-ashtag-malware-suite-for-wider-cyber-espionage/
-
WIRTE Leverages AshenLoader Sideloading to Install the AshTag Espionage Backdoor
An advanced persistent threat (APT) known as WIRTE has been attributed to attacks targeting government and diplomatic entities across the Middle East with a previously undocumented malware suite dubbed AshTag since 2020.Palo Alto Networks is tracking the activity cluster under the name Ashen Lepus. Artifacts uploaded to the VirusTotal platform show that the threat actor…
-
WIRTE Leverages AshenLoader Sideloading to Install the AshTag Espionage Backdoor
An advanced persistent threat (APT) known as WIRTE has been attributed to attacks targeting government and diplomatic entities across the Middle East with a previously undocumented malware suite dubbed AshTag since 2020.Palo Alto Networks is tracking the activity cluster under the name Ashen Lepus. Artifacts uploaded to the VirusTotal platform show that the threat actor…
-
Polymorphic AI malware exists, but it’s not what you think
Tags: access, ai, api, attack, authentication, automation, business, ciso, credentials, cryptography, cyber, cybercrime, detection, edr, email, espionage, government, group, identity, infrastructure, malicious, malware, marketplace, mfa, monitoring, phishing, radius, ransomware, risk, soc, technology, theft, threat, toolwhat the code block should do, or how it’s going to evade an antivirus. It’s just working under the assumption that Gemini just instinctively knows how to evade antiviruses (it doesn’t). There’s also no entropy to ensure the ‘self-modifying’ code differs from previous versions, or any guardrails to ensure it actually works. The function was…
-
Polymorphic AI malware exists, but it’s not what you think
Tags: access, ai, api, attack, authentication, automation, business, ciso, credentials, cryptography, cyber, cybercrime, detection, edr, email, espionage, government, group, identity, infrastructure, malicious, malware, marketplace, mfa, monitoring, phishing, radius, ransomware, risk, soc, technology, theft, threat, toolwhat the code block should do, or how it’s going to evade an antivirus. It’s just working under the assumption that Gemini just instinctively knows how to evade antiviruses (it doesn’t). There’s also no entropy to ensure the ‘self-modifying’ code differs from previous versions, or any guardrails to ensure it actually works. The function was…
-
Polymorphic AI malware exists, but it’s not what you think
Tags: access, ai, api, attack, authentication, automation, business, ciso, credentials, cryptography, cyber, cybercrime, detection, edr, email, espionage, government, group, identity, infrastructure, malicious, malware, marketplace, mfa, monitoring, phishing, radius, ransomware, risk, soc, technology, theft, threat, toolwhat the code block should do, or how it’s going to evade an antivirus. It’s just working under the assumption that Gemini just instinctively knows how to evade antiviruses (it doesn’t). There’s also no entropy to ensure the ‘self-modifying’ code differs from previous versions, or any guardrails to ensure it actually works. The function was…
-
MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign
The Iranian hacking group known as MuddyWater has been observed leveraging a new backdoor dubbed UDPGangster that uses the User Datagram Protocol (UDP) for command-and-control (C2) purposes.The cyber espionage activity targeted users in Turkey, Israel, and Azerbaijan, according to a report from Fortinet FortiGuard Labs.”This malware enables remote control of compromised systems by allowing First…
-
Week in review: React, Node.js flaw patched, ransomware intrusion exposes espionage foothold
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Creative cybersecurity strategies for resource-constrained institutions In … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/07/week-in-review-react-node-js-flaw-patched-ransomware-intrusion-exposes-espionage-foothold/
-
Chinese State Hackers Use New BRICKSTORM Malware Against VMware Systems
CISA, NSA, and Canadian Cyber Centre warn that PRC state-sponsored hackers are using BRICKSTORM, a stealthy Go-based backdoor, for long-term espionage in Government and IT networks. First seen on hackread.com Jump to article: hackread.com/chinese-state-hackers-brickstorm-vmware-systems/
-
CrowdStrike Identifies New China-Nexus Espionage Actor
CrowdStrike’s investigation shows that WARP PANDA initially infiltrated some victim networks as early as late 2023, later expanding operations. The post CrowdStrike Identifies New China-Nexus Espionage Actor appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-china-nexus-espionage-actor/