Tag: espionage
-
Russian APT28 Hackers Exploit Zero-Day Vulnerabilities to Target Government and Security Sectors
Tags: cyber, cybersecurity, espionage, exploit, government, group, hacker, intelligence, military, russia, strategy, tool, ukraine, vulnerability, zero-dayA detailed analysis from Maverits, a leading cybersecurity firm, reveals a significant evolution in the strategies and objectives of APT28, a cyber-espionage group linked to Russia’s GRU military intelligence unit. Covering activities from 2022 to 2024, the report highlights APT28’s integration of advanced tools, evolving methodologies, and intensified campaigns against Ukraine and its allies. Operating…
-
How Lazarus Group built a cyber espionage empire
Since September 2024, SecurityScorecard’s STRIKE team has been investigating Lazarus Group’s activity, uncovering key details about their infrastructure. Despite … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/01/29/lazarus-group-cyber-espionage-supply-chain-attack/
-
Google Researchers Breakdowns Scatterbrain Behind PoisonPlug Malware
Google’s Threat Intelligence Group (GTIG) in collaboration with Mandiant has revealed critical insights into ScatterBrain, a sophisticated obfuscation tool utilized by China-nexus cyber espionage groups, specifically APT41, to deploy the advanced backdoor family POISONPLUG.SHADOW. This analysis underscores the significant evolution of obfuscation techniques from earlier counterparts like ScatterBee, making ScatterBrain a primary contributor to the…
-
Silent Lynx APT Group: A New Espionage Threat Targeting Central Asia
Seqrite Labs APT-Team has uncovered two sophisticated campaigns orchestrated by a newly identified threat group, Silent Lynx. This First seen on securityonline.info Jump to article: securityonline.info/silent-lynx-apt-group-a-new-espionage-threat-targeting-central-asia/
-
GamaCopy Mimics Gamaredon Tactics in Cyber Espionage Targeting Russian Entities
A previously unknown threat actor has been observed copying the tradecraft associated with the Kremlin-aligned Gamaredon hacking group in its cyber attacks targeting Russian-speaking entities.The campaign has been attributed to a threat cluster dubbed GamaCopy, which is assessed to share overlaps with another hacking group named Core Werewolf, also tracked as Awaken Likho and PseudoGamaredon.…
-
GamaCopy: A New Cyber Espionage Group Imitating Gamaredon to Target Russia
A recent report from the Knownsec 404 Advanced Threat Intelligence team reveals the emergence of GamaCopy, a cyber First seen on securityonline.info Jump to article: securityonline.info/gamacopy-a-new-cyber-espionage-group-imitating-gamaredon-to-target-russia/
-
Operation (Giỗ Tổ Hùng Vương) Hurricane: New OceanLotus Group Revealed in Espionage Campaigns
A recent report from Qianxin details the sophisticated cyber-espionage tactics employed by the New OceanLotus group. Active intermittently First seen on securityonline.info Jump to article: securityonline.info/operation-gio-to-hung-vuong-hurricane-new-oceanlotus-group-revealed-in-espionage-campaigns/
-
PlushDaemon APT Targeted South Korean VPN Software
PlushDaemon APT hacked South Korean VPN software with SlowStepper backdoor as part of a 2023 espionage campaign First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/plushdaemon-apt-targeted-south/
-
US Sanctions Chinese Hackers for Cyber Espionage Campaign
The U.S. Department of State has announced sanctions against two Chinese entities, Yin Kecheng and Sichuan Juxinhe Network First seen on securityonline.info Jump to article: securityonline.info/us-sanctions-chinese-hackers-for-cyber-espionage-campaign/
-
Silver Fox APT Targets Organizations with PNGPlug and ValleyRAT Malware
A sophisticated cyber-espionage campaign targeting organizations across China, Hong Kong, and Taiwan has been uncovered by Intezer’s research First seen on securityonline.info Jump to article: securityonline.info/silver-fox-apt-targets-organizations-with-pngplug-and-valleyrat-malware/
-
Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware
Russia-linked threat actors have been attributed to an ongoing cyber espionage campaign targeting Kazakhstan as part of the Kremlin’s efforts to gather economic and political intelligence in Central Asia.The campaign has been assessed to be the work of an intrusion set dubbed UAC-0063, which likely shares overlap with APT28, a nation-state group affiliated with Russia’s…
-
US Names One of the Hackers Allegedly Behind Massive Salt Typhoon Breaches
Plus: New details emerge about China’s cyber espionage against the US, the FBI remotely uninstalls malware on 4,200 US devices, and victims of the PowerSchool edtech breach reveal what hackers stole. First seen on wired.com Jump to article: www.wired.com/story/us-names-one-of-the-hackers-allegedly-behind-massive-salt-typhoon-breaches/
-
US hits back against China’s Salt Typhoon group
Tags: attack, backdoor, china, cisa, ciso, communications, computer, control, crypto, cve, cyber, cyberattack, cybersecurity, defense, detection, disinformation, espionage, exploit, finance, government, group, infosec, infrastructure, intelligence, ivanti, law, malicious, mandiant, microsoft, network, north-korea, office, tactics, technology, theft, threat, tool, vpn, vulnerabilityThe US is hitting back against the threat group, dubbed Salt Typhoon by Microsoft, which is allegedly behind recent cyber attacks against American telecommunications providers, as part of a wider campaign against Chinese-based hacking.On Friday the Department of the Treasury’s Office of Foreign Assets Control (OFAC) said it is sanctioning Sichuan Juxinhe Network Technology, a…
-
Russian espionage and financial theft campaigns have ramped up, Ukraine cyber agency says
Tags: cyber, cybersecurity, defense, espionage, finance, government, incident, incident response, russia, theft, ukraineOver the past year, Ukraine’s cyber incident response center identified and addressed 1,042 cybersecurity incidents impacting government, defense, and critical services.]]> First seen on therecord.media Jump to article: therecord.media/russian-espionage-financial-theft-campaign
-
Chinese Connected Car Tech Banned by Biden Administration
National Security and Hacking Worries Underpin Concerns over Supply Chain Risk. The U.S. federal government is telling the automotive industry to stop buying Chinese manufactured hardware and software powering onboard telematics and automated driving systems, warning that the potential for nation-state hacking and espionage poses a national security risk. First seen on govinfosecurity.com Jump to…
-
Russia-linked APT UAC-0063 target Kazakhstan in with HATVIBE malware
Russia-linked threat actor UAC-0063 targets Kazakhstan to gather economic and political intelligence in Central Asia. Russia-linked threat actors UAC-0063 is targeting Kazakhstan as part of a cyber espionage campaign to gather economic and political intelligence in Central Asia. The Computer Emergency Response Team of Ukraine (CERT-UA) first detailed the activity of UAC-0063 in early 2023.…
-
APT28’s New Espionage Campaign Uses Double-Tap Infection Chain
In a recent revelation, security researchers Amaury G., Maxime A., Erwan Chevalier, Felix Aimé, and Sekoia TDR have First seen on securityonline.info Jump to article: securityonline.info/apt28s-new-espionage-campaign-uses-double-tap-infection-chain/
-
Hackers with likely Kremlin ties target Kazakhstan in espionage campaign
The hackers used legitimate documents believed to be from Kazakhstan’s Ministry of Foreign Affairs to deliver malware to diplomatic entities in Central Asia. First seen on therecord.media Jump to article: therecord.media/hackers-kremlin-kazakhstan-espionage-campaign
-
RedDelta Leverages PlugX Backdoor in State-Sponsored Espionage Campaigns
A recent report by Insikt Group reveals an ongoing, sophisticated cyber-espionage operation by the RedDelta advanced persistent threat First seen on securityonline.info Jump to article: securityonline.info/reddelta-leverages-plugx-backdoor-in-state-sponsored-espionage-campaigns/
-
RedCurl APT Group: Cyber Espionage with Livingthe-Land Techniques
The RedCurl Advanced Persistent Threat (APT) group, also known as Earth Kapre or Red Wolf, has resurfaced with First seen on securityonline.info Jump to article: securityonline.info/redcurl-apt-group-cyber-espionage-with-living-off-the-land-techniques/
-
RedDelta Deploys PlugX Malware to Target Mongolia and Taiwan in Espionage Campaigns
Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia have been targeted by the China-nexus RedDelta threat actor to deliver a customized version of the PlugX backdoor between July 2023 and December 2024.”The group used lure documents themed around the 2024 Taiwanese presidential candidate Terry Gou, the Vietnamese National Holiday, flood protection in Mongolia, and meeting invitations, including…
-
China-linked APT group MirrorFace targets Japan
Japanese authorities attributed a cyber-espionage campaign targeting the country to the China-linked APT group MirrorFace. The National Police Agency (NPA) and the Cabinet Cyber Security Center in Japan have linked a long-running cyber-espionage campaign targeting local entities to the China-linked group MirrorFace (aka Earth Kasha). The campaign has been active since at least 2019, it…
-
Ivanti zero-day exploited by APT group that previously targeted Connect Secure appliances
Researchers from Google’s Mandiant division believe the critical remote code execution vulnerability patched on Wednesday by software vendor Ivanti has been exploited since mid-December by a Chinese cyberespionage group. This is the same group that has exploited zero-day vulnerabilities in Ivanti Connect Secure appliances back in January 2024 and throughout the year.The latest attacks, exploiting…
-
MirrorFace hackers targeting Japanese govt, politicians since 2019
The National Police Agency (NPA) and the Cabinet Cyber Security Center in Japan have linked a cyber-espionage campaign targeting the country to the Chinese state-backed “MirrorFace” hacking group. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/mirrorface-hackers-targeting-japanese-govt-politicians-since-2019/
-
Zero-Day Alert: UNC5337 Exploits Ivanti VPN Vulnerability CVE-2025-0282 for Espionage Operations
Ivanti Connect Secure (ICS) VPN appliances have become the focus of advanced threat actors, exploiting a newly disclosed First seen on securityonline.info Jump to article: securityonline.info/zero-day-alert-unc5337-exploits-ivanti-vpn-vulnerability-cve-2025-0282-for-espionage-operations/
-
MirrorFace: Unmasking the Chinese Cyber Espionage Group Targeting Japan
On January 8, 2025, the Japanese National Police Agency (NPA) issued a critical warning regarding ongoing cyberattacks attributed First seen on securityonline.info Jump to article: securityonline.info/mirrorface-unmasking-the-chinese-cyber-espionage-group-targeting-japan/
-
More telecom firms were breached by Chinese hackers than previously reported
Tags: access, at&t, attack, breach, china, cisco, communications, cyber, cyberespionage, cybersecurity, data, defense, disinformation, espionage, exploit, finance, fortinet, framework, government, group, hacker, Hardware, infrastructure, intelligence, international, microsoft, mobile, network, phone, regulation, risk, risk-management, router, spy, technology, threat, vulnerabilityChinese hackers linked to the Salt Typhoon cyberespionage operation have breached even more US telecommunications firms than initially reported.New victims, Charter Communications, Consolidated Communications, and Windstream, add to a growing list that already includes AT&T, Verizon, T-Mobile, and Lumen Technologies.Earlier, the US authorities informed that nine telecom firms have been affected by the Chinese espionage…