Tag: espionage
-
Chinese National Extradited Over Silk Typhoon Cyber Campaign
Extradition links alleged MSS-directed hacker to Silk Typhoon and COVID-19 espionage First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-national-extradited-silk/
-
Chinese National Extradited Over Silk Typhoon Cyber Campaign
Extradition links alleged MSS-directed hacker to Silk Typhoon and COVID-19 espionage First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-national-extradited-silk/
-
Chinese national extradited to US for pandemic-era Silk Typhoon attacks
Xu Zewei was allegedly directed by China’s intelligence services to conduct a sweeping espionage campaign to steal data on COVID-19 research and other U.S. policy interests. First seen on cyberscoop.com Jump to article: cyberscoop.com/xu-zewei-extradited-china-national-silk-typhoon-hafnium/
-
LINKEDIN BROWSERGATE
BrowserGate claims LinkedIn secretly fingerprints users via extensions and device data, sending encrypted results to third parties for tracking. BrowserGate is an investigation conducted by Fairlinked (browsergate.eu/), an association of commercial LinkedIn users, which documents what it describes as one of the largest data breach and corporate espionage scandals in digital history. The central thesis:…
-
LINKEDIN BROWSERGATE
BrowserGate claims LinkedIn secretly fingerprints users via extensions and device data, sending encrypted results to third parties for tracking. BrowserGate is an investigation conducted by Fairlinked (browsergate.eu/), an association of commercial LinkedIn users, which documents what it describes as one of the largest data breach and corporate espionage scandals in digital history. The central thesis:…
-
China-Backed Groups are Using Massive Botnets in Espionage, Intrusion Campaigns
China-sponsored threat groups like Salt Typhoon and Flax Typhoon are increasingly relying on multiple massive botnets comprising edge and IoT devices to run their cyber espionage and network intrusion campaigns, CISA and other security agencies say. The use of such “covert networks” makes it more difficult to detect and mitigate their campaigns. First seen on…
-
Italy moves to extradite Chinese national to the U.S. over hacking charges
Italy plans to extradite Xu Zewei to the U.S. over alleged hacks on COVID-19 research tied to state-backed operations. Italy is moving to extradite Xu Zewei, the Chinese national arrested in 2025 at the request of U.S. authorities on cyber-espionage charges, Bloomberg reported. The case stands out because it ties a single suspect, Xu, to…
-
Compromised everyday devices power Chinese cyber espionage operations
China-linked threat actors have shifted from individually procured infrastructure to large-scale covert networks, botnets built from compromised routers and other edge … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/24/ncsc-china-covert-networks-advisory/
-
Chinese hackers using everyday devices to target UK firms, warns cybersecurity agency
Britain’s National Cyber Security Centre says companies must step up vigilance to prevent espionage attacks<ul><li><a href=”https://www.theguardian.com/business/live/2026/apr/23/uk-government-borrowing–oil-100-a-barrel-strait-of-hormuz-deadlock-growth-latest-updates”>Business live latest updates</li></ul>British businesses are being urged to step up their vigilance against a China-linked hacking ploy that uses everyday devices for espionage.The UK’s National Cyber Security Centre (NCSC) and agencies in nine other countries have warned of persistent…
-
If cyber espionage via HDMI worries you, NCSC built a device to stop it
A new cybersecurity device developed by the National Cyber Security Centre (NCSC) should be a helpful solution for protecting governments and businesses from malicious … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/23/ncsc-silentglass-cybersecurity-tool-hdmi-displayport/
-
Outlook Mailboxes Abused to Conceal Linux GoGra Backdoor Traffic
The Harvester APT group has quietly expanded its espionage arsenal with a new Linux variant of its GoGra backdoor, one that cleverly hides its command-and-control (C2) traffic within Microsoft Outlook mailboxes, making it significantly harder to detect with traditional network defenses. Researchers from Symantec and Carbon Black Threat Hunter Team discovered the malware. They linked…
-
Chinese hackers are using everyday devices to hack UK firms, warns watchdog
Britain’s cybersecurity agency says companies must step up vigilance to prevent espionage attacks<ul><li><a href=”https://www.theguardian.com/business/live/2026/apr/23/uk-government-borrowing–oil-100-a-barrel-strait-of-hormuz-deadlock-growth-latest-updates”>Business live latest updates</li></ul>British businesses are being urged to step up their vigilance against a China-linked hacking ploy that uses everyday devices for espionage.The UK’s National Cyber Security Centre (NCSC) and agencies in nine other countries have warned of persistent attempts by…
-
Chinese hackers are using everyday devices to hack UK firms, warns watchdog
Britain’s cybersecurity agency says companies must step up vigilance to prevent espionage attacks<ul><li><a href=”https://www.theguardian.com/business/live/2026/apr/23/uk-government-borrowing–oil-100-a-barrel-strait-of-hormuz-deadlock-growth-latest-updates”>Business live latest updates</li></ul>British businesses are being urged to step up their vigilance against a China-linked hacking ploy that uses everyday devices for espionage.The UK’s National Cyber Security Centre (NCSC) and agencies in nine other countries have warned of persistent attempts by…
-
Outlook Mailboxes Used to Conceal Linux GoGra Backdoor Traffic
A newly discovered Linux variant of the GoGra backdoor is being used by the Harvester advanced persistent threat (APT) group to conduct stealthy cyber espionage operations. Harvester, a suspected nation-state-backed group active since at least 2021, is known for targeting South Asia with custom malware and espionage campaigns. The discovery of a Linux version of…
-
Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles
Cybersecurity researchers have discovered a new variant of a known malware called LOTUSLITE that’s distributed via a theme related to India’s banking sector.”The backdoor communicates with a dynamic DNS-based command-and-control server over HTTPS and supports remote shell access, file operations, and session management, indicating a continued espionage-focused capability set rather than First seen on thehackernews.com…
-
Hackers Tie Iranian Espionage to CastleRAT and ChainShell
A direct operational link between Iran’s MuddyWater espionage group and the Russian TAG-150 CastleRAT malware-as-a-service (MaaS) platform, showing how state and criminal ecosystems are now tightly intertwined. Investigators recovered 15 malware samples, including at least two CastleRAT “builds” and a PowerShell script named reset.ps1 that deploys a previously undocumented JavaScript/Node.js agent dubbed ChainShell. On this server, two native…
-
Microsoft-Signed Binary Helps Deliver LOTUSLITE in India Spy Campaign
Microsoft-signed developer tooling is being abused to quietly deploy a new LOTUSLITE backdoor variant against India’s banking sector, in what researchers link to the China”‘nexus Mustang Panda espionage cluster with moderate confidence. The backdoor retains its espionage profile, offering remote shell access, file operations, and session management rather than any obvious monetization features. Communications are…
-
Pentagon Cyber Leaders Back $1.5T Budget Request
Overhaul, Restructuring Puts Cyber at Core of Digital Warfare. Defense officials told House lawmakers the newly-released budget request positions cyber as a core warfighting domain, funding expanded offensive operations, AI-driven capabilities and a major Cyber Command overhaul as adversaries shift from espionage to pre-positioned disruptive attacks. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/pentagon-cyber-leaders-back-15t-budget-request-a-31476
-
The thin gray line: Handala, CyberAv3ngers and Iran’s proxy ops
A state of perpetual interference: To understand how proxy insurgent groups such as Handala fit within Iran’s modern-day intelligence ecosystem, we first need to look at the historical development of the country’s intelligence operations.In 1953, the United States and Britain (via conduit operations of the CIA and MI6, respectively) instigated a coup in Iran that…
-
Ukrainian emergency services and hospitals hit by espionage campaign using new AgingFly malware
Hackers have targeted Ukrainian hospitals and local government bodies in a new espionage campaign using a malware tool dubbed AgingFly, researchers say. First seen on therecord.media Jump to article: therecord.media/aging-fly-espionage-campaign-targets-ukraine-emergency-services
-
China-linked cloud credential heist runs on typos and SMTP
Typosquatting for cloud-native espionage: The campaign relies heavily on deception, the researchers pointed out, using C2 domains closely resembling legitimate Alibaba Cloud services. The typosquatting approach allows malicious traffic to blend into routine cloud operations, specifically in environments where outbound filtering is absent.The implant used is an obfuscated ELF binary, with an executable designed for…
-
Middle East Espionage Attack Uses Fake Secure Messaging Apps to Deliver ProSpy
Hackers are impersonating popular secure messaging apps to deploy a sophisticated Android spyware tool called ProSpy against journalists, activists, and political figures across the Middle East, in a hack”‘for”‘hire campaign linked to the BITTER APT group. The campaign has been active since at least 2022. It primarily targets civil society members and potentially government officials in countries…
-
Middle East HackHire Operation Traced to South Asian Cyber Espionage Group
A spear-phishing campaign which spread across the Middle East between 2023 and 2024 has now been linked to Bitter APT group First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/middle-east-hack-operation-bitter/
-
RoningLoader Campaign Uses DLL Side-Loading, Code Injection to Slip Past Defenses
A sophisticated cyber-espionage group known as DragonBreath (APT-Q-27) has been linked to a new RoningLoader malware campaign that uses advanced evasion techniques such as DLL side-loading and code injection to bypass traditional security defenses. Active since at least 2022, DragonBreath has steadily evolved its capabilities. Earlier campaigns were documented by QianXin and Sophos, but recent…
-
Russia’s Forest Blizzard Nabs Rafts of Logins Via SOHO Routers
Heard of fileless malware? How about malwareless cyber espionage? Russia’s APT28 is spying on global organizations by modifying just one DNS setting in vulnerable routers. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/russia-forest-blizzard-logins-soho-routers
-
Russia-linked APT28 uses PRISMEX to infiltrate Ukraine and allied infrastructure with advanced tactics
APT28 targets Ukraine and allies with PRISMEX malware, using stealthy techniques for espionage and command-and-control. Russia-linked group APT28 (aka UAC-0001, akaFancy Bear,Pawn Storm,Sofacy Group,Sednit,BlueDelta, andSTRONTIUM) is running a spear-phishing campaign against Ukraine and its allies, deploying a new malware suite called PRISMEX. Active since September 2025, the campaign uses advanced stealth techniques like steganography and…
-
ISMG Editors: Anthropic Bug Finder Sparks Zero-Day Dread
Also: How AI May Democratize Cybercrime and How Everyday Routers Enable Espionage. In this week’s ISMG panel, four ISMG editors discussed big shifts in cybersecurity: Anthropic’s dangerous new AI model that can uncover thousands of zero-days, growing concerns about a surge in AI-driven flaws, and the FBI disrupting a Russian espionage campaign targeting everyday routers.…
-
CIA director quietly elevated agency’s cyber espionage division
The Center for Cyber Intelligence, which had resided within the CIA’s Directorate of Digital Innovation since 2015, was promoted to a full-fledged mission center last October. First seen on therecord.media Jump to article: therecord.media/cia-director-elevated-agency-cyber-espionage-division
-
Britons warned about Russian hackers targeting internet routers for espionage
Expert stresses importance of staying alert for unusual activity, as hackers could ‘take you to fake sites'<ul><li><a href=”https://www.theguardian.com/politics/live/2026/apr/08/keir-starmer-iran-war-trump-ceasefire-gulf-strait-of-hormuz-labour-conservatives-liberal-democrats-reform-scotland-holyrood-uk-politics-latest-news-updates”>UK politics live latest updates</li></ul>Russian hackers are exploiting commonly sold internet routers to harvest information for espionage purposes, the UK’s cybersecurity agency has said.The hack could allow attackers to obtain users’ credentials, redirect them to fake sites, and…
-
Feds quash widespread Russia-backed espionage network spanning 18,000 devices
Forest Blizzard, a threat group attributed to Russia’s GRU, hijacked network traffic to steal credentials and tokens for Microsoft accounts and other services. First seen on cyberscoop.com Jump to article: cyberscoop.com/forest-blizzard-apt28-routers-espionage-campaign-operation-masquerade/