Tag: espionage
-
Chinese APT24 Deploys Custom Malware, New Stealthy Tactics
3-Year Espionage Campaign Targeted Taiwanese Firms. Chinese nation-state group APT24 targeted multiple Taiwanese companies as part of an espionage operation that went undetected for three years. The hacking group continually updated its malware infrastructure and tactics, enabling it to stay under the radar, Google Cloud said. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/chinese-apt24-deploys-custom-malware-new-stealthy-tactics-a-30103
-
FCC Drops Telecom Cyber Rules Despite China Espionage Warnings
Experts say the FCC’s rollback of cyber rules leaves U.S. telecom networks exposed to escalating China-linked espionage threats. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/fcc-drops-telecom-cyber-rules-despite-china-espionage-warnings/
-
LINE Messaging Bugs Open Asian Users to Cyber Espionage
In a potential gift to geopolitical adversaries, the encrypted messaging app uses a leaky custom protocol that allows message replays, impersonation attacks, and sensitive information exposure from chats. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/line-messaging-bugs-asian-cyber-espionage
-
FCC Drops Telecom Cyber Rules Despite China Espionage Warnings
Experts say the FCC’s rollback of cyber rules leaves U.S. telecom networks exposed to escalating China-linked espionage threats. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/fcc-drops-telecom-cyber-rules-despite-china-espionage-warnings/
-
LINE Messaging Bugs Open Asian Users to Cyber Espionage
In a potential gift to geopolitical adversaries, the encrypted messaging app uses a leaky custom protocol that allows message replays, impersonation attacks, and sensitive information exposure from chats. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/line-messaging-bugs-asian-cyber-espionage
-
FCC Drops Telecom Cyber Rules Despite China Espionage Warnings
Experts say the FCC’s rollback of cyber rules leaves U.S. telecom networks exposed to escalating China-linked espionage threats. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/fcc-drops-telecom-cyber-rules-despite-china-espionage-warnings/
-
LINE Messaging Bugs Open Asian Users to Cyber Espionage
In a potential gift to geopolitical adversaries, the encrypted messaging app uses a leaky custom protocol that allows message replays, impersonation attacks, and sensitive information exposure from chats. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/line-messaging-bugs-asian-cyber-espionage
-
AI as Cyberattacker
From Anthropic: In mid-September 2025, we detected suspicious activity that later investigation determined to be a highly sophisticated espionage campaign. The attackers used AI’s “agentic” capabilities to an unprecedented degree”, using AI not just as an advisor, but to execute the cyberattacks themselves. The threat actor”, whom we assess with high confidence was a Chinese…
-
AI as Cyberattacker
From Anthropic: In mid-September 2025, we detected suspicious activity that later investigation determined to be a highly sophisticated espionage campaign. The attackers used AI’s “agentic” capabilities to an unprecedented degree”, using AI not just as an advisor, but to execute the cyberattacks themselves. The threat actor”, whom we assess with high confidence was a Chinese…
-
APT24 Deploys BADAUDIO in Years-Long Espionage Hitting Taiwan and 1,000+ Domains
A China-nexus threat actor known as APT24 has been observed using a previously undocumented malware dubbed BADAUDIO to establish persistent remote access to compromised networks as part of a nearly three-year campaign.”While earlier operations relied on broad strategic web compromises to compromise legitimate websites, APT24 has recently pivoted to using more sophisticated vectors targeting First…
-
APT24 Deploys BADAUDIO in Years-Long Espionage Hitting Taiwan and 1,000+ Domains
A China-nexus threat actor known as APT24 has been observed using a previously undocumented malware dubbed BADAUDIO to establish persistent remote access to compromised networks as part of a nearly three-year campaign.”While earlier operations relied on broad strategic web compromises to compromise legitimate websites, APT24 has recently pivoted to using more sophisticated vectors targeting First…
-
APT24 Deploys BADAUDIO in Years-Long Espionage Hitting Taiwan and 1,000+ Domains
A China-nexus threat actor known as APT24 has been observed using a previously undocumented malware dubbed BADAUDIO to establish persistent remote access to compromised networks as part of a nearly three-year campaign.”While earlier operations relied on broad strategic web compromises to compromise legitimate websites, APT24 has recently pivoted to using more sophisticated vectors targeting First…
-
Inside Iran’s Cyber Objectives: What Do They Want?
The regime’s cyber-espionage strategy employs dual-use targeting, collecting info that can support both military needs and broader political objectives. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/iran-cyber-objectives
-
Google exposes BadAudio malware used in APT24 espionage campaigns
China-linked APT24 hackers have been using a previously undocumented malware called BadAudio in a three-year espionage campaign that recently switched to more sophisticated attack methods. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-exposes-badaudio-malware-used-in-apt24-espionage-campaigns/
-
Massive Hacking Operation WrtHug Compromises Thousands of ASUS Routers Worldwide
Your home router, the device connecting you to the internet, may have been silently compromised as part of a coordinated global espionage campaign. SecurityScorecard’s STRIKE team has uncovered Operation WrtHug. This massive hacking operation has infiltrated thousands of ASUS routers worldwide, establishing what appears to be a state-sponsored infrastructure for persistent network access and deep…
-
Massive Hacking Operation WrtHug Compromises Thousands of ASUS Routers Worldwide
Your home router, the device connecting you to the internet, may have been silently compromised as part of a coordinated global espionage campaign. SecurityScorecard’s STRIKE team has uncovered Operation WrtHug. This massive hacking operation has infiltrated thousands of ASUS routers worldwide, establishing what appears to be a state-sponsored infrastructure for persistent network access and deep…
-
China”‘linked PlushDaemon hijacks DNS via ‘EdgeStepper’ to weaponize software updates
Hijacked update to backdoor deployment: With the network device serving as a stealthy redirect, PlushDaemon then exploits the hijacked update channel to gain access to end-systems. ESET observed how typical victim software (such as a Chinese input-method application) issues an HTTP GET to its update server, but because DNS was hijacked, the request lands at…
-
Chinese APT Group Exploits DLL Sideloading to Breach Government and Media Targets
A China-nexus advanced persistent threat (APT) group has been conducting a sustained espionage campaign targeting government and media sectors across Southeast Asia, leveraging sophisticated DLL sideloading techniques as a primary attack vector. The threat actor, tracked as Autumn Dragon, has targeted multiple nations surrounding the South China Sea, including Indonesia, Singapore, the Philippines, Cambodia, and Laos,…
-
Iranian APT hacks helped direct missile strikes in Israel and the Red Sea
MuddyWater uses hacked CCTV cameras to help guide missiles: Amazon also found supporting threat intel evidence for another Iran-linked incident involving cyber espionage and missile strikes that has received some official confirmation.After the US strikes against Iran’s nuclear sites in June, Iran retaliated by launching a barrage of missiles against Israel, targeting cities such as…
-
How the classic anime ‘Ghost in the Shell’ predicted the future of cybersecurity 30 years ago
The story of the Ghost in the Shell’s main villain the Puppet Master hinted at a future where governments use hackers for espionage, at a time when most of the world had never connected to the internet. First seen on techcrunch.com Jump to article: techcrunch.com/2025/11/19/how-the-classic-anime-ghost-in-the-shell-predicted-the-future-of-cybersecurity-30-years-ago/
-
PlushDaemon Hackers Unleash New Malware in China-Aligned Spy Campaigns
The cyber espionage group uses a previously undocumented network implant to drop two downloaders, LittleDaemon and DaemonLogistics, which deliver a backdoor First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/plushdaemon-new-malware-china-spy/
-
Tens of thousands more ASUS routers pwned by suspected, evolving China operation
Researchers say attacks are laying the groundwork for stealthy espionage activity First seen on theregister.com Jump to article: www.theregister.com/2025/11/19/thousands_more_asus_routers_pwned/
-
Anthropic Disruption of an AI-Run Attack and What It Means for Agentic Identity
4 min readAnthropic’s recent disclosure of an AI-driven espionage campaign it halted represents less a new class of attack than a faster, more persistent version of patterns the industry has seen before. What distinguishes this incident is the continuity of activity an autonomous system can sustain once it is given the ability to interpret its…
-
Anthropic AI-powered cyberattack causes a stir
Tags: ai, attack, china, cyber, cyberattack, cybersecurity, espionage, finance, government, group, hacking, programming, technology, toolAI “‹”‹company Anthropic recently announced that companies worldwide have been attacked by an AI-powered cyber espionage campaign. It is purported to be the first publicly documented case of a cyberattack carried out by an AI model.According to the research report, around 30 organizations worldwide were affected by the attacks. These included large technology companies, financial institutions,…
-
Iranian Hackers Use DEEPROOT and TWOSTROKE Malware in Aerospace and Defense Attacks
Suspected espionage-driven threat actors from Iran have been observed deploying backdoors like TWOSTROKE and DEEPROOT as part of continued attacks aimed at aerospace, aviation, and defense industries in the Middle East.The activity has been attributed by Google-owned Mandiant to a threat cluster tracked as UNC1549 (aka Nimbus Manticore or Subtle Snail), which was first documented…
-
UNC1549 Hackers With Custom Tools Attacking Aerospace and Defense Systems to Steal Logins
The Iran-nexus cyber espionage group UNC1549 has significantly expanded its arsenal of custom tools and sophisticated attack techniques in an ongoing campaign targeting aerospace, aviation, and defense industries since mid-2024, according to new findings from Mandiant. The threat actor, which overlaps with Tortoiseshell and has suspected links to Iran’s Islamic Revolutionary Guard Corps (IRGC), demonstrates…
-
Anthropic: China-backed hackers launch first large-scale autonomous AI cyberattack
China-linked actors used Anthropic’s AI to automate and run cyberattacks in a sophisticated 2025 espionage campaign using advanced agentic tools. China-linked threat actors used Anthropic’s AI to automate and execute cyberattacks in a highly sophisticated espionage campaign in September 2025. The cyber spies leveraged advanced “agentic” capabilities rather than using AI only for guidance. Attackers…
-
Anthropic claims of Claude AI-automated cyberattacks met with doubt
Anthropic reports that a Chinese state-sponsored threat group, tracked as GTG-1002, carried out a cyber-espionage operation that was largely automated through the abuse of the company’s Claude Code AI model. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/anthropic-claims-of-claude-ai-automated-cyberattacks-met-with-doubt/