Tag: espionage
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 83
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter ClawHavoc: 341 Malicious Clawed Skills Found by the Bot They Were Targeting ù APT28 Leverages CVE-2026-21509 in Operation Neusploit Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast Asia Analyzing Dead#Vax: Analyzing Multi-Stage VHD…
-
DKnife toolkit abuses routers to spy and deliver malware since 2019
DKnife is a Linux toolkit used since 2019 to hijack router traffic and deliver malware in cyber-espionage attacks. Cisco Talos found DKnife, a powerful Linux toolkit that threat actors use to spy on and control network traffic through routers and edge devices. It inspects and alters data in transit and installs malware on PCs, phones,…
-
State actor targets 155 countries in ‘Shadow Campaigns’ espionage op
A new state-aligned cyberespionage threat group tracked as TGR-STA-1030/UNC6619, has conducted a global-scale operation dubbed the “Shadow Campaigns,” where it targeted government infrastructure in 155 countries. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/state-actor-targets-155-countries-in-shadow-campaigns-espionage-op/
-
Asian Cyber Espionage Campaign Breached 37 Countries
Palo Alto Networks says an Asian cyber espionage campaign breached 70 organizations in 37 countries, targeting government agencies and critical infrastructure. The post Asian Cyber Espionage Campaign Breached 37 Countries appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-asian-cyber-espionage-campaign-breached-37-countries/
-
DKnife Linux toolkit hijacks router traffic to spy, deliver malware
A newly discovered toolkit called DKnife has been used since 2019 to hijack traffic at the edge-device level and deliver malware in espionage campaigns. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/dknife-linux-toolkit-hijacks-router-traffic-to-spy-deliver-malware/
-
Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities
A previously undocumented cyber espionage group operating from Asia broke into the networks of at least 70 government and critical infrastructure organizations across 37 countries over the past year, according to new findings from Palo Alto Networks Unit 42.In addition, the hacking crew has been observed conducting active reconnaissance against government infrastructure associated with 155…
-
The blind spot every CISO must see: Loyalty
Tags: access, ai, ciso, corporate, data, espionage, exploit, finance, framework, gartner, government, intelligence, jobs, malicious, monitoring, risk, strategy, tool, training, vulnerability, zero-trustHow the misread appears in practice: Recent examples illustrate the point. In the US federal sphere, abrupt terminations under workforce reduction initiatives have left former employees with lingering access to sensitive systems, amplifying the potential for data exposure or retaliation. Corporate cases show a similar dynamic: engineers or executives who have spent years building institutional…
-
New APT group breached gov and critical infrastructure orgs in 37 countries
Tags: apt, backdoor, computer, control, espionage, finance, framework, government, group, infrastructure, linux, malware, monitoring, network, software, threat, tool, usa, vulnerabilityA complex toolset of implants: In addition to Cobalt Strike, the group uses various other malware payloads and command-and-control (C2) frameworks, including VShell, Havoc, SparkRat, and Sliver. On compromised web servers, the attackers deploy a variety of web shells, including Behinder, Neo-reGeorg, and Godzilla.On Linux servers the group has been seen deploying a rootkit dubbed…
-
New APT group breached gov and critical infrastructure orgs in 37 countries
Tags: apt, backdoor, computer, control, espionage, finance, framework, government, group, infrastructure, linux, malware, monitoring, network, software, threat, tool, usa, vulnerabilityA complex toolset of implants: In addition to Cobalt Strike, the group uses various other malware payloads and command-and-control (C2) frameworks, including VShell, Havoc, SparkRat, and Sliver. On compromised web servers, the attackers deploy a variety of web shells, including Behinder, Neo-reGeorg, and Godzilla.On Linux servers the group has been seen deploying a rootkit dubbed…
-
Threat Group Running Espionage Operations Against Dozens of Governments
Unit 42 researchers say an Asian threat group behind what they call the Shadow Campaigns has targeted government agencies in 37 countries in a wide-ranging global cyberespionage campaign that has involved phishing attacks and the exploitation of a more than a dozen known vulnerabilities. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/threat-group-running-espionage-operations-against-dozens-of-governments/
-
Asian government’s espionage campaign breached critical infrastructure in 37 countries
The victims included national telecommunications firms, finance ministries and police agencies, with most targets suggesting an economic focus, Palo Alto Networks said. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/asian-governments-espionage-campaign-breached-critical-infrastructure-in-3/811472/
-
Russian hackers attacking European maritime and transport orgs using Microsoft Office exploit
Russian state-linked hackers are exploiting a Microsoft Office vulnerability to target maritime organizations across Europe as part of a “sophisticated espionage campaign,” researchers said. First seen on therecord.media Jump to article: therecord.media/russian-hackers-microsoft-office-europe
-
New Hacking Campaign Exploits Microsoft Windows WinRAR Vulnerability
Researchers at Check Point link ‘Amarath-Dragon’ attacks to prolific Chinese cyber-espionage operation First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/hacking-exploits-windows-winrar/
-
China-linked Amaranth-Dragon hackers target Southeast Asian governments in 2025
China-linked hackers tracked as Amaranth-Dragon targeted government and law enforcement agencies across Southeast Asia in 2025. CheckPoint says China-linked threat actors, tracked as Amaranth-Dragon, carried out cyber-espionage campaigns in 2025 targeting government and law enforcement agencies across Southeast Asia. The activity is linked to the APT41 ecosystem and affected countries including Thailand, Indonesia, Singapore, and…
-
APT28 Hackers Exploit Microsoft Office Vulnerability to Target Government Agencies
Tags: attack, cyber, cyberattack, espionage, exploit, government, hacker, microsoft, military, office, phishing, russia, spear-phishing, theft, vulnerabilityRussian state-sponsored hackers, known as APT28 or Fancy Bear, have launched a new wave of cyberattacks targeting government and military organizations across Europe. This sophisticated espionage campaign, observed in late January 2026, targets the theft on secrets from maritime and transport agencies in countries such as Poland, Greece, and Ukraine. The attacks start with spear-phishing…
-
Amaranth-Dragon Exploits WinRAR Vulnerability for Persistent Access to Victim Systems
A new cyber-espionage threat group dubbedAmaranth-Dragon. Active throughout 2025, this group has launched highly targeted attacks against government and law enforcement agencies across Southeast Asia. Evidence links Amaranth-Dragon to APT-41, a notorious Chinese state-sponsored hacking group, due to shared tools and operational time zones (UTC+8). The group creates attack campaigns based on local geopolitical events, such…
-
China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns
Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law enforcement agencies across Southeast Asia throughout 2025.Check Point Research is tracking the previously undocumented activity cluster under the moniker Amaranth-Dragon, which it said shares links to the APT 41 ecosystem. Targeted countries include Cambodia, First…
-
New Amaranth Dragon cyberespionage group exploits WinRAR flaw
Tags: attack, china, cyberespionage, espionage, exploit, flaw, government, group, law, threat, vulnerabilityA new threat actor called Amaranth Dragon, linked to APT41 state-sponsored Chinese operations, exploited the CVE-2025-8088 vulnerability in WinRAR in espionage attacks on government and law enforcement agencies. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-amaranth-dragon-cyberespionage-group-exploits-winrar-flaw/
-
Russian hackers exploited a critical Office bug within days of disclosure
One campaign, two infection paths: ZScaler found that exploitation of CVE-2026-21509 did not lead to a single uniform payload. Instead, the initial RTF-based exploit branched into two distinct infection paths, each serving a different operational purpose. The choice of dropper reportedly determined whether the attackers prioritized near-term intelligence collection or longer-term access to compromised systems.In…
-
HoneyMyte Hacker Group Expands CoolClient Malware With New Advanced Toolset
The HoneyMyte APT group, also known as Mustang Panda and Bronze President, continues expanding its cyber-espionage operations across Asia and Europe, with Southeast Asia being the most heavily targeted region. Recent investigations reveal that the group has significantly enhanced its malware arsenal during 2025, introducing new capabilities to the CoolClient backdoor and deploying multiple browser…
-
Frequently Asked Questions About Notepad++ Supply Chain Compromise
Tags: advisory, attack, backdoor, china, credentials, cve, cyber, cybercrime, defense, espionage, government, group, Hardware, infrastructure, malware, ransomware, security-incident, service, software, supply-chain, threat, update, vulnerability, windowsThreat actors compromised the update infrastructure for Notepad++, redirecting traffic to an attacker controlled site for targeted espionage purposes. Key takeaways: Beginning in June 2025, threat actors compromised the infrastructure Notepad++ uses to distribute software updates. The issue has been addressed and Notepad++ have released 8.9.1 which now includes XML signature validation (XMLDSig) for security…
-
Notepad++ infrastructure hijacked by Chinese APT in sophisticated supply chain attack
Rapid7 identifies custom malware: Cybersecurity firm Rapid7 also published a detailed technical analysis corroborating Ho’s disclosure and identifying the attack as part of a broader campaign deploying previously undocumented malware. Rapid7’s investigation uncovered a custom backdoor the firm dubbed “Chrysalis,” alongside Cobalt Strike and Metasploit frameworks.”Forensic analysis conducted by the MDR team suggests that the…
-
Notepad++ Attack Breakdown Reveals Sophisticated Malware and Actionable IoCs
A complex espionage campaign attributed to Chinese APT group Lotus Blossom, active since 2009. The investigation uncovered a sophisticated compromise of Notepad++ distribution infrastructure that delivered Chrysalis, a previously undocumented custom backdoor with extensive remote access capabilities. The attack chain began at IP address 95.179.213.0, where execution of notepad++.exe and GUP.exe preceded download of a…
-
APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks
The Russia-linked state-sponsored threat actor known as APT28 (aka UAC-0001) has been attributed to attacks exploiting a newly disclosed security flaw in Microsoft Office as part of a campaign codenamed Operation Neusploit.Zscaler ThreatLabz said it observed the hacking group weaponizing the shortcoming on January 29, 2026, in attacks targeting users in Ukraine, Slovakia, and Romania,…
-
IPIDEA Proxy Network Dismantled: Global Cybercrime and Botnet Risks Exposed
Researchers have found what they believe is one of the world’s largest residential proxy networks: the IPIDEA proxy operation. The action targeted a little-known but deeply embedded component of the online ecosystem that has been quietly enabling large-scale cybercrime, espionage, and botnet activity. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/ipidea-proxy-residential-network-disruption/
-
China-based espionage group compromised Notepad++ for six months
The Chinese APT group Lotus Blossom intruded the tool’s internal systems to snoop on a limited set of users’ activities, according to researchers. First seen on cyberscoop.com Jump to article: cyberscoop.com/china-espionage-group-lotus-blossom-attacks-notepad/
-
Ex-Google Engineer Convicted of Stealing AI Data for China
Linwei Ding Faces Decades in Prison for Trade Secret Theft, Espionage. A federal jury in San Francisco convicted a former Google software engineer of stealing thousands of pages of confidential AI data and transferring it to Chinese technology companies. Linwei Ding is guilty of seven counts of economic espionage and seven counts of trade secret…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 82
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter KONNI Adopts AI to Generate PowerShell Backdoors Who Operates the Badbox 2.0 Botnet? Weaponized in China, Deployed in India: The SyncFuture Espionage Targeted Campaign Android Trojan Campaign Uses Hugging Face Hosting for RAT Payload…
-
Ex-Google Engineer Convicted for Stealing AI Secrets for China Startup
A former Google engineer accused of stealing thousands of the company’s confidential documents to build a startup in China has been convicted in the U.S., the Department of Justice (DoJ) announced Thursday.Linwei Ding (aka Leon Ding), 38, was convicted by a federal jury on seven counts of economic espionage and seven counts of theft of…