Tag: espionage
-
Inside the First AI-Driven Cyber Espionage Campaign
Anthropic uncovered the first large-scale cyber espionage campaign powered largely by autonomous AI. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/inside-the-first-ai-driven-cyber-espionage-campaign/
-
Anthropic claims of Claude AI-automated cyberattacks met with doubt
Anthropic reports that a Chinese state-sponsored threat group, tracked as GTG-1002, carried out a cyber-espionage operation that was largely automated through the abuse of the company’s Claude Code AI model. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/anthropic-claims-of-claude-ai-automated-cyberattacks-met-with-doubt/
-
Inside the First AI-Driven Cyber Espionage Campaign
Anthropic uncovered the first large-scale cyber espionage campaign powered largely by autonomous AI. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/inside-the-first-ai-driven-cyber-espionage-campaign/
-
Anthropic warns state-linked actor abused its AI tool in sophisticated espionage campaign
Researchers said a China-backed adversary conducted powerful attacks with almost no human intervention.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/anthropic-state-actor-ai-tool-espionage/805550/
-
Chinese State Hackers Jailbroke Claude AI Code for Automated Breaches
Anthropic, the developer behind Claude AI, says a Chinese state sponsored group used its model to automate most of a cyber espionage operation against about 30 companies with Claude handling up to 90% of the technical work. First seen on hackread.com Jump to article: hackread.com/chinese-hackers-jailbroke-claude-ai-breaches/
-
Iranian Hackers Launch ‘SpearSpecter’ Spy Operation on Defense & Government Targets
The Iranian state-sponsored threat actor known as APT42 has been observed targeting individuals and organizations that are of interest to the Islamic Revolutionary Guard Corps (IRGC) as part of a new espionage-focused campaign.The activity, detected in early September 2025 and assessed to be ongoing, has been codenamed SpearSpecter by the Israel National Digital Agency (INDA).”The…
-
Chinese Hackers Use Anthropic’s AI to Launch Automated Cyber Espionage Campaign
State-sponsored threat actors from China used artificial intelligence (AI) technology developed by Anthropic to orchestrate automated cyber attacks as part of a “highly sophisticated espionage campaign” in mid-September 2025.”The attackers used AI’s ‘agentic’ capabilities to an unprecedented degree using AI not just as an advisor, but to execute the cyber attacks themselves,” the AI upstart…
-
Emulating the Espionage-Oriented Group SideWinder
Tags: attack, cyber, espionage, exploit, government, group, microsoft, military, office, phishing, spear-phishing, threat, vulnerabilityAttackIQ has released a new attack graph that emulates the behaviors exhibited by SideWinder, a threat actor with a long history of cyber espionage dating back to 2012. The group has primarily targeted government, military, and maritime sectors across South Asia and nearby regions through sophisticated spear-phishing campaigns, exploitation of Microsoft Office vulnerabilities, and the…
-
Emulating the Espionage-Oriented Group SideWinder
Tags: attack, cyber, espionage, exploit, government, group, microsoft, military, office, phishing, spear-phishing, threat, vulnerabilityAttackIQ has released a new attack graph that emulates the behaviors exhibited by SideWinder, a threat actor with a long history of cyber espionage dating back to 2012. The group has primarily targeted government, military, and maritime sectors across South Asia and nearby regions through sophisticated spear-phishing campaigns, exploitation of Microsoft Office vulnerabilities, and the…
-
Zero-Day Vulnerabilities in Cisco and Citrix Targeted by APT Group, Amazon Confirms
Amazon’s threat intelligence division has revealed a cyber-espionage campaign involving an advanced persistent threat (APT) group exploiting previously undisclosed zero-day vulnerabilities in systems from Cisco and Citrix. The investigation showed that the attackers specifically targeted critical identity and network access control infrastructure; components of enterprises rely on managing authentication and enforcing security policies across their networks. First…
-
Zero-Day Vulnerabilities in Cisco and Citrix Targeted by APT Group, Amazon Confirms
Amazon’s threat intelligence division has revealed a cyber-espionage campaign involving an advanced persistent threat (APT) group exploiting previously undisclosed zero-day vulnerabilities in systems from Cisco and Citrix. The investigation showed that the attackers specifically targeted critical identity and network access control infrastructure; components of enterprises rely on managing authentication and enforcing security policies across their networks. First…
-
DHS Kept Chicago Police Records for Months in Violation of Domestic Espionage Rules
The Department of Homeland Security collected data on Chicago residents accused of gang ties to test if police files could feed an FBI watchlist. Months passed before anyone noticed it wasn’t deleted. First seen on wired.com Jump to article: www.wired.com/story/dhs-kept-chicago-police-records-for-months-in-violation-of-domestic-espionage-rules/
-
Amazon pins Cisco, Citrix zero-day attacks to APT group
The vendors disclosed and patched the defects last summer, but not before advanced attackers exploited the vulnerabilities to likely gain prolonged access for espionage, according to Amazon. First seen on cyberscoop.com Jump to article: cyberscoop.com/amazon-threat-intel-apt-group-cisco-citrix-zero-days/
-
Amazon pins Cisco, Citrix zero-day attacks to APT group
The vendors disclosed and patched the defects last summer, but not before advanced attackers exploited the vulnerabilities to likely gain prolonged access for espionage, according to Amazon. First seen on cyberscoop.com Jump to article: cyberscoop.com/amazon-threat-intel-apt-group-cisco-citrix-zero-days/
-
North Korean spies turn Google’s Find Hub into remote-wipe weapon
KONNI espionage crew covertly abused Google’s Find My Device feature to remotely factory-reset Android phones First seen on theregister.com Jump to article: www.theregister.com/2025/11/11/north_korean_spies_turn_googles/
-
Fantasy Hub: Russian-sold Android RAT boasts full device espionage as MaaS
Researchers found Fantasy Hub, a Russian MaaS Android RAT that lets attackers spy, steal data, and control devices via Telegram. Zimperium researchers uncovered Fantasy Hub, a Russian-sold Android RAT offered as Malware-as-a-Service, enabling spying, device control, and data theft via Telegram. The malware allows operators to take over infected devices, gathering SMS messages, contacts, call…
-
Ferocious Kitten APT Uses MarkiRAT for Keystroke and Clipboard Surveillance
Ferocious Kitten, a covert cyber-espionage group active since at least 2015, has emerged as a persistent threat to Persian-speaking dissidents and activists within Iran. The group, known for its careful targeting and evolving tactics, deploys its custom implant >>MarkiRAT
-
Ferocious Kitten APT Uses MarkiRAT for Keystroke and Clipboard Surveillance
Ferocious Kitten, a covert cyber-espionage group active since at least 2015, has emerged as a persistent threat to Persian-speaking dissidents and activists within Iran. The group, known for its careful targeting and evolving tactics, deploys its custom implant >>MarkiRAT
-
Android Trojan ‘Fantasy Hub’ Malware Service Turns Telegram Into a Hub for Hackers
Cybersecurity researchers have disclosed details of a new Android remote access trojan (RAT) called Fantasy Hub that’s sold on Russian-speaking Telegram channels under a Malware-as-a-Service (MaaS) model.According to its seller, the malware enables device control and espionage, allowing threat actors to collect SMS messages, contacts, call logs, images, and videos, as well as intercept, reply,…
-
Android Trojan ‘Fantasy Hub’ Malware Service Turns Telegram Into a Hub for Hackers
Cybersecurity researchers have disclosed details of a new Android remote access trojan (RAT) called Fantasy Hub that’s sold on Russian-speaking Telegram channels under a Malware-as-a-Service (MaaS) model.According to its seller, the malware enables device control and espionage, allowing threat actors to collect SMS messages, contacts, call logs, images, and videos, as well as intercept, reply,…
-
Lazarus Group Deploys Weaponized Documents Against Aerospace Defense
Security researchers at ENKI have uncovered a sophisticated espionage campaign targeting aerospace and defense organizations, in which the Lazarus Group is weaponizing a new variant of the Comebacker backdoor to infiltrate high-value targets. The threat actor has been actively conducting phishing operations since at least March 2025, distributing malicious documents disguised as legitimate communications from…
-
Threat Report: xHunt Targets Microsoft Exchange and IIS with Custom Backdoors
The xHunt advanced persistent threat group continues to pose a significant cybersecurity risk through sophisticated attacks targeting Microsoft Exchange and IIS web servers with custom-built backdoors. This highly focused cyber-espionage operation has maintained persistent, multi-year campaigns primarily aimed at organizations in Kuwait, with particular emphasis on the shipping, transportation, and government sectors. First identified in…
-
Iranian Cyber Espionage: Proofpoint Uncovers UNK_SmudgedSerpent
Proofpoint uncovered UNK_SmudgedSerpent, an Iranian-linked espionage campaign that exploits trust and blurs attribution. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/iranian-cyber-espionage-proofpoint-uncovers-unk_smudgedserpent/
-
China APT Infiltrates US Policy Nonprofit in Months-Long Espionage Campaign Using DLL Sideloading
The post China APT Infiltrates US Policy Nonprofit in Months-Long Espionage Campaign Using DLL Sideloading appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/china-apt-infiltrates-us-policy-nonprofit-in-months-long-espionage-campaign-using-dll-sideloading/
-
Security Affairs newsletter Round 549 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. China-linked hackers target U.S. non-profit in long-term espionage campaign A new Italian citizen was targeted with…
-
China-linked hackers target U.S. non-profit in long-term espionage campaign
A China-linked group targeted a U.S. non-profit to gain long-term access, part of wider attacks on U.S. entities tied to policy matters. China-linked hackers breached a U.S. policy-focused nonprofit in April 2025, maintaining weeks of access. They used DLL sideloading via vetysafe.exe, a tactic used by other Chinese APT groups like Space Pirates, Kelp, and…
-
Previously unknown Landfall spyware used in 0-day attacks on Samsung phones
‘Precision espionage campaign’ began months before the flaw was fixed First seen on theregister.com Jump to article: www.theregister.com/2025/11/07/landfall_spyware_samsung_0days/
-
From Log4j to IIS, China’s Hackers Turn Legacy Bugs into Global Espionage Tools
A China-linked threat actor has been attributed to a cyber attack targeting an U.S. non-profit organization with an aim to establish long-term persistence, as part of broader activity aimed at U.S. entities that are linked to or involved in policy issues.The organization, according to a report from Broadcom’s Symantec and Carbon Black teams, is “active…
-
Influence of Chinese Hacker Organizations on U.S. Foreign Policy
Chinese cyber-espionage groups have once again demonstrated their determination and technical prowess in targeting U.S. organizations with ties to international policy-making, highlighting the persistent and evolving threat posed by state-linked cyber actors. Evidence indicates that the attackers sought to establish a stealthy, persistent presence within their target’s network. The initial breach was preceded by a…