Tag: espionage
-
China-based espionage group compromised Notepad++ for six months
The Chinese APT group Lotus Blossom intruded the tool’s internal systems to snoop on a limited set of users’ activities, according to researchers. First seen on cyberscoop.com Jump to article: cyberscoop.com/china-espionage-group-lotus-blossom-attacks-notepad/
-
Ex-Google Engineer Convicted of Stealing AI Data for China
Linwei Ding Faces Decades in Prison for Trade Secret Theft, Espionage. A federal jury in San Francisco convicted a former Google software engineer of stealing thousands of pages of confidential AI data and transferring it to Chinese technology companies. Linwei Ding is guilty of seven counts of economic espionage and seven counts of trade secret…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 82
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter KONNI Adopts AI to Generate PowerShell Backdoors Who Operates the Badbox 2.0 Botnet? Weaponized in China, Deployed in India: The SyncFuture Espionage Targeted Campaign Android Trojan Campaign Uses Hugging Face Hosting for RAT Payload…
-
Ex-Google Engineer Convicted for Stealing AI Secrets for China Startup
A former Google engineer accused of stealing thousands of the company’s confidential documents to build a startup in China has been convicted in the U.S., the Department of Justice (DoJ) announced Thursday.Linwei Ding (aka Leon Ding), 38, was convicted by a federal jury on seven counts of economic espionage and seven counts of theft of…
-
Former Google Engineer Convicted of Stealing AI Secrets for China
A 38-year-old also known as Leon Ding, was convicted on seven counts of economic espionage and seven counts of theft of trade secrets following an 11-day trial. First seen on hackread.com Jump to article: hackread.com/google-engineer-convict-steal-ai-secrets-china/
-
TAMECAT PowerShell Backdoor Targets Edge and Chrome: Login Credentials At Risk
Tags: backdoor, browser, chrome, credentials, cyber, defense, espionage, government, hacking, iran, login, microsoft, powershell, riskTAMECAT is a sophisticated PowerShell-based backdoor linked to APT42, an Iranian state-sponsored hacking group. It steals login credentials from Microsoft Edge and Chrome browsers while evading detection. Security researchers from Israel’s National Digital Agency detailed its modular design in recent SpearSpecter campaign analysis.”‹ APT42 deploys TAMECAT in long-term espionage operations against senior defense and government…
-
Ex-Google engineer found guilty of stealing AI secrets
A federal jury in California convicted former Google software engineer Linwei Ding, also known as Leon Ding, on seven counts of economic espionage and seven counts of theft of … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/30/ex-google-engineer-espionage/
-
Ex-Google Engineer Convicted for Stealing 2,000 AI Trade Secrets for China Startup
A former Google engineer accused of stealing thousands of the company’s confidential documents to build a startup in China has been convicted in the U.S., the Department of Justice (DoJ) announced Thursday.Linwei Ding (aka Leon Ding), 38, was convicted by a federal jury on seven counts of economic espionage and seven counts of theft of…
-
Long-running North Korea threat group splits into 3 distinct operations
The trio, which share lineage with the more broadly defined Lazarus Group, are focused on espionage and cryptocurrency theft, according to CrowdStrike. First seen on cyberscoop.com Jump to article: cyberscoop.com/north-korea-labyrinth-chollima-splits-crowdstrike/
-
Mustang Panda Deploys Updated COOLCLIENT Backdoor in Government Cyber Attacks
Threat actors with ties to China have been observed using an updated version of a backdoor called COOLCLIENT in cyber espionage attacks in 2025 to facilitate comprehensive data theft from infected endpoints.The activity has been attributed to Mustang Panda (aka Earth Preta, Fireant, HoneyMyte, Polaris, and Twill Typhoon) with the intrusions primarily directed against government…
-
Chinese Mustang Panda hackers deploy infostealers via CoolClient backdoor
The Chinese espionage threat group Mustang Panda has updated its CoolClient backdoor to a new variant that can steal login data from browsers and monitor the clipboard. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-mustang-panda-hackers-deploy-infostealers-via-coolclient-backdoor/
-
Hijacking the Hackers: Researchers Sinkhole >>KazakRAT<< Espionage Campaign
The post Hijacking the Hackers: Researchers Sinkhole >>KazakRAT<< Espionage Campaign appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/hijacking-the-hackers-researchers-sinkhole-kazakrat-espionage-campaign/
-
Hijacking the Hackers: Researchers Sinkhole >>KazakRAT<< Espionage Campaign
The post Hijacking the Hackers: Researchers Sinkhole >>KazakRAT<< Espionage Campaign appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/hijacking-the-hackers-researchers-sinkhole-kazakrat-espionage-campaign/
-
Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware
Cybersecurity researchers have discovered an ongoing campaign that’s targeting Indian users with a multi-stage backdoor as part of a suspected cyber espionage campaign.The activity, per the eSentire Threat Response Unit (TRU), involves using phishing emails impersonating the Income Tax Department of India to trick victims into downloading a malicious archive, ultimately granting the threat First…
-
SyncFuture Campaign Abuses Enterprise Security Tools to Deploy Malware
A sophisticated, multi-stage espionage campaign targeting Indian residents through phishing emails impersonating the Income Tax Department. The attack chain, tracked as the >>SyncFuture Espionage Campaign,<< weaponizes legitimate enterprise security software as its final payload, demonstrating how threat actors repurpose trusted commercial tools to establish persistent, undetectable access to victim systems."‹ The campaign begins with targeted…
-
SyncFuture Campaign Abuses Enterprise Security Tools to Deploy Malware
A sophisticated, multi-stage espionage campaign targeting Indian residents through phishing emails impersonating the Income Tax Department. The attack chain, tracked as the >>SyncFuture Espionage Campaign,<< weaponizes legitimate enterprise security software as its final payload, demonstrating how threat actors repurpose trusted commercial tools to establish persistent, undetectable access to victim systems."‹ The campaign begins with targeted…
-
>>Nomad Leopard<< Spotted in the Wild: Cyber Espionage Campaign Targets Afghan Government
The post >>Nomad Leopard<< Spotted in the Wild: Cyber Espionage Campaign Targets Afghan Government appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/nomad-leopard-spotted-in-the-wild-cyber-espionage-campaign-targets-afghan-government/
-
Identity Under Siege: What the Salt Typhoon Campaign Reveals About Trusted Access Risks
A recent disclosure confirms that email accounts belonging to U.S. congressional staff were compromised as part of the Salt Typhoon cyber-espionage campaign, targeting personnel supporting key House committees and exploiting trusted identities rather than software vulnerabilities, according to TechRadar. While no immediate operational disruption was publicly reported, the incident sends a clear message: identity systems…
-
DPRK Hackers Earn $600M Posing as Remote Workers
The landscape of corporate espionage has undergone a fundamental transformation. For decades, security teams focused their efforts on identifying disgruntled employees or negligent contractors the traditional >>insider threat.<< Today, the most dangerous infiltrator is not a rogue staffer but rather a sophisticated operative hired under pretenses, operating as part of an organized, state-sponsored recruitment program.…
-
âš¡ Weekly Recap: AI Automation Exploits, Telecom Espionage, Prompt Poaching & More
This week made one thing clear: small oversights can spiral fast. Tools meant to save time and reduce friction turned into easy entry points once basic safeguards were ignored. Attackers didn’t need novel tricks. They used what was already exposed and moved in without resistance.Scale amplified the damage. A single weak configuration rippled out to…
-
Iran-linked MuddyWater APT deploys Rust-based implant in latest campaign
Rust offers evasion advantages: CloudSEK researchers said RustyWater was developed in Rust, which they said is increasingly used by malware authors for its memory safety features and cross-platform capabilities, according to the blog post. Other state-sponsored groups, including Russia’s Gossamer Bear and China-linked actors, have also deployed Rust-based malware in recent campaigns, according to security…
-
ValleyRAT_S2: Stealth Intrusions Aimed at Financial Data Exfiltration
A sophisticated second-stage malware payload known as ValleyRAT_S2 has emerged as a critical threat to organizations across Chinese-speaking regions, including mainland China, Hong Kong, Taiwan, and Southeast Asia. This Remote Access Trojan (RAT), written in C++, is a modular, highly evasive cyber-espionage tool designed to infiltrate systems, maintain persistent access, and extract sensitive financial and…
-
Salt Typhoon Hackers Hit Congressional Emails in New Breach
Staff Working on China, Intel, Military Oversight Targeted in Espionage Operation. U.S. officials are probing a suspected Chinese cyber campaign tied to Salt Typhoon that breached congressional staff email systems supporting national security committees, exposing sensitive discussions and raising concerns about unclassified federal network defenses. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/salt-typhoon-hackers-hit-congressional-emails-in-new-breach-a-30484
-
China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware
China-linked UAT-7290 has targeted South Asia and Southeastern Europe since 2022, conducting espionage and deploying RushDrop, DriveSwitch, and SilentRaid. China-linked threat actor UAT-7290 has conducted espionage attacks since at least 2022, targeting South Asia and Southeastern Europe. UAT-7290 primarily targets telecom providers, it conducts espionage by deeply embedding in victim networks and also operates Operational…
-
BlueDelta Espionage: Russian Hackers Abuse Free Apps to Target Energy Sector
The post BlueDelta Espionage: Russian Hackers Abuse Free Apps to Target Energy Sector appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/bluedelta-espionage-russian-hackers-abuse-free-apps-to-target-energy-sector/
-
China-Linked UAT-7290 Targets Telecom Networks in South Asia
A long-term cyber-espionage campaign targeting South Asia’s telecom firms has been linked to UAT-7290 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/china-uat-7290-targets-telecoms/