Tag: espionage

From Log4j to IIS, China’s Hackers Turn Legacy Bugs into Global Espionage Tools

Nov 7, 2025 6:19 PM

Tags: attack, china, cyber, espionage, government, hacker, threat, tool

A China-linked threat actor has been attributed to a cyber attack targeting an U.S. non-profit organization with an aim to establish long-term persistence, as part of broader activity aimed at U.S. entities that are linked to or involved in policy issues.The organization, according to a report from Broadcom’s Symantec and Carbon Black teams, is “active…
Influence of Chinese Hacker Organizations on U.S. Foreign Policy

Nov 7, 2025 9:19 AM

Tags: breach, china, cyber, espionage, group, hacker, international, threat

Chinese cyber-espionage groups have once again demonstrated their determination and technical prowess in targeting U.S. organizations with ties to international policy-making, highlighting the persistent and evolving threat posed by state-linked cyber actors. Evidence indicates that the attackers sought to establish a stealthy, persistent presence within their target’s network. The initial breach was preceded by a…
Influence of Chinese Hacker Organizations on U.S. Foreign Policy

Nov 7, 2025 9:19 AM

Tags: breach, china, cyber, espionage, group, hacker, international, threat

Chinese cyber-espionage groups have once again demonstrated their determination and technical prowess in targeting U.S. organizations with ties to international policy-making, highlighting the persistent and evolving threat posed by state-linked cyber actors. Evidence indicates that the attackers sought to establish a stealthy, persistent presence within their target’s network. The initial breach was preceded by a…
Threat Actors Exploit VS Code Extensions for Ransomware via GitHub C2

Nov 6, 2025 2:19 PM

Tags: attack, control, cyber, espionage, exploit, github, government, group, infrastructure, malware, north-korea, ransomware, threat

Security researchers have uncovered a sophisticated attack campaign attributed to Kimsuky, the North Korean-backed threat group known for conducting espionage operations against government entities and think tanks. Recent analysis reveals that threat actors are leveraging Visual Studio Code extensions and GitHub as command-and-control infrastructure to deliver multi-stage malware payloads capable of deploying ransomware and conducting…
Threat Actors Exploit VS Code Extensions for Ransomware via GitHub C2

Nov 6, 2025 2:19 PM

Tags: attack, control, cyber, espionage, exploit, github, government, group, infrastructure, malware, north-korea, ransomware, threat

Security researchers have uncovered a sophisticated attack campaign attributed to Kimsuky, the North Korean-backed threat group known for conducting espionage operations against government entities and think tanks. Recent analysis reveals that threat actors are leveraging Visual Studio Code extensions and GitHub as command-and-control infrastructure to deliver multi-stage malware payloads capable of deploying ransomware and conducting…
Russia-linked hackers intensify attacks as global APT activity shifts

Nov 6, 2025 11:19 AM

Tags: apt, attack, cybercrime, espionage, group, hacker, hacking, russia

State-aligned hacking groups have spent the past six months ramping up espionage, sabotage, and cybercrime campaigns across multiple regions, according to ESET’s APT Activity … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/06/global-apt-activity-report-2025/
Russia-linked hackers intensify attacks as global APT activity shifts

Nov 6, 2025 11:19 AM

Tags: apt, attack, cybercrime, espionage, group, hacker, hacking, russia

State-aligned hacking groups have spent the past six months ramping up espionage, sabotage, and cybercrime campaigns across multiple regions, according to ESET’s APT Activity … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/06/global-apt-activity-report-2025/
New Iranian-Linked APT UNK_SmudgedSerpent Uses RMM Tools and M365 Spoofing for Espionage

Nov 6, 2025 5:19 AM

Tags: apt, espionage, iran, tool

The post New Iranian-Linked APT UNK_SmudgedSerpent Uses RMM Tools and M365 Spoofing for Espionage appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/new-iranian-linked-apt-unk_smudgedserpent-uses-rmm-tools-and-m365-spoofing-for-espionage/
New Iranian-Linked APT UNK_SmudgedSerpent Uses RMM Tools and M365 Spoofing for Espionage

Nov 6, 2025 5:19 AM

Tags: apt, espionage, iran, tool

The post New Iranian-Linked APT UNK_SmudgedSerpent Uses RMM Tools and M365 Spoofing for Espionage appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/new-iranian-linked-apt-unk_smudgedserpent-uses-rmm-tools-and-m365-spoofing-for-espionage/
APT60 Targets Japan: New SpyGlace Malware Uses VHDX LNK and GitHub Tasking for Persistent Espionage

Nov 6, 2025 5:19 AM

Tags: apt, espionage, github, malware

The post APT-C-60 Targets Japan: New SpyGlace Malware Uses VHDX LNK and GitHub Tasking for Persistent Espionage appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/apt-c-60-targets-japan-new-spyglace-malware-uses-vhdx-lnk-and-github-tasking-for-persistent-espionage/
Russia-linked ‘Curly COMrades’ turn to malicious virtual machines for digital spy campaigns

Nov 5, 2025 3:19 PM

Tags: cyber, detection, espionage, hacker, malicious, russia, spy

A cyber-espionage operation installed lightweight virtual machines to evade detection, researchers said, in the latest sign of Russia-linked hackers adapting their tactics. First seen on therecord.media Jump to article: therecord.media/virtual-machines-cyber-espionage-russia-linked-curly-comrades
Silent Lynx APT New Attack Targeting Governmental Employees Posing as Officials

Nov 5, 2025 7:19 AM

Tags: apt, attack, cyber, espionage, government, group, phishing, spear-phishing, threat

Seqrite Labs’ APT Team has documented fresh campaigns from Silent Lynx, a sophisticated threat actor group known for orchestrating spear-phishing operations that impersonate government officials to target diplomatic and governmental employees across Central Asia. The group, also tracked under aliases including YoroTrooper, Sturgeon Phisher, and Cavalry Werewolf, continues its espionage-focused activities with minimal operational security…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Cyber-espionage campaign mirroring Sandworm TTPs hit Russian and Belarusian military

Nov 3, 2025 2:19 PM

Tags: cyber, espionage, military, phishing, russia, spear-phishing

A spear-phishing campaign aimed to compromise Russian and Belarusian military personnel by using military-themed documents as a lure has been flagged by Cyble and Seqrite … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/03/russian-belarusian-military-spear-phishing/
Cyble Detects Advanced Backdoor Targeting Defense Systems via Belarus Military Lure

Nov 3, 2025 11:19 AM

Tags: access, backdoor, cyber, defense, espionage, intelligence, malicious, military

Cyble Research and Intelligence Labs (CRIL) have uncovered a cyber-espionage operation that used a weaponized ZIP archive to infiltrate defense-sector systems. The malicious file”, disguised as a Belarusian military document titled “Ð¢Ð›Ð“ Ð½Ð° ÑƒÐ±Ñ‹Ñ‚Ð¸Ðµ Ð½Ð° Ð¿ÐµÑ€ÐµÐ¿Ð¾Ð´Ð³Ð¾Ñ‚Ð¾Ð²ÐºÑƒ.pdf” (“TLG for departure for retraining.pdf”)”, delivered a highly advanced backdoor capable of establishing covert access through SSH and Tor. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/belarus-military-hit-by-ssh-tor-backdoor/
Cyble Detects Advanced Backdoor Targeting Defense Systems via Belarus Military Lure

Nov 3, 2025 11:19 AM

Tags: access, backdoor, cyber, defense, espionage, intelligence, malicious, military

Cyble Research and Intelligence Labs (CRIL) have uncovered a cyber-espionage operation that used a weaponized ZIP archive to infiltrate defense-sector systems. The malicious file”, disguised as a Belarusian military document titled “Ð¢Ð›Ð“ Ð½Ð° ÑƒÐ±Ñ‹Ñ‚Ð¸Ðµ Ð½Ð° Ð¿ÐµÑ€ÐµÐ¿Ð¾Ð´Ð³Ð¾Ñ‚Ð¾Ð²ÐºÑƒ.pdf” (“TLG for departure for retraining.pdf”)”, delivered a highly advanced backdoor capable of establishing covert access through SSH and Tor. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/belarus-military-hit-by-ssh-tor-backdoor/
China-linked hackers exploited Lanscope flaw as a zero-day in attacks

Nov 1, 2025 5:19 PM

Tags: attack, china, cyber, endpoint, espionage, exploit, flaw, hacker, vulnerability, zero-day

China-linked cyber-espionage actors tracked as ‘Bronze Butler’ (Tick) exploited a Motex Lanscope Endpoint Manager vulnerability as a zero-day to deploy an updated version of their Gokcpdoor malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/china-linked-hackers-exploited-lanscope-flaw-as-a-zero-day-in-attacks/
China-linked UNC6384 exploits Windows zero-day to spy on European diplomats

Nov 1, 2025 4:19 PM

Tags: apt, china, cyber, espionage, exploit, google, group, spy, windows, zero-day

A China-linked APT group UNC6384 exploits a Windows zero-day in an active cyber espionage targeting European diplomats. Arctic Wolf Labs researchers uncovered a cyber espionage campaign by China-linked APT UNC6384 targeting diplomatic entities in Hungary, Belgium, and other EU nations. UNC6384 is a China-nexus actor recently detailed by Google TAG, has expanded from targeting Southeast…
China-Linked Tick Group Exploits Lanscope Zero-Day to Hijack Corporate Systems

Oct 31, 2025 3:19 PM

Tags: china, corporate, cve, cyber, endpoint, espionage, exploit, flaw, group, vulnerability, zero-day

The exploitation of a recently disclosed critical security flaw in Motex Lanscope Endpoint Manager has been attributed to a cyber espionage group known as Tick.The vulnerability, tracked as CVE-2025-61932 (CVSS score: 9.3), allows remote attackers to execute arbitrary commands with SYSTEM privileges on on-premise versions of the program. JPCERT/CC, in an alert issued this month,…
Windows LNK UI Spoofing Vulnerability Weaponized for Remote Code Execution

Oct 31, 2025 10:19 AM

Tags: china, cyber, espionage, exploit, google, remote-code-execution, social-engineering, threat, vulnerability, windows

A sophisticated cyber espionage campaign targeting European diplomatic institutions has been uncovered, signaling a strategic escalation by Chinese-affiliated threat actor UNC6384. Central to this campaign is the exploitation of the Windows shortcut (LNK) UI misrepresentation vulnerability”, ZDI-CAN-25373, first disclosed in March 2025″, paired with tailored social engineering schemes mimicking authentic diplomatic conferences. UNC6384, previously documented…
Windows LNK UI Spoofing Vulnerability Weaponized for Remote Code Execution

Oct 31, 2025 10:19 AM

Tags: china, cyber, espionage, exploit, google, remote-code-execution, social-engineering, threat, vulnerability, windows

A sophisticated cyber espionage campaign targeting European diplomatic institutions has been uncovered, signaling a strategic escalation by Chinese-affiliated threat actor UNC6384. Central to this campaign is the exploitation of the Windows shortcut (LNK) UI misrepresentation vulnerability”, ZDI-CAN-25373, first disclosed in March 2025″, paired with tailored social engineering schemes mimicking authentic diplomatic conferences. UNC6384, previously documented…
Diplomatic entities in Belgium and Hungary hacked in China-linked spy campaign

Oct 30, 2025 8:19 PM

Tags: china, cyber, espionage, malware, spy

A cyber-espionage operation attributed to China used the PlugX malware against Belgian and Hungarian diplomatic entities over the last two months, according to a new report. First seen on therecord.media Jump to article: therecord.media/belgium-hungary-diplomatic-entities-hacked-unc6384
Year-Long Nation-State Hack Hits US Telecom Ribbon Communications

Oct 30, 2025 6:19 PM

Tags: attack, breach, communications, espionage, risk, supply-chain

Ribbon Communications discloses a year-long breach by nation-state actors. The attack highlights critical supply chain risk, reflecting the Salt Typhoon and F5 espionage trends. First seen on hackread.com Jump to article: hackread.com/nation-state-hack-us-telecom-ribbon-communications/
Year-Long Nation-State Hack Hits US Telecom Ribbon Communications

Oct 30, 2025 6:19 PM

Tags: attack, breach, communications, espionage, risk, supply-chain

Ribbon Communications discloses a year-long breach by nation-state actors. The attack highlights critical supply chain risk, reflecting the Salt Typhoon and F5 espionage trends. First seen on hackread.com Jump to article: hackread.com/nation-state-hack-us-telecom-ribbon-communications/
Year-Long Nation-State Hack Hits US Telecom Ribbon Communications

Oct 30, 2025 6:19 PM

Tags: attack, breach, communications, espionage, risk, supply-chain

Ribbon Communications discloses a year-long breach by nation-state actors. The attack highlights critical supply chain risk, reflecting the Salt Typhoon and F5 espionage trends. First seen on hackread.com Jump to article: hackread.com/nation-state-hack-us-telecom-ribbon-communications/
Typo hackers sneak cross-platform credential stealer into 10 npm packages

Oct 30, 2025 4:19 PM

Tags: attack, captcha, cloud, corporate, credentials, data, email, espionage, hacker, linux, macOS, malicious, password, router, supply-chain, theft, threat

Payload for IP fingerprinting and credential theft: Once the fake CAPTCHA interaction occurs, the installer sends the victim’s IP address to the attacker’s server, a step that allows tracking, geofencing, and exclusion of unwanted targets.It then downloads the payload from the same host, which is a 24 MB Pyinstaller-packed application that contains hundreds of thousands…
BlueNoroff reemerges with new campaigns for crypto theft and espionage

Oct 29, 2025 1:26 PM

Tags: attack, blockchain, credentials, crypto, espionage, github, group, jobs, lazarus, malware, social-engineering, supply-chain, theft, tool

Fake recruiters with real malware: The GhostHire operation takes a different approach, targeting Web3 developers through fake job offers and recruitment tests. Here BlueNoroff sets up fake developer tasks, often hosted on GitHub or shared via Telegram bots. “Based on historical attack cases of this campaign, we assess with medium confidence that this attack flow…
BlueNoroff APT Launches AI-Enhanced Espionage on macOS, Using GPT-4o Images in Fake GhostCall Meetings

Oct 29, 2025 5:26 AM

Tags: ai, apt, espionage, macOS

The post BlueNoroff APT Launches AI-Enhanced Espionage on macOS, Using GPT-4o Images in Fake GhostCall Meetings appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/bluenoroff-apt-launches-ai-enhanced-espionage-on-macos-using-gpt-4o-images-in-fake-ghostcall-meetings/