Collecting Cyber-News from over 60 sources

Tag: espionage

NCSC Warns UK Organisations to Prepare for Potential Iran-Linked Cyber Activity

Mar 4, 2026 5:46 AM

Tags: advisory, attack, awareness, breach, business, china, cyber, cybercrime, data, data-breach, espionage, exploit, finance, government, group, incident response, infrastructure, international, Internet, iran, leak, malware, middle-east, military, monitoring, phishing, resilience, risk, russia, service, supply-chain, tactics, threat, tool, update, vulnerability, vulnerability-management

Geopolitical conflict rarely stays confined to physical battlefields. Increasingly, it spills into the digital domain. The latest escalation of tensions in the Middle East has prompted the UK’s National Cyber Security Centre (NCSC) to issue a warning to organisations to review their cyber security posture and prepare for possible cyber activity linked to Iran. While…
The BurrowShell Threat: Inside ‘Sloppy Lemming’s’ Stealthy Cyber Espionage Campaign in South Asia

Mar 4, 2026 1:48 AM

Tags: cyber, espionage, threat

The post The BurrowShell Threat: Inside ‘Sloppy Lemming’s’ Stealthy Cyber Espionage Campaign in South Asia appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/the-burrowshell-threat-inside-sloppy-lemmings-stealthy-cyber-espionage-campaign-in-south-asia/
Coruna: Spy-grade iOS exploit kit powering financial crime

Mar 3, 2026 8:46 PM

Tags: crime, espionage, exploit, finance, spy, threat

A powerful iOS exploit kit has circulated among multiple threat actors over the past year, moving from a commercial surveillance operation to state-linked espionage campaigns … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/03/coruna-ios-exploit-kit/
Israel: RedAlert Spyware Campaign Exploits Wartime Panic With Trojanized App

Mar 3, 2026 5:47 PM

Tags: espionage, exploit, iran, spyware

Espionage campaign exploits Israel-Iran conflict, distributing a trojanized Red Alert app via SMS First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/redalert-israel-spyware-campaign/
SloppyLemming Espionage Campaign Targets Pakistan, Bangladesh with BurrowShell Backdoor and Rust RAT

Mar 3, 2026 3:47 PM

Tags: access, backdoor, cyber, data-breach, espionage, group, india, rat, rust, tool

SloppyLemming, an India-linked espionage group also known as Outrider Tiger and Fishing Elephant, has run a year-long cyber campaign against high”‘value targets in Pakistan and Bangladesh using a new BurrowShell backdoor and a Rust-based remote access tool (RAT). This activity builds directly on earlier operations exposed by Cloudflare’s CloudForce One in 2024. However, it shows…
Operation Epic Fury: Potential Iranian Cyber Counteroffensive Operations

Mar 3, 2026 9:47 AM

Tags: access, attack, botnet, credentials, cyber, data, ddos, defense, espionage, exploit, government, group, infrastructure, intelligence, Internet, iran, leak, malware, military, monitoring, ransomware, service, social-engineering, technology, theft, threat, tool, update, vulnerability

Following the joint military operation known as Operation Epic Fury, the Tenable Research Special Operations (RSO) team is providing an update regarding potential cyber counteroffensive operations conducted by Iran-linked threat actors. Key takeaways: Following Operation Epic Fury, Iran-linked threat actors are expected to launch counteroffensive operations against critical infrastructure and opportunistic targets. Several Iranian-linked threat…
Alleged India-linked espionage campaign targeted Pakistan, Bangladesh, Sri Lanka

Mar 2, 2026 5:47 PM

Tags: cybersecurity, espionage, government, india, infrastructure

An espionage campaign last year targeted government agencies and critical infrastructure operators in Pakistan, Bangladesh and Sri Lanka, the cybersecurity firm Arctic Wolf said. First seen on therecord.media Jump to article: therecord.media/india-pakistan-cyber-campaign-apt
5 Nations Alert: Critical Cisco Bug Used in Global Espionage Campaign

Feb 27, 2026 7:37 PM

Tags: cisco, espionage, exploit, flaw, hacker

Hackers exploited a critical Cisco SD-WAN flaw, prompting a rare joint warning from the US, UK, Australia, Canada, and New Zealand. The post 5 Nations Alert: Critical Cisco Bug Used in Global Espionage Campaign appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-cisco-sdwan-flaw-five-eyes-joint-warning/
Google Disrupts ‘Prolific’ and ‘Elusive’ China-Linked Global Hacking Campaign

Feb 26, 2026 2:40 PM

Tags: backdoor, china, cyber, espionage, google, hacking

UNC2814 hit 53 victims in 42 countries with novel backdoor in decade long cyber espionage operation First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/google-prolific-china-hacking/
China-linked hackers used Google Sheets to spy on telecoms and governments across 42 countries

Feb 26, 2026 1:44 PM

Tags: access, api, apt, china, cloud, communications, cyber, cyberespionage, data, defense, endpoint, espionage, google, government, group, hacker, infrastructure, intelligence, linux, mandiant, monitoring, network, phone, radius, service, spy, theft, threat, vpn

How Mandiant found it: The campaign came to light during a Mandiant Threat Defense investigation, when analysts flagged unusual activity on a CentOS server. A binary named xapt, designed to masquerade as the apt package manager on Debian-based Linux systems, had already escalated to root and was running shell commands to confirm its access level,…
Hydra Saiga Espionage Campaign Targets Critical Utilities Using Telegram C2 for Data Theft

Feb 26, 2026 11:36 AM

Tags: control, cyber, data, espionage, government, infrastructure, theft

Hydra Saiga is running a long-running espionage campaign that abuses Telegram as command-and-control (C2) to infiltrate critical utilities in Central Asia and exfiltrate sensitive data from government and infrastructure networks. The first known Hydra Saiga activity dates to December 2024, when an executable named “Letter from the Permanent Representative of Turkmenistan to the UN addressed…
Google GTIG disrupted China-linked APT UNC2814 halting attacks on 53 orgs in 42 countries

Feb 26, 2026 11:36 AM

Tags: apt, attack, china, cyber, espionage, google, government, group, infrastructure

Google and partners disrupted UNC2814, a suspected China-linked group that hacked 53 organizations across 42 countries. Google, with industry partners, disrupted the infrastructure of UNC2814, a suspected China-linked cyber espionage group that breached at least 53 organizations in 42 countries. The group has been active since at least 2017, and was spotted targeting governments and…
Google Disrupts Chinese Hacker Network Behind 53 Telecom, Gov’t Breaches

Feb 26, 2026 7:37 AM

Tags: breach, china, cyber, espionage, google, government, group, hacker, infrastructure, intelligence, mandiant, network, threat

Google and its partners have disrupted a major Chinese state-linked cyber espionage campaign that breached at least 53 telecommunications and government entities across 42 countries on four continents. The operation, led by Google Threat Intelligence Group (GTIG) alongside Mandiant and industry partners, dismantled the infrastructure of a suspected People’s Republic of China (PRC) nexus group…
Google catches Beijing spies using Sheets to spread espionage across 4 continents

Feb 25, 2026 10:37 PM

Tags: espionage, google, government

UNC2814 historically targets governments and telcos First seen on theregister.com Jump to article: www.theregister.com/2026/02/25/google_and_friends_disrupt_unc2814/
Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries

Feb 25, 2026 8:37 PM

Tags: breach, china, cyber, espionage, google, government, group, infrastructure, international, usa

Google on Wednesday disclosed that it worked with industry partners to disrupt the infrastructure of a suspected China-nexus cyber espionage group tracked as UNC2814 that breached at least 53 organizations across 42 countries.”This prolific, elusive actor has a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas,” First…
Chinese cyberspies breached dozens of telecom firms, govt agencies

Feb 25, 2026 6:36 PM

Tags: api, attack, china, espionage, google, government, group, intelligence, malicious, mandiant, saas, threat

Google’s Threat Intelligence Group (GTIG), Mandiant, and partners disrupted a global espionage campaign attributed to a suspected Chinese threat actor that used SaaS API calls to hide malicious traffic in attacks targeting telecom and government networks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-cyberspies-breached-dozens-of-telecom-firms-govt-agencies/
Chinese prosecutors raise alarm about growth of domestic IP theft

Feb 25, 2026 4:37 PM

Tags: china, espionage, leak, technology, theft

China’s top prosecutorial agency said authorities have handled hundreds of domestic cases involving commercial espionage and technology leaks since 2021. First seen on therecord.media Jump to article: therecord.media/china-domestic-ip-theft-crackdown
Operation Olalampo: MuddyWater Unleashes AI-Assisted Rust Malware and Telegram C2 in MENA Espionage Surge

Feb 24, 2026 5:00 AM

Tags: ai, espionage, malware, rust

The post Operation Olalampo: MuddyWater Unleashes AI-Assisted Rust Malware and Telegram C2 in MENA Espionage Surge appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/operation-olalampo-muddywater-unleashes-ai-assisted-rust-malware-and-telegram-c2-in-mena-espionage-surge/
13 ways attackers use generative AI to exploit your systems

Feb 23, 2026 9:01 AM

Tags: access, ai, attack, authentication, awareness, breach, captcha, ceo, chatgpt, ciso, cloud, credentials, crypto, cyber, cyberattack, cybercrime, cybersecurity, dark-web, data, deep-fake, defense, detection, email, espionage, exploit, extortion, finance, flaw, framework, fraud, google, government, group, hacker, identity, infrastructure, intelligence, law, LLM, login, malicious, malware, marketplace, network, open-source, password, phishing, privacy, ransomware, resilience, risk, saas, scam, service, social-engineering, startup, supply-chain, tactics, technology, theft, threat, tool, vulnerability, zero-day

Facilitating malware development: AI can also be used to generate more sophisticated, or less labour-intensive, malware.For example, cybercriminals are using gen AI to create malicious HTML documents. The XWorm attack, initiated by HTML smuggling, which contains malicious code that downloads and runs the malware, bears the hallmarks of development via AI.”The loader’s detailed line-by-line description…
13 ways attackers use generative AI to exploit your systems

Feb 23, 2026 9:01 AM

Tags: access, ai, attack, authentication, awareness, breach, captcha, ceo, chatgpt, ciso, cloud, credentials, crypto, cyber, cyberattack, cybercrime, cybersecurity, dark-web, data, deep-fake, defense, detection, email, espionage, exploit, extortion, finance, flaw, framework, fraud, google, government, group, hacker, identity, infrastructure, intelligence, law, LLM, login, malicious, malware, marketplace, network, open-source, password, phishing, privacy, ransomware, resilience, risk, saas, scam, service, social-engineering, startup, supply-chain, tactics, technology, theft, threat, tool, vulnerability, zero-day

Facilitating malware development: AI can also be used to generate more sophisticated, or less labour-intensive, malware.For example, cybercriminals are using gen AI to create malicious HTML documents. The XWorm attack, initiated by HTML smuggling, which contains malicious code that downloads and runs the malware, bears the hallmarks of development via AI.”The loader’s detailed line-by-line description…
FBI: Threats from Salt Typhoon are ‘still very much ongoing’

Feb 20, 2026 4:01 PM

Tags: china, cyber, espionage, group, infrastructure, intelligence, threat, usa

A top FBI cyber official said Salt Typhoon, the Chinese cyber espionage group behind the widespread compromise of U.S. telecommunications infrastructure in 2024, continues to pose a broad threat to both America’s private and public sectors. Michael Machtinger, deputy assistant director for cyber intelligence at the FBI, touted improved partnerships between the telecommunications industry and…
CISA gives federal agencies three days to patch actively exploited Dell bug

Feb 20, 2026 2:01 PM

Tags: cisa, credentials, espionage, exploit, flaw, update

Hardcoded credential flaw in RecoverPoint already abused in espionage campaign First seen on theregister.com Jump to article: www.theregister.com/2026/02/20/cisa_dell_vulnerability/
FBI: Threats from Salt Typhoon are ‘still very much ongoing’

Feb 19, 2026 9:01 PM

Tags: china, cyber, espionage, group, infrastructure, intelligence, threat, usa

A top FBI cyber official said Salt Typhoon, the Chinese cyber espionage group behind the widespread compromise of U.S. telecommunications infrastructure in 2024, continues to pose a broad threat to both America’s private and public sectors. Michael Machtinger, deputy assistant director for cyber intelligence at the FBI, touted improved partnerships between the telecommunications industry and…
Notepad++ author says fixes make update mechanism ‘effectively unexploitable’

Feb 19, 2026 1:01 AM

Tags: access, attack, backdoor, china, control, credentials, dns, espionage, exploit, group, infrastructure, intelligence, malicious, monitoring, network, risk, risk-management, service, software, supply-chain, threat, ukraine, update, vulnerability

CSOonline, Ho said that no system can ever be declared absolutely unbreakable, “but the new design dramatically raises the bar.”An attacker must now compromise both the hosting infrastructure and the signing keys, he explained, adding that the updater now validates both the manifest and the installer, each with independent cryptographic signatures. And any mismatch, missing…
The defense industrial base is a prime target for cyber disruption

Feb 18, 2026 7:58 AM

Tags: cyber, defense, espionage, threat

Cyber threats against the defense industrial base (DIB) are intensifying, with adversaries shifting from traditional espionage toward operations designed to disrupt production … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/18/luke-mcnamara-google-dib-defense-industrial-base-cybersecurity/
Hackers target supporters of Iran protests in new espionage campaign

Feb 17, 2026 3:58 PM

Tags: espionage, hacker, iran

The campaign began in early January, shortly after mass nationwide demonstrations erupted across Iran calling for an end to the Islamic Republic system. First seen on therecord.media Jump to article: therecord.media/hackers-target-iran-protest-supporters-cyber-campaign
Lotus Blossom Hackers Breach Official Notepad++ Hosting Infrastructure

Feb 16, 2026 6:58 AM

Tags: breach, cyber, endpoint, espionage, group, hacker, infrastructure, threat, tool, update

Between June and December 2025, a state-sponsored threat group known as Lotus Blossom quietly hijacked the official hosting infrastructure used to deliver Notepad++ updates, turning a trusted developer tool into a precision espionage delivery channel. By compromising the shared hosting provider that previously served the Notepad++ update endpoint, the attackers gained the ability to intercept…
Nation-State Hackers Put Defense Industrial Base Under Siege

Feb 13, 2026 6:58 PM

Tags: china, defense, espionage, group, hacker, russia, zero-day

Espionage groups from China, Russia and other nations burned at least two dozen zero-days in edge devices in attempts to infiltrate defense contractors’ networks. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/nation-state-hackers-defense-industrial-base-under-siege
Google Warns of ‘Relentless’ Cyber Siege on Defense Industry

Feb 11, 2026 12:13 AM

Tags: attack, cyber, defense, espionage, google, group, hacker, intelligence, supply-chain, threat

Nation State Hackers Escalating Attacks on US Defense Industrial Base, Report Says. A new report from Google Threat Intelligence Group warns that state-backed hackers are escalating attacks on the defense industrial base, shifting from classic espionage to supply-chain compromise, workforce infiltration and battlefield-adjacent cyber operations. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/google-warns-relentless-cyber-siege-on-defense-industry-a-30729
Singapore telcos breached in China-linked cyber espionage campaign

Feb 10, 2026 5:16 PM

Tags: china, country, cyber, espionage

Singapore’s four major telecommunications companies were hit by a coordinated cyber espionage campaign last year, the country’s Cyber Security Agency (CSA) has revealed. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/10/singapore-telecommunications-unc3886-cyber-espionage/