Tag: espionage
-
>>Nomad Leopard<< Spotted in the Wild: Cyber Espionage Campaign Targets Afghan Government
The post >>Nomad Leopard<< Spotted in the Wild: Cyber Espionage Campaign Targets Afghan Government appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/nomad-leopard-spotted-in-the-wild-cyber-espionage-campaign-targets-afghan-government/
-
Identity Under Siege: What the Salt Typhoon Campaign Reveals About Trusted Access Risks
A recent disclosure confirms that email accounts belonging to U.S. congressional staff were compromised as part of the Salt Typhoon cyber-espionage campaign, targeting personnel supporting key House committees and exploiting trusted identities rather than software vulnerabilities, according to TechRadar. While no immediate operational disruption was publicly reported, the incident sends a clear message: identity systems…
-
DPRK Hackers Earn $600M Posing as Remote Workers
The landscape of corporate espionage has undergone a fundamental transformation. For decades, security teams focused their efforts on identifying disgruntled employees or negligent contractors the traditional >>insider threat.<< Today, the most dangerous infiltrator is not a rogue staffer but rather a sophisticated operative hired under pretenses, operating as part of an organized, state-sponsored recruitment program.…
-
âš¡ Weekly Recap: AI Automation Exploits, Telecom Espionage, Prompt Poaching & More
This week made one thing clear: small oversights can spiral fast. Tools meant to save time and reduce friction turned into easy entry points once basic safeguards were ignored. Attackers didn’t need novel tricks. They used what was already exposed and moved in without resistance.Scale amplified the damage. A single weak configuration rippled out to…
-
Iran-linked MuddyWater APT deploys Rust-based implant in latest campaign
Rust offers evasion advantages: CloudSEK researchers said RustyWater was developed in Rust, which they said is increasingly used by malware authors for its memory safety features and cross-platform capabilities, according to the blog post. Other state-sponsored groups, including Russia’s Gossamer Bear and China-linked actors, have also deployed Rust-based malware in recent campaigns, according to security…
-
ValleyRAT_S2: Stealth Intrusions Aimed at Financial Data Exfiltration
A sophisticated second-stage malware payload known as ValleyRAT_S2 has emerged as a critical threat to organizations across Chinese-speaking regions, including mainland China, Hong Kong, Taiwan, and Southeast Asia. This Remote Access Trojan (RAT), written in C++, is a modular, highly evasive cyber-espionage tool designed to infiltrate systems, maintain persistent access, and extract sensitive financial and…
-
Salt Typhoon Hackers Hit Congressional Emails in New Breach
Staff Working on China, Intel, Military Oversight Targeted in Espionage Operation. U.S. officials are probing a suspected Chinese cyber campaign tied to Salt Typhoon that breached congressional staff email systems supporting national security committees, exposing sensitive discussions and raising concerns about unclassified federal network defenses. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/salt-typhoon-hackers-hit-congressional-emails-in-new-breach-a-30484
-
China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware
China-linked UAT-7290 has targeted South Asia and Southeastern Europe since 2022, conducting espionage and deploying RushDrop, DriveSwitch, and SilentRaid. China-linked threat actor UAT-7290 has conducted espionage attacks since at least 2022, targeting South Asia and Southeastern Europe. UAT-7290 primarily targets telecom providers, it conducts espionage by deeply embedding in victim networks and also operates Operational…
-
BlueDelta Espionage: Russian Hackers Abuse Free Apps to Target Energy Sector
The post BlueDelta Espionage: Russian Hackers Abuse Free Apps to Target Energy Sector appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/bluedelta-espionage-russian-hackers-abuse-free-apps-to-target-energy-sector/
-
China-Linked UAT-7290 Targets Telecom Networks in South Asia
A long-term cyber-espionage campaign targeting South Asia’s telecom firms has been linked to UAT-7290 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/china-uat-7290-targets-telecoms/
-
China-Linked UAT-7290 Targets Telecoms with Linux Malware and ORB Nodes
A China-nexus threat actor known as UAT-7290 has been attributed to espionage-focused intrusions against entities in South Asia and Southeastern Europe.The activity cluster, which has been active since at least 2022, primarily focuses on extensive technical reconnaissance of target organizations before initiating attacks, ultimately leading to the deployment of malware families such as RushDrop First…
-
ToddyCat Malware Exploits ProxyLogon to Compromise Microsoft Exchange Servers
ToddyCat, a sophisticated cyber-espionage threat group also known as Websiic and Storm-0247, has emerged as a significant risk to organizations across Europe and Asia. The group’s operations, which began in December 2020 by targeting Microsoft Exchange servers in Taiwan and Vietnam, have since evolved into complex, multi-stage campaigns that leverage advanced evasion techniques and specialized…
-
Russia-linked APT UAC-0184 uses Viber to spy on Ukrainian military in 2025
Tags: apt, data, espionage, government, intelligence, malicious, military, monitoring, russia, spy, threat, ukraineRussia-linked APT UAC-0184 targets Ukrainian military and government bodies via Viber, delivering malicious ZIP files for espionage in 2025. Russia-linked threat actor UAC-0184 (aka Hive0156) is targeting Ukrainian military and government entities, using Viber messages to deliver malicious ZIP files as part of ongoing intelligence-gathering operations in 2025. >>Recent monitoring data from the 360 “‹”‹Advanced…
-
Russia-linked APT UAC-0184 uses Viber to spy on Ukrainian military in 2025
Tags: apt, data, espionage, government, intelligence, malicious, military, monitoring, russia, spy, threat, ukraineRussia-linked APT UAC-0184 targets Ukrainian military and government bodies via Viber, delivering malicious ZIP files for espionage in 2025. Russia-linked threat actor UAC-0184 (aka Hive0156) is targeting Ukrainian military and government entities, using Viber messages to deliver malicious ZIP files as part of ongoing intelligence-gathering operations in 2025. >>Recent monitoring data from the 360 “‹”‹Advanced…
-
Russia-linked APT UAC-0184 uses Viber to spy on Ukrainian military in 2025
Tags: apt, data, espionage, government, intelligence, malicious, military, monitoring, russia, spy, threat, ukraineRussia-linked APT UAC-0184 targets Ukrainian military and government bodies via Viber, delivering malicious ZIP files for espionage in 2025. Russia-linked threat actor UAC-0184 (aka Hive0156) is targeting Ukrainian military and government entities, using Viber messages to deliver malicious ZIP files as part of ongoing intelligence-gathering operations in 2025. >>Recent monitoring data from the 360 “‹”‹Advanced…
-
Transparent Tribe Weaponizes >>JLPT<< Tests in New Cyber-Espionage Campaign Against India
The post Transparent Tribe Weaponizes >>JLPT
-
Transparent Tribe Weaponizes >>JLPT<< Tests in New Cyber-Espionage Campaign Against India
The post Transparent Tribe Weaponizes >>JLPT
-
Knownsec Data Breach: A Trove of Espionage Tradecraft with an Insider Narrative
First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/knownsec-data-breach-a-trove-of-espionage-tradecraft-with-an-insider-narrative
-
APT36 Targets Indian Government Systems Using Malicious Windows LNK Files
A sophisticated cyber-espionage operation attributed to APT36, also known as Transparent Tribe, has been identified targeting Indian governmental, academic, and strategic entities through weaponized Windows shortcut files designed to evade detection and establish persistent remote access. The Pakistan-aligned threat actor deployed a deceptive LNK-based infection chain that leverages trusted system binaries and fileless execution techniques…
-
Equifax Europe CISO: Notorious breach spurred cybersecurity transformation
Tags: access, ai, attack, authentication, awareness, breach, business, ceo, cio, ciso, cloud, computer, control, corporate, cyber, cyberattack, cybercrime, cybersecurity, data, defense, dora, espionage, finance, framework, google, government, identity, infrastructure, intelligence, network, nis-2, phishing, regulation, risk, risk-management, security-incident, service, strategy, technology, threat, updateCloud as a new technological axis: Equifax’s $3 billion migration to the cloud, “which had been brewing for about seven years” and which the company says is the largest technological investment in its history, has involved moving more than 300 systems, over 30 product families, and thousands of customers to the company’s cloud platform, Equifax Cloud, in Spain…
-
React2Shell: Anatomy of a max-severity flaw that sent shockwaves through the web
What the research quickly agreed on: Across early reports from Wiz, Palo Alto Networks’ Unit 42, Google AWS, and others, there was a strong alignment on the core mechanics of React2Shell. Researchers independently confirmed that the flaw lives inside React’s server-side rendering pipeline and stems from unsafe deserialization in the protocol used to transmit component…
-
Evasive Panda cyberespionage campaign uses DNS poisoning to install MgBot backdoor
China-linked APT Evasive Panda used DNS poisoning to deliver the MgBot backdoor in targeted cyber-espionage attacks in Türkiye, China, and India. Kaspersky researchers spotted the China-linked APT group Evasive Panda (aka Daggerfly, Bronze Highland, and StormBamboo) running a targeted cyber-espionage campaign using DNS poisoning to deliver the MgBot backdoor against victims in Türkiye, China, and…
-
59,000 Servers Breached: Operation PCPcat Targets React and Next.js at Internet Scale
A large-scale cyber espionage operation known as Operation PCPcat has shaken the modern web infrastructure, compromising more than 59,000 servers in just 48 hours. The campaign targets systems built on React frameworks, including widely deployed Next.js and React Servers, and has already resulted in the theft of hundreds of thousands of credentials. First seen on thecyberexpress.com Jump to…
-
SideWinder APT Launches Cyberattacks on Indian Entities Posing as the Income Tax Department
Zscaler Threat Hunting has identified a sophisticated espionage campaign targeting Indian entities through fraudulent >>Income Tax Department
-
Arcane Werewolf Hacker Group Expands Arsenal with Loki 2.1 Malware Toolkit
The cyber espionage group known as Arcane Werewolf (also tracked as Mythic Likho) has significantly upgraded its offensive capabilities, targeting Russian manufacturing enterprises with a new iteration of its custom malware. According to a report by BI.ZONE Threat Intelligence: campaigns observed in October and November 2025 reveal that the group has transitioned from the Loki…