Tag: espionage
-
Iran-Linked MuddyWater Targets 100+ Organisations in Global Espionage Campaign
The Iranian nation-state group known as MuddyWater has been attributed to a new campaign that has leveraged a compromised email account to distribute a backdoor called Phoenix to various organizations across the Middle East and North Africa (MENA) region, including over 100 government entities.The end goal of the campaign is to infiltrate high-value targets and…
-
‘I am not a robot’: Russian hackers use fake CAPTCHA lures to deploy espionage tools
Tags: access, attack, authentication, awareness, captcha, ceo, communications, control, credentials, cyber, cybersecurity, data, defense, detection, edr, email, endpoint, espionage, exploit, group, hacker, incident response, least-privilege, login, malicious, malware, mfa, monitoring, network, phishing, powershell, russia, strategy, tactics, theft, threat, tool, training, update, vulnerability, vulnerability-management, zero-trustEvolving tactics and strategies: Analysts said ColdRiver, which for years focused on credential theft and email account compromise, is shifting toward multi-stage intrusions that rely on users to execute malicious code.By using ClickFix pages that mimic CAPTCHA verification screens, the group can bypass email security filters and deliver malware directly to victims’ devices, increasing the…
-
Researchers Identify PassiveNeuron APT Using Neursite and NeuralExecutor Malware
Government, financial, and industrial organizations located in Asia, Africa, and Latin America are the target of a new campaign dubbed PassiveNeuron, according to findings from Kaspersky.The cyber espionage activity was first flagged by the Russian cybersecurity vendor in November 2024, when it disclosed a set of attacks aimed at government entities in Latin America and…
-
Researchers Identify PassiveNeuron APT Using Neursite and NeuralExecutor Malware
Government, financial, and industrial organizations located in Asia, Africa, and Latin America are the target of a new campaign dubbed PassiveNeuron, according to findings from Kaspersky.The cyber espionage activity was first flagged by the Russian cybersecurity vendor in November 2024, when it disclosed a set of attacks aimed at government entities in Latin America and…
-
‘PassiveNeuron’ Cyber Spies Target Orgs with Custom Malware
A persistent cyber espionage campaign focused on SQL servers is targeting government, industrial and financial sectors across Asia, Africa, and Latin America. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/-passiveneuron-cyber-spies-target-industrial-financial-orgs
-
Hackers Used Snappybee Malware and Citrix Flaw to Breach European Telecom Network
A European telecommunications organization is said to have been targeted by a threat actor that aligns with a China-nexus cyber espionage group known as Salt Typhoon.The organization, per Darktrace, was targeted in the first week of July 2025, with the attackers exploiting a Citrix NetScaler Gateway appliance to obtain initial access.Salt Typhoon, also known as…
-
Hackers Used Snappybee Malware and Citrix Flaw to Breach European Telecom Network
A European telecommunications organization is said to have been targeted by a threat actor that aligns with a China-nexus cyber espionage group known as Salt Typhoon.The organization, per Darktrace, was targeted in the first week of July 2025, with the attackers exploiting a Citrix NetScaler Gateway appliance to obtain initial access.Salt Typhoon, also known as…
-
Teen Tied to Russian Hackers in Dutch Cyber Espionage Probe
Dutch prosecutors suspect three teens of aiding a foreign power, with one allegedly linked to a Russian-affiliated hacker group First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/teen-russian-hacking-group-ties/
-
North Korean hackers use EtherHiding to hide malware on the blockchain
North Korean hackers were observed employing the ‘EtherHiding’ tactic to deliver malware, steal cryptocurrency, and perform espionage with stealth and resilience. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-hackers-use-etherhiding-to-hide-malware-on-the-blockchain/
-
North Korean hackers use EtherHiding to hide malware on the blockchain
North Korean hackers were observed employing the ‘EtherHiding’ tactic to deliver malware, steal cryptocurrency, and perform espionage with stealth and resilience. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-hackers-use-etherhiding-to-hide-malware-on-the-blockchain/
-
Operation Silk Lure: Weaponizing Windows Scheduled Tasks for ValleyRAT Delivery
A targeted cyber-espionage campaign exploiting Windows Scheduled Tasks and DLL side-loading to deploy the sophisticated ValleyRAT backdoor. The operation pivots on tailored spear-phishing emails, weaponized Windows shortcuts, and a persistent task scheduler mechanism, all delivering a multi-stage malware payload designed to harvest sensitive intelligence from Chinese FinTech and cryptocurrency firms. Adversaries behind Operation Silk Lure…
-
Operation Silk Lure: Weaponizing Windows Scheduled Tasks for ValleyRAT Delivery
A targeted cyber-espionage campaign exploiting Windows Scheduled Tasks and DLL side-loading to deploy the sophisticated ValleyRAT backdoor. The operation pivots on tailored spear-phishing emails, weaponized Windows shortcuts, and a persistent task scheduler mechanism, all delivering a multi-stage malware payload designed to harvest sensitive intelligence from Chinese FinTech and cryptocurrency firms. Adversaries behind Operation Silk Lure…
-
Humanoid robot found vulnerable to Bluetooth hack, data leaks to China
Alias Robotics has published an analysis of the Unitree G1 humanoid robot, concluding that the device can be exploited as a tool for espionage and cyber attacks. A robot that … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/16/unitree-g1-humanoid-robot-vulnerability/
-
Humanoid robot found vulnerable to Bluetooth hack, data leaks to China
Alias Robotics has published an analysis of the Unitree G1 humanoid robot, concluding that the device can be exploited as a tool for espionage and cyber attacks. A robot that … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/16/unitree-g1-humanoid-robot-vulnerability/
-
Chinese Actor Targets Russian IT Provider
Symantec Says It Spotted Likely Supply Chain Hack. Suspected Chinese state-linked hackers reportedly breached a Russian IT service provider in an espionage campaign targeting government-related networks. Symantec uncovered Chinese hackers they named Jewelbug, infiltrating a Russian company between January and May. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/chinese-actor-targets-russian-provider-a-29738
-
‘Mysterious Elephant’ Moves Beyond Recycled Malware
The cyber-espionage group has been using sophisticated custom tools to target government and diplomatic entities in South Asia since early 2025. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/mysterious-elephant-recycled-malware
-
Chinese-Linked Hackers Breach Top Political US Law Firm
Williams & Connolly Hit in Zero-Day Campaign Impacting Client Emails. A zero-day vulnerability was used to breach email accounts at the elite D.C. law firm Williams & Connolly, with officials reportedly suspecting the hack is part of a China-linked campaign targeting the U.S. legal sector to support espionage, steal intelligence and establish long-term access routes.…
-
From HealthKick to GOVERSHELL: The Evolution of UTA0388’s Espionage Malware
A China-aligned threat actor codenamed UTA0388 has been attributed to a series of spear-phishing campaigns targeting North America, Asia, and Europe that are designed to deliver a Go-based implant known as GOVERSHELL.”The initially observed campaigns were tailored to the targets, and the messages purported to be sent by senior researchers and analysts from legitimate-sounding, completely…
-
APT35: Inside the Structure, Toolset, and Espionage Operations of an IRGC-Linked Group
In a groundbreaking disclosure, CloudSEK’s TRIAD unit has unearthed internal operational materials that shed light on Charming Kitten (APT35), revealing an intricate espionage apparatus linked to Iran’s Islamic Revolutionary Guard Corps (IRGC). The leak comprises over 100 Persian-language files marked with Jalali calendar dates and aligned with Tehran time, underscoring its authenticity. At the apex,…
-
APT35: Inside the Structure, Toolset, and Espionage Operations of an IRGC-Linked Group
In a groundbreaking disclosure, CloudSEK’s TRIAD unit has unearthed internal operational materials that shed light on Charming Kitten (APT35), revealing an intricate espionage apparatus linked to Iran’s Islamic Revolutionary Guard Corps (IRGC). The leak comprises over 100 Persian-language files marked with Jalali calendar dates and aligned with Tehran time, underscoring its authenticity. At the apex,…
-
APT35: Inside the Structure, Toolset, and Espionage Operations of an IRGC-Linked Group
In a groundbreaking disclosure, CloudSEK’s TRIAD unit has unearthed internal operational materials that shed light on Charming Kitten (APT35), revealing an intricate espionage apparatus linked to Iran’s Islamic Revolutionary Guard Corps (IRGC). The leak comprises over 100 Persian-language files marked with Jalali calendar dates and aligned with Tehran time, underscoring its authenticity. At the apex,…
-
Mustang Panda Adopts New DLL Side-Loading Method to Deploy Malware
The sophisticated China-linked threat actor Mustang Panda has refined its cyber espionage arsenal with an advanced DLL side-loading technique specifically targeting the Tibetan community, according to recent analysis of a campaign first identified by IBM’s X-Force in June 2025. This politically motivated operation demonstrates how threat actors continuously evolve their obfuscation methods to bypass security controls and…
-
Mustang Panda Adopts New DLL Side-Loading Method to Deploy Malware
The sophisticated China-linked threat actor Mustang Panda has refined its cyber espionage arsenal with an advanced DLL side-loading technique specifically targeting the Tibetan community, according to recent analysis of a campaign first identified by IBM’s X-Force in June 2025. This politically motivated operation demonstrates how threat actors continuously evolve their obfuscation methods to bypass security controls and…
-
SideWinder APT Launches Operation SouthNet, Weaponizing Netlify and Pages.dev for Espionage
The post SideWinder APT Launches Operation SouthNet, Weaponizing Netlify and Pages.dev for Espionage appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/sidewinder-apt-launches-operation-southnet-weaponizing-netlify-and-pages-dev-for-espionage/
-
Reading the ENISA Threat Landscape 2025 report
ENISA Threat Landscape 2025: Rising ransomware, AI phishing, and state-backed espionage mark a converging, persistent EU cyber threat landscape. ENISA Threat Landscape 2025 report provides a comprehensive analysis of the evolving threat landscape in Europe. The report analyzes the events that occurred between July 2024 and June 2025, including nearly 4,900 verified incidents. This year’s…